The Crypto Wars Are Global
The blog post by Joseph Cox was published by Motherboard on March 4, 2016
American politicians, media, and the public may be focused on the ongoing battle between Apple and the FBI over encryption in the iPhone, but the so-called Crypto Wars are far from just a national issue.
The proliferation of encryption—and law enforcement’s efforts to defeat it—is a wordwide phenomenon, and one that might have much more urgent consequences outside of Europe and the US.
On top of that, some governments’ reactions to the increased use of cryptography have been more kinetic and drastic.
This was starkly demonstrated with the arrest of a senior Facebook executive in Brazil on Tuesday, seemingly carried out because WhatsApp was unable to fulfill a court order to intercept messages on the service. That case was likely an exceptional one, but it was symptomatic of growing frustration amongst governments and law enforcement around the world.
Plenty of countries already seemingly target devices to circumvent encryption
So as foreign authorities clamp down on crypto in their own way, how will this affect users?
“Outside the US, the consequences for users, the risks, the threats that they face; the reasons they use crypto, are going to be much more pronounced,” Amie Stepanovich, US Policy Manager at Access Now, a digital rights group told Motherboard in a phone call.
For some users, Stepanovich said, “encryption really is a matter of life or death.” She pointed to LGBQT communities in the Middle East or North Africa, where their sexual preference might be illegal.
Various countries have taken wildly different approaches to tackling crypto. Late last year, the Kazakhstan government announced a plan to force all internet users to download a digital certificate that would allow the authorities to snoop on encrypted traffic. And in 2014, the Russian government called for researchers to find a way to crack the Tor anonymity network. Both of those plans have seemingly failed to materialise in any concrete results, but the intention was certainly there.
Others have looked at attacking devices of individuals, something that the FBI is also keen to develop.
“The future might be in the hacking of the device, hacking the end-point,” said Richard Tynan, a technologist at activist group Privacy International.
Indeed, plenty of countries already seemingly target devices to circumvent encryption. Italian surveillance company Hacking Team had at least 70 customers from all over the world, according to hacked internal documents.
The legislative approach has also been fairly popular. In December, China passed a law requiring technology firms to assist in the decryption of information.
This legal route parallels the current battle between Apple and the FBI, where the agency has asked the company to write code that would override the iPhone’s security features. Some feel that if the FBI is successfully in making the technology giant write malicious code, then a precedent will be set for other countries to follow.
“I think that if the US government is successful in ordering Apple to write code, we're going to see other countries also try to push Apple in the same direction,” Stepanovich said. (In its recent amicus brief in the Apple case, Intel wrote that if the FBI is successful in its demands, other countries, particularly those with less protective privacy laws, might see an invitation to require companies to undermine the security of their products.)
J. Carlos Lara, research and policy director from Derechos Digitales in Chile, said “There are many reasons to be following the debate, even if it does not appear to be directly about us, or about our country, because it might become one of the issues in our country at any point in the future.”
Carolina Botero, director of Fundación Karisma, a Colombian civil society organization, told Motherboard that she could imagine a situation similar there to that ongoing in the US if Apple does lose this fight.
“Colombia has a real need to fight against terrorists; there is a real national security issue here,” she said.
Others remained sceptical, saying that some countries may follow their own path, as they've already been doing.
“U.S. commentators greatly over-estimate the positive impact of U.S. self-imposed restrictions in national security matters on how foreign countries will act,” Pranesh Prakash, policy director at the Centre for Internet and Society in India, told Motherboard in an email.
Although it’s not a case strictly dealing with the same issues as Apple and the FBI, Prakash pointed to when the Indian government pressured BlackBerry to install a server in the country, so messages could be more easily intercepted.
“Though the U.S. government does not put restrictions on the encryption that may be deployed by telecom networks and ISPs, the Indian government does. And we aren't even talking about an 'authoritarian' government here, but the world's largest democracy,” he wrote.
The encryption debate is clearly not one limited to only the US, or even Europe. Rather, the spread of cryptography, and how governments respond to that, is likely an immediately more important issue elsewhere in the world.
“The global threat is much more serious,” than in the US, Stepanovich said.