With over 43 years in commercial cryptography, Bill Caelli is as close to infosec royalty as the Australian IT business has. Caelli took attendees of his session at AusCERT 2016 for a walk through almost five decades of cryptography in government, industry and the military. Caelli was recognised at AusCERT 2016 with an award for Individual Excellence in Information Security.
Caelli says the crypto wars started back in 1967 when David Kahn released his book “The Code Breakers” that was published despite the opposition of the NSA. “I call this the first crypto skirmish,” says Caelli.
The timeline to today and beyond
By the 1970s, Caelli was “dragged” into cryptography when the first call for ciphers was made in the US. Eventually, as encryption became more widely used, the NSA sought to have the international use of strong encryption designated as a weapon that should not be exported - something that was quashed by the US courts in 1999.
Through the 1980s to 2000, the wars escalated, says Caelli. PGP, SSLeay and other tools emerged, further escalated the cryptowars. Caelli noted that anyone in possession of a Clipper chip - at the hub of the key escrow debate - is now in possession of a valuable piece of computer history.
By the mid-1990s, the export of dual-use and military equipment, became governed under the Wassenaar Agreement that Australia became party to. And Caelli’s company, ERACOM, was building their own hardware encryption boards right on the Gold Coast at the time.
Today, we are focussing on description capability for defence and metadata retention is also a significant issue, says Caelli. And there are many different parties, from “nerds” to “wonks” to “defence”, with an interest in cryptography. Hobbyist hackers can build site sophisticated systems using cheap hardware like the Raspberry Pi and the Arduino, he says.
We now operate in a world where there is widespread international competence in the use of algorithms, implementation and use of cryptography and it can be done on cheap, commodity computing devices.
Who are the actors?
Looking at the world, Caelli says the issue is far broader than Apple vs the FBI. Vendors, users, attackers, defenders and teachers and researchers all have an interest in encryption.
Governments in the US and UK are recognising that there is a need for governments to communicate and work with technology cranes. But there is significant tension as there is a need to manage the balance between personal safety and personal privacy. And opposing sides of politics see crypto as either a tool to protect dissidents and citizens that are oppressed, or as a tool used by terrorists and other criminals.
China recently passed laws compelling technology companies to assist law enforcement to unencrypted data.
Where are we now?
Caelli says the key issue is a clash of cultures and objectives. Technologists, policy makers and defence organisations aren’t approaching the challenges from a common point of view or objectives.
In the post 9-11 world, the balance between these tensions changed. And this needs to be addressed.