Sometimes I like to just take dives into things that interest me. I was contemplating today the evolution of cryptography. Primarily because I am working on some ideas surrounding the early work of Alan Turing. In WWII, Allied codebreakers, under the direction of Turing, built the electromechanical bombe to help crack Germany’s Enigma traffic, a state run, ultra secret enterprise that set the tone for treating strong cryptography as a military asset. There was a general concern and fear that encrypted communication might be used in the future, considering the impact Allied codebreaking had on the outcome of the war.
In 1976 Whitfield Diffie and Martin Hellman published the first open description of public key cryptography, showing how two people could establish secrets without a pre shared key. This might be one of the single most impactful papers in our modern age, considering how important digital security has become for us. A year later, Rivest, Shamir, and Adleman introduced RSA, enabling both encryption and digital signatures. Without these concepts, we may not have seen the explosion of ecommerce and other transactions on the Internet, which would not happen for many years in the future.
However, perhaps one of the unsung heroes of our modern age is Phil Zimmermann. In 1991 he released PGP, Pretty Good Privacy, a free tool that used a hybrid design: fast symmetric encryption for the message and public key crypto to protect the one time session key, plus a decentralized “web of trust” to verify identities. That design made strong privacy practical for ordinary users. People could now easily share encrypted messages without expensive or difficult to use software. Additionally, the method of using a one time session key made the communication efficient enough for the lower bandwidth environment of the early 1990s.
Because the U.S. legally treated strong crypto as a weapon of war, PGP’s global spread triggered a multiyear federal investigation of Zimmermann. His response was as clever as it was symbolic: he published the full PGP source code in a printed book from MIT Press, asserting that code is protected speech. I consider this one of the bravest, most impactful exercises of free speech that any one individual has ever undertaken. I would put this up next to the Declaration of Independence in terms of impact. Of course, I say that as a total computer science nerd, but seriously, look at our society today. Where would we be if secure communication were not free?
Zimmermann is in his seventies now, and what a world he has seen explode since the controversy he raised in the early 1990s. After three years, the Justice Department dropped its case against him in January 1996 without filing charges. A PhD student, Daniel Bernstein, would file a series of lawsuits, claiming that the U.S. Government was violating his First Amendment rights by trying to apply export laws on encryption to his desire to publish papers on this topic. These cases ultimately established that publishing encryption source code is protected speech, and the U.S. began relaxing its stance on encryption. I think there is a strong correlation here. Amazon did not start making money until after this had happened. The dot com boom was most likely a direct result of SSL, Secure Sockets Layer, which allowed transactions on the Internet to be secure and encrypted.
It is hard to believe that the U.S. Government actually proposed a project called “Clipper Chip,” in which it would hold secure keys in escrow, just in case they were needed. Luckily, individuals like Zimmermann and Bernstein fought hard to prevent this type of mentality from prevailing. Once the legal cloud lifted, strong crypto became the default: browsers moved to HTTPS and modern apps adopted end to end encryption. Today the majority of web traffic is encrypted, a direct legacy of all these technical and policy battles.
Turing’s wartime codebreaking showed the power of cryptography in the hands of the state. Diffie and Hellman, and later Rivest, Shamir, and Adleman, showed how to do it publicly. Zimmermann, through his PGP software and his boldness, made it personal and easily accessible. These pioneering efforts catalyzed a social and legal shift, so that strong encryption could be used by anyone, not just governments.
And here we are.
