foundation for information policy research
> Home
> About
> Policy Work
> Achievements
> Friends of FIPR
> Events
> Contact FIPR

The Crypto Wars Are Over!

RELEASE TIME: 00.01, 25 May 2005

The "crypto wars" are finally over - and we've won!

On 25th May 2005, Part I of the Electronic Communications Act 2000 will be torn out of the statute book and shredded, finally removing the risk of the UK Government taking powers to regulate companies selling encryption services.

The crypto wars started in the 1970s when the US government started treating cryptographic algorithms and software as munitions and interfering with university research in cryptography. In the early 1990s, the Clinton administration tried to get industry to adopt the Clipper chip - an encryption chip for which the government had a back-door key. When this failed, they tried to introduce key escrow - a policy that all encryption systems should leave a spare key with a `trusted third party' that would hand the key over to the FBI on demand. They tried to crack down on encryption products that did not contain key escrow. When software developer Phil Zimmermann developed PGP, a free mass-market encryption product for emails and files, the US government even started to prosecute him, because someone had exported his software from the USA without government permission.

In its dying days, John Major's Conservative Government proposed draconian controls in the UK too. Any provider of encryption services would have to be licensed and encryption keys would have to be placed in escrow just in case the Government wanted to read your email. New Labour opposed crypto controls in opposition, which got them a lot of support from the IT and civil liberties communities. They changed their minds, though, after they came to power in May 1997 and the US government lobbied them.

However, encryption was rapidly becoming an important technology for commercial use of the Internet - and the new industry was deeply opposed to any bureaucracy which prevented them from innovating and imposed unnecessary costs. So was the banking industry, which worried about threats to payment systems from corrupt officials. In 1998, the Foundation for Information Policy Research was established by cryptographers, lawyers, academics and civil liberty groups, with industry support, and helped campaign for digital freedoms.

In the autumn of 1999, Tony Blair finally conceded that controls would be counterproductive. But the intelligence agencies remained nervous about his decision, and in the May 2000 Electronic Communications Act the Home Office left in a vestigial power to create a registration regime for encryption services. That power was subject to a five year "sunset clause", whose clock finally runs out on 25th May 2005.

Ross Anderson, chair of the Foundation of Information Policy Research (FIPR) and a key campaigner against government control of encryption commented, "We told government at the time that there was no real conflict between privacy and security. On the encryption issue, time has proved us right. The same applies to many other issues too - so long as lawmakers take the trouble to understand a technology before they regulate it."

Phil Zimmermann, a FIPR Advisory Council member and the man whose role in developing PGP was crucial to winning the crypto wars in the USA commented, "It's nice to see the last remnant of the crypto wars in Great Britain finally laid to rest, and I feel good about our win. Now we must focus on the other erosions of privacy in the post-9/11 world."

Notes to Editors:

  1. The Foundation for Information Policy Research is an independent body that studies the interaction between information technology and society. Its goal is to identify technical developments with significant social impact, commission and undertaken research into public policy alternatives, and promote public understanding and dialogue between technologists and policy-makers in the UK and Europe.
  2. The late Professor Roger Needham, who was a founder and trustee of FIPR, as well as being Pro-Vice-Chancellor of Cambridge University, a lifelong Labour party member and, for the last five years of his life, Managing Director of Microsoft Research Europe, once said: `Our enemy is not the government of the day - our enemy is ignorance. If ignorance and government happen to be co-located, then we'd better do something about it.'
  3. The Electronic Communications Act 2000 received Royal Assent on the 25th May 2000. Part I provides for the Secretary of State to create a Register of Cryptography Support Services. s16(4) reads: "If no order for bringing Part I of this Act into force has been made under subsection (2) by the end of the period of five years beginning with the day on which this Act is passed, that Part shall, by virtue of this subsection, be repealed at the end of that period."
  4. The crypto wars ended in the USA when Al Gore, the most outspoken advocate of key escrow, was found by the US Supreme Court to have lost the presidential election of 2000.
  5. The last battle in the crypto wars to be fought on UK soil was in the House of Lords over the Export Control Act 2002. In this bill, Tony Blair's government took powers to license the export of intangibles such as software, where previously the law had only enabled them to criminalise the unlicensed export of physical goods such as guns. This caused resistance from the IT industry, and also raised the prospect that scientific communications would become subject to licensing. FIPR organised a coalition of Conservative, Liberal and crossbench peers to insert a research exemption (section 8) into the Act, and an Open General Export License was created for developers of crypto software.
  6. Phil Zimmermann is arriving in London on the 25th May to take part in PGP Corporation activities until Thursday. Journalists wishing to interview him can send email to prz at mit dot edu, or make contact via the St Martin's Lane Hotel, tel 44 207 3005500, fax 44 207 3005501
Valid XHTML 1.0
Problems viewing this site?