Posted By: Jaren Martineau
Most of us who use smart phones and the internet have heard a thing or two about cryptography. Fewer, however, have any kind of understanding about how it works and how it impacts national security or the freedom of speech that is protected by the First Amendment. In order to understand these impacts, it is necessary to have some background understanding about cryptography, its history, and the First Amendment of the United States Constitution.
What is Cryptography?
Cryptography has been defined in its simplest terms as “secret writing.” It is the study and process of making a message difficult for an eavesdropper or unauthorized recipient to read. Generally speaking, the process of hiding a message so that it cannot be read is called “encryption,” while the process of making this same message readable again is called “decryption.” This technology is used routinely and is indispensible in securing everyday technology such as internet communications, various computer technologies, and smart phone use.
Although today we typically think of cryptography in terms of the encryptions and decryptions involved with the internet, it is actually a technology that has been in use for many centuries prior to the invention of computers. It has been in use and development, in fact, almost since the beginnings of written language.
Early techniques, although not technically considered cryptography, involved the substitution of letters, codes, or the transposition of words or letters. For example, if one wanted to scramble the message: “look up,” one could simply agree to shift the letters of the alphabet by one letter to the right and then to substitute those letters in the message. This message hidden in this way would read as “mppl vq.” To an unknowing person, this message would likely be unreadable, but to a recipient who is aware of the letter substitution scheme, it would be possible to descramble or decrypt the message in order to understand its true meaning.
Cryptography in Military Conflicts
It has been said that “the pen is mightier than the sword.” This ancient proverb expresses the idea that the written word is often more powerful than military might. History has shown, however, that the pen has been used not only as a substitute for the sword, but often as a means to enhance it. Communication, and more importantly, secret communication, is and has been incredibly important to the success of military operations. Successful military operations typically involve communication. These operations often involve communicating secret time sensitive information between separate groups. It has often been the case that these communications have been exposed to a great risk of interception by opposing forces. Encryption is necessary in order to prevent the opposing forces from gaining access to this secret information and using it against the sender and the intended recipient. Because of this, not only has it been important to keep the actual message safe, but the specific encryption method itself needs to be kept secret in order to prevent the enemy from being able to decrypt other potentially intercepted communications. If your enemy does not understand the means used to encrypt a message, it will be much more difficult for it to be decrypted.
One such use of encryption technology for military purposes in the ancient world was the scytale. A scytale, used by ancient Spartans, was a stick or rod that had a specific diameter. A long strip of leather would be wrapped around the scytale and then a message was written upon it. Once the message had been written, the leather was then unwrapped and transported to the recipient of the message. Without the strip of leather being wrapped around a stick with the appropriate diameter, the letters would not be arranged in the order that was necessary to align the letters into a cognizable message. For example, the message wrapped around the scytale in the image below would read, “mary had a little lamb.”
By DMGualtieri (Own work) [CC BY-SA 3.0 (https://creativecommons.org/licenses/by-sa/3.0)%5D, via Wikimedia Commons
During World War II, cryptography played a significant role in the conflict between Nazi Germany and Allied Forces. The Nazis developed an encryption machine called the Enigma. This machine allowed the Nazis to encrypt their military communications throughout much of the war. Allied Forces were able to break the complex encryption of the Enigma machine through cryptography experts and the capture of a small number of the machines and code books. The ability of the Allied Forces to decrypt the messages of the Nazi forces played an important role in the military victory.
Technology has significantly evolved since that time and encryption methodologies are much more advanced and complex than ever before. This has largely been fueled by the processing power of modern computers and the mass communications that have been enabled by the internet. Equally important has been the shift in the primary uses of encryption technology. In prior centuries the use of encryption was largely for government or national security purposes. Today, although national security certainly does require the utilization of encryption, those purposes are now dwarfed by the everyday millions of private commercial transactions that need to be secured during online commerce.
Cryptography and Terrorism
Modern terrorist organizations have also been drawn to the use of cryptography technologies. This obviously poses problems for countries who are involved in detecting and thwarting terrorist activities within their borders. In the distant past, it often required the development of new methods of encryption in order to keep communications safe. Today, however, it is often easier for terrorists to use existing open source encryption software or apps rather than to develop their own technologies. These existing free or open source methods of encryption can be extremely difficult to break. For example, a commonly used encrypted messaging app was used to encrypt over one hundred messages that were exchanged between Islamic State sympathizers on the morning of the 2015 Garland, Texas shooting. None of those messages were able to be decrypted by the FBI.
Because of the importance of cryptography to national security interests, many countries have attempted to limit or to control the use of encryption technologies. Following World War II and the importance of cryptography in that conflict, the United States and other allied countries put limits on the exportation of encryption technologies. As encryption technology has advanced and become more commonplace with the rise of the internet, these restrictions have run into various First Amendment challenges within the United States. In order to understand these challenges, it is necessary to know a little about both the First Amendment, and about United States regulatory policy on encryption technologies.
The First Amendment
In part, the First Amendment states that “[c]ongress shall make no law…abridging the freedom of speech…”
Based in part upon the restrictions on the press in England prior to the American Revolution, one of the most widely accepted purposes behind the adoption of the First Amendment was to prohibit the government from effectuating prior restraints upon speech. A “prior restraint” is a requirement of gaining some sort of government permission or license before a citizen may speak or publish. A prior restraint is therefore a sort of government filter that speech must pass through before it can be approved. William Blackstone described the negative effects of prior restraints in this way: “[t]o subject the press to the restrictive power of a licenser, as was formerly done, both before and since the revolution, is to subject all freedom of sentiment to the prejudices of one man, and make him the arbitrary and infallible judge of all controverted points in learning, religion, and government.” Since the early days of the United States, prior restraints upon speech have been strongly disfavored.
US Encryption Export Laws
The United States has had laws regulating the exportation of certain kinds of encryption technology for many years. The law in this area has changed over the years, but one of the key components of these laws has been the requirement to register or to apply with the government for a license prior to publishing on the internet or exporting certain kinds of encryption technologies. An underlying policy theory behind this kind of a restriction is that it keeps new encryption technologies, which are assumed to be more likely to be developed within the United States or one of its allies, from being exported to foreign nations or organizations that may be hostile to the interests of the United States.
As previously discussed, the encryption of communications has had some real effects upon military operations historically. Additionally, it is well known that modern terrorist groups have been using encryption technologies to hide their communications from governments and law enforcement. It makes sense, then, why governments, including the United States government, would want to control access and use of encryption technology. But there are some problems with this idea, some of these are legal and others are practical.
One of the most significant legal hurdles to United States’ restrictions upon the exportation of encryption technology comes from the First Amendment. As previously mentioned, the First Amendment prohibits prior restraints upon speech. Chief Justice Warren Burger once noted, “prior restraints on speech and publication are the most serious and least tolerable infringement on First Amendment rights.” A government requirement to obtain a license or to register with the government prior to publishing encryption software would certainly qualify as a prior restraint. But the second question that must be asked is if software or its source code is considered to be speech?
According to recent court rulings, the answer to this question appears to be yes. In Daniel J Bernstein v United States Department of State, the Ninth Circuit said, “we conclude that encryption software, in its source code form and as employed by those in the field of cryptography, must be viewed as expressive for First Amendment purposes, and thus is entitled to the protections of the prior restraint doctrine.” This unequivocally says that software source code is expression that is entitled to First Amendment protections, including the prohibitions on prior restraints by governments.
Of course as with many legal rules, there are some exceptions. One such exception that has previously been identified by the Supreme Court is national security. In the case of New York Times Co. v United States, the Court decided against an injunction against the publication of government secrets by the New York Times. Although the Court decided that the New York Times should not be prevented from publishing the secrets due to First Amendment protections, it did leave open the possibility that such an injunction could be upheld in the future if there were sufficient reasons to overcome the heavy burden necessary for a prior restraint to be upheld.
There are also practical reasons for why encryption technologies should not be restricted from exportation. One reason is the enormous increase in commerce that occurs, even internationally, by means of the internet. Global trade involving online commerce is estimated to reach over 4.8 trillion US Dollars by the year 2021. The worldwide economy is now heavily dependent upon online commerce. This online commerce must necessarily be secured and that security most often comes in the form of encryption. Encryption technology is a crucial part of internet commerce and is increasingly important to the international economy.
Another practical reason for not prohibiting the export of cryptography technologies is that these technologies have already become publicly available and in widespread use across the globe. In essence, the “cat is already out of the bag.” The underlying concepts behind modern cryptography are already available to terrorists. Restricting this technology that is already known is counterproductive. When these existing encryption technologies are already being used and are already powerful enough to protect information, laws preventing the exportation of these technologies only inhibits commerce without offering any national security protections.
On the other hand, new technologies have a tendency to be disruptive and powerful forces. It is likely that new methods of cryptography will likely continue to be developed, including technologies that may aid in breaking encryption. If we do not have laws in place that restrict the exportation of cutting edge advances in cryptography, this could be a significant security flaw that could have harmful results. Historically, conflicts have often hinged on technological superiority. With this kind of a potential effect upon national security, maybe having sensible restrictions is a justifiable use of a prior restraint. Regardless of how one stands on this issue, it is clear that conflicts between national security and the First Amendment will likely continue in multiple contexts well into the future.