Cryptowars Redux

With over 43 years in commercial cryptography, Bill Caelli is as close to infosec royalty as the Australian IT business has. Caelli took attendees of his session at AusCERT 2016 for a walk through almost five decades of cryptography in government, industry and the military. Caelli was recognised at AusCERT 2016 with an award for Individual Excellence in Information Security.

Caelli says the crypto wars started back in 1967 when David Kahn released his book “The Code Breakers” that was published despite the opposition of the NSA. “I call this the first crypto skirmish,” says Caelli.
The timeline to today and beyond
By the 1970s, Caelli was “dragged” into cryptography when the first call for ciphers was made in the US. Eventually, as encryption became more widely used, the NSA sought to have the international use of strong encryption designated as a weapon that should not be exported - something that was quashed by the US courts in 1999.
Through the 1980s to 2000, the wars escalated, says Caelli. PGP, SSLeay and other tools emerged, further escalated the cryptowars. Caelli noted that anyone in possession of a Clipper chip - at the hub of the key escrow debate - is now in possession of a valuable piece of computer history.
By the mid-1990s, the export of dual-use and military equipment, became governed under the Wassenaar Agreement that Australia became party to. And Caelli’s company, ERACOM, was building their own hardware encryption boards right on the Gold Coast at the time.
Today, we are focussing on description capability for defence and metadata retention is also a significant issue, says Caelli. And there are many different parties, from “nerds” to “wonks” to “defence”, with an interest in cryptography. Hobbyist hackers can build site sophisticated systems using cheap hardware like the Raspberry Pi and the Arduino, he says.
We now operate in a world where there is widespread international competence in the use of algorithms, implementation and use of cryptography and it can be done on cheap, commodity computing devices.
Who are the actors?
Looking at the world, Caelli says the issue is far broader than Apple vs the FBI. Vendors, users, attackers, defenders and teachers and researchers all have an interest in encryption.
Governments in the US and UK are recognising that there is a need for governments to communicate and work with technology cranes. But there is significant tension as there is a need to manage the balance between personal safety and personal privacy. And opposing sides of politics see crypto as either a tool to protect dissidents and citizens that are oppressed, or as a tool used by terrorists and other criminals.
China recently passed laws compelling technology companies to assist law enforcement to unencrypted data.
Where are we now?
Caelli says the key issue is a clash of cultures and objectives. Technologists, policy makers and defence organisations aren’t approaching the challenges from a common point of view or objectives.
In the post 9-11 world, the balance between these tensions changed. And this needs to be addressed.

Join the CSO newsletter!

Error: Please check your email address.

Tags code breakersinfosecAusCERT2016nsaBill CaelliPGP EncryptionSSLeaycryptographyAusCERT conference

More about AppleBillClipperFBINSAPGPRaspberry Pi

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place