20 Years Later, Mass Crypto Pioneers Vindicated By Google And Apple

With Apple and Google both announcing default encryption for phones, we’ve hit a landmark pivot point. It used to be that encryption was a novelty for geeks. Now, big players are starting to take responsibility for the privacy of the less knowledgeable.

At the dawn of mass Internet breakthrough, privacy activists had already written the tools necessary for mass encryption. They were dreaming of – and advocating – a world where encrypting your communications and your data would be the default, for authorities to at least have to spend considerable work reading our private data and correspondence.

Instead, they were charged with violating weapons export laws. Phil Zimmermann, who wrote PGP in 1991 (the still-going standard for encrypting email), was actually charged for making it too easy for the world to not be wiretapped. He won against those charges, and against any future restrictions, by very clever civil liberties footwork – publishing the sources to the encryption in book form, and letting freedom of print overrule the weapons export regulations.

Thus, strong encryption was given to the masses, and with it, the ability to have privacy. (Some countries were even worse than the United States at this time. France, for example, outlawed using encryption at all if you were a private citizen.)

The entire text of “Why I Wrote PGP” by Phil Zimmermann is worth reading. You can see that this is clearly not a piece of software for commercial gain, but one seen as a pivotal tool for preserving the balance of the individual against the government. Consider that it was written in 1991!

It’s personal. It’s private. And it’s no one’s business but yours. […] Perhaps you think your email is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don’t you always send your paper mail on postcards? Why not submit to drug testing on demand? Why require a warrant for police searches of your house? Are you trying to hide something? If you hide your mail inside envelopes, does that mean you must be a subversive or a drug dealer, or maybe a paranoid nut? Do law-abiding citizens have any need to encrypt their email? […] The government has a track record that does not inspire confidence that they will never abuse our civil liberties. […] Therefore, using PGP is good for preserving democracy.

But alas, there was encryption for the masses, but there would be no mass crypto movement. People’s correspondence would not be encrypted by default. PGP was simply much too cumbersome to use when sending a mail, compared to just firing it off. And still is, unfortunately, as illustrated by XKCD:

There would be no “default encrypted”. Convenience just won out.

However, last year, privacy became a selling point. Or rather, it had always been a selling point to some rather weak degree, but last year it became a major selling point. And last week, Apple joined the pro-privacy camp, immediately followed by an announcement from Google: iPhones will be default-encrypted in the future. So will Android phones. Nothing to turn on, nothing to learn.

This represents a landmark shift: for the first time in history, the producers of technology commodities are taking actual responsibility for the privacy of security-illiterate users, rather than just dismissing encryption as “novelty tech for the geeks”.

Some in law enforcement are furious. No wonder. Law hasn’t kept up with technology: Today, a phone is the most private thing an individual owns – far more private than, say, a diary was. The diary has extensive legal protection. A phone has had none at all. Police have been able to rummage through it at will, even without a search warrant. Law enforcement has mistaken their ability to violate privacy on a massive scale for a right to do so. There is no such thing.

After all, the police do not have the keys to your house, even if they have a search warrant. There is no reason they should have any keys to your phone, either. Or to your other correspondence and data. That’s the difference between a police state and a constitutional state – in the latter, the police don’t get everything they point at, and for good reason.

Privacy remains your own responsibility. But it’s very encouraging to see that others are now willing to assist a little.