SAN FRANCISCO - In the age of mass digital surveillance, how private should your data and communications be? That question is at the heart of a cryptography panel that kicked off the Enigma Conference here yesterday (Jan 27)

Four cryptography experts discussed the origins of the first "crypto wars" in the 1990s, the current state of crypto wars between governments and technology companies - two weeks ago, the US Attorney General accused Apple of not unlocking the iPhone of a terrorism suspect - and what is at stake now for consumers, businesses and governments and discussed what is at stake now for consumers, businesses, and governments

"It is a fundamental human right for two people to speak confidentially wherever they are It is sacred," said John Karas, a senior technologist with the American Civil Liberties Union (ACLU) who experienced a battle between the US government and high-tech companies over the use of encryption to protect digital communications in the 1990s

It may be a human right, but most countries do not enshrine secret conversations in their own legal codes, and what began as a renewed fight against government surveillance in the wake of documents leaked by Edward Snowden in 2013 has now turned into a larger battle over who encrypts communications and data It has evolved into a larger struggle over who encrypts communications and data

In the wake of Snowden, end-to-end encrypted messaging has become much more accessible, and Apple and Google have introduced encrypted data storage on devices by default However, access to these services may soon change depending on what country you are in and whose digital services you use

The centerpiece of the crypto wars of the 1990s was the clipper chip, a hardware chip designed to protect phone users' calls from surveillance unless the government wanted to eavesdrop It was a "back door" that was to be built into all cell phones

But in 1994, cryptographer Matt Blais, one of the panelists at yesterday's Enigma conference, exposed a security vulnerability in the Clipper chip Over the next three years, experts discovered additional vulnerabilities in the Clipper chip and fought in court to prevent its inclusion in devices

Because the commercial Internet was in its infancy at the time, Blais says, legal and computer security experts had no choice but to believe that the World Wide Web would eventually become important 1997, when a report on key recovery risks that Blais co-authored was When the report on the risks of key recovery, co-authored by Blais, was published in 1997, most US federal agencies stopped fighting cryptographers

"The FBI became the only organization that claimed computer security was too good to be true," Blaze says

Today, it is not the law of the land in any country for the government to access encrypted communications through forced backdoors However, laws mandating various degrees of government access to encrypted communications are becoming more common, said panelist Liana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Law School Center for Internet and Society Liana Pfefferkorn said

Following the panel discussion, Pfefferkorn said that there is a growing trend, particularly in the United States and India, to link serious liability issues in both criminal and civil law with discussions of encryption [In the US, child pornography In India, it's the threat of mob violence These seem like two separate issues, but it's a way of encouraging regulation of encryption without regulating encryption"

"They're trying to induce providers not to implement end-to-end encryption so they don't face ruinous lawsuits," she added

"It feels like entrapment

Daniel Weitzner, founding director of the Internet Policy Research Initiative at the Massachusetts Institute of Technology, told the panel that India's proposed amendments to the Intermediary Liability Act would allow Internet communications providers ("intermediaries ) would be held legally liable for the actions and speech of their users

He said that India's proposal is similar to changes requested by US senators, such as the EARN IT Act of 2019, introduced by Senators Lindsey Graham (R-South Carolina) and Richard Blumenthal (R-Connecticut) Weitzner added that there are other countries that have enacted even stricter engineer liability laws

In 2016, the United Kingdom passed the Investigatory Powers Act, also known as the Snoopers' Charter This allows the UK government to issue statutorily ambiguous technical capability notices that can mandate encryption backdoors or force companies not to use end-to-end encryption The UK government is not required to reveal the results of its assessment process for issuing this notice

Australia's Assistance and Access Bill of 2018 is similar, except that it specifically prohibits the introduction of systemic vulnerabilities in the product in question What is not clear is another question raised by the legal mandate What is the difference between a technical vulnerability and a legally mandated software backdoor?

Since the 1990s, as the technology itself has become more complex and subtle, so has the weight of responsibility faced by its advocates Proposals to change encryption should be tested "many times" both strategically and technically, argued the Carnegie Encryption Working Group in September 2019

Also, Susan Landau and Dennis McDonough wrote in a column for The Hill that it is important for the tech community to be aware of the more controversial data in transit, embodied by end-to-end encrypted messaging apps, rather than data stored on a locked iPhone He said it would be wiser for the tech community to find common ground with the government over data at rest, such as data stored on locked iPhones, rather than the more contentious data in transit, embodied by end-to-end encrypted messaging apps

Ultimately, the future of consumer use of encryption will likely depend largely on the developers and companies that make it available

Products could be split up and offer different levels of encryption for different countries and regions, as Netscape did in the 1990s, Pfefferkorn said Alternatively, countries or regions that require weaker encryption or backdoor access could refuse to offer encrypted products

"Or they could be broken by anyone," Pfefferkorn says