The Cryptography Dilemma

In 2013, former US government contractor Edward Snowden initiated a series of leaked classified material, much of which related to surveillance programs being run by certain Western governments. Among this material was information about how these programs attempted to subvert cryptography to protect data. The leaked material was widely reported and triggered a public debate on the appropriateness of such programs, as well as on the ethics of Snowden’s actions. The consequences of these events have been significant, with some technologies making greater use of cryptography and some governments seeking to amend laws relating to the control of cryptography.

It was clear from the ensuing public response to the Snowden leaks that wider political views regarding controlling the use of cryptography are diverse and conflicting. As we’ll shortly discuss, there are arguments both for and against controlling the use of cryptography, and opinions range from passionate extremes on either side to viewpoints seeking an elusive middle ground.

It’s extremely important to recognize that the post-Snowden discussion about controlling the use of cryptography is nothing new. Indeed, this issue has existed ever since cryptography started to become more widely used, particularly since the evolution of computers. It became a public debate (albeit restricted mainly to a limited population of experts) when cryptography began to be used in commercial environments in the late 20th century. At that time, the discussion became sufficiently intense to earn the moniker the Crypto Wars. We will adopt a slightly less provocative term to capture the conflicts of interest presented by cryptography and refer to this issue as the cryptography dilemma.

The case for controlling the use of cryptography

Everyone recognizes that cryptography is extremely useful for supporting security in digital environments. However, from the perspective of a body attempting to oversee people using digital technology (we’ll refer to such a body as a government), this may only be accepted when the ‘right’ people are using cryptography for the ‘right’ reasons. The cryptography dilemma arises because anyone can use cryptography for any purpose. This means that the ‘wrong’ people can use cryptography to protect information relating to activities a government has an interest in.

A government might wish to access information that has been encrypted for various reasons, including:

• Fighting crime: Cryptography can be used to support criminal activities. It can be used to hide the communications of those who are undertaking criminal activities and can be used to protect the information potentially relating to criminal activities stored on a suspect’s device.

• National security: Cryptography can be used to protect the communications and data of anyone undertaking activities that a government believes to be potentially threatening the security of a nation-state.

It’s undoubtedly true that cryptography presents a challenge to any government attempting to deal with either of these issues. If a government regards this as a problem of such magnitude that it requires addressing, then there seems little option other than for this government to attempt somehow to control how cryptography is used.

The case against controlling the use of cryptography

Attempts to control the use of cryptography have raised many concerns among cryptography users. These include:

• Abuse of rights: Because cryptography is a technology with many legitimate uses, some people argue that everyone has a right to use it in a free way. Control of cryptography is thus regarded as interfering with a fundamental right.

• Undermining security: Most attempts to control the use of cryptography have consequences for the security that cryptography is intended to provide. Many control mechanisms designed to undermine the security offered by cryptography, even if restricted to special circumstances, are also mechanisms that could (at least in theory) be exploited by those with more malicious intent.

• Futility: Strong cryptographic mechanisms are already in the public domain. Since cryptographic algorithms are just combinations of mathematical rules, no attempt to control cryptography can completely prevent anyone from building and using their cryptographic tools. Any attempts to control the use of cryptography thus can frustrate ‘legitimate’ users while failing to prevent ‘illegitimate’ users from deploying uncontrolled cryptography.

• Trust in governments: Facilitating some control over the use of cryptography might be palatable in circumstances in which a government is fully trusted. However, such trust is, of course, subjective. Furthermore, a government that can fully control the use of cryptography can potentially engage in uncontrolled mass surveillance of its subjects (and indeed potentially any non-subjects who interact with individuals or organizations within this government’s jurisdiction). In an extreme case, such control could facilitate a totalitarian state.

• Economic impact: Overly zealous control of the use of cryptography might have negative economic impacts. For example, customers worldwide might stop trusting technologies and services originating from a country that applies strong control over cryptography.

Seeking a balance

The case both for and against the control of cryptography involves highly passionate arguments, and it’s easy to see how some people could hold passionate views on either side. Many others will acknowledge both cases and seek some sort of balance between them. Indeed, cryptographic technology is sometimes labeled as a dual use good, which recognizes it’s a technology with the potential to be beneficial or harmful, depending on the perspective taken on a particular cryptographic application.

There have been various attempts to seek a middle ground of some sort in an attempt to address the cryptography dilemma. Some of these attempts failed outright, while others were only appropriate for specific historical times and became ineffective as technology and its use evolved.

What should be clear is that any attempt to moderate between the two viewpoints on control of the use of cryptography will always be flawed in certain aspects. It won’t work completely, will have some negative security implications, and certainly won’t please everyone. This is true of compromises on many political matters, which is why we have termed it a ‘dilemma.’

Strategies for controlling the use of cryptography

We now set aside the arguments and consider what strategies a government could follow once it has decided to attempt to control the use of cryptography. In many ways, these are similar to the strategies our standard ‘adversary’ might follow when attempting to ‘break’ cryptography. However, there are two potentially significant differences:

1. A government is a formidable adversary with substantial resources. These resources include money, computing power, legislative power, and expertise.

2. A government attempting to control the use of cryptography isn’t necessarily ‘bad.’ Hence, we might concede certain capabilities that we wouldn’t tolerate for a normal adversary.

As we discussed, there are two general strategies for ‘breaking’ cryptography. So at the highest level, these also represent strategies for trying to control the use of cryptography:

• Seek plaintext: If a means of obtaining unencrypted plaintext can be found, then the encrypted form is no longer a concern. Another option is to seek unencrypted metadata relating to encrypted data, which may yield useful information regarding the protected plaintext, such as source and destination, connections, the timing of communications, etc. This latter process is sometimes referred to as traffic analysis and has long been a productive method for those engaged in cryptanalysis.

• Seek decryption keys: The other high-level strategy is to attempt to acquire decryption keys. Once decryption keys have been obtained, all ciphertext encrypted using them can be decrypted.

In line with the design process of a cryptosystem, there are also various aspects of a cryptosystem that could be targeted when attempting to control the use of cryptography:

• Cryptographic algorithm: A cryptographic algorithm itself could form the basis for a control mechanism. One potential strategy is to encourage the use of algorithms with weaknesses.

• Implementation: The process of implementing cryptography presents many opportunities for introducing control mechanisms, such as secretly redirecting plaintext copies before they are encrypted.

• Key management: The management of cryptographic keys is one of the most challenging aspects of the cryptographic process to secure. There are many ways in which key management could be targeted to control the use of cryptography. One example of this is to arrange for copies of decryption keys to be stored by a government.