The NSA's Efforts to Ban Cryptographic Research in the 1970s

New article on the NSA's efforts to control academic cryptographic research in the 1970s. It includes new interviews with public-key cryptography inventor Martin Hellman and then NSA-director Bobby Inman.

Posted on November 17, 2014 at 9:19 PM • 6 Comments


paulNovember 18, 2014 9:10 AM

I think Inman is being a mite disingenuous on the "lack of demand" meme. All through the 80s and the early 90s, when the foundations of the current internet were being laid, the NSA (through the state and commerce departments) was fighting a huge effort against anything that might lead to the transition of strong crypto from research and narrow application to widespread use. Unless the NSA was completely unaware of network effects, it had to be pretty certain that requiring every computer and software company to maintain separate crypto and non-crypto versions of software and hardware (for US use and for export) would make the crypto versions of US-developed systems significantly more expensive.

Which led, of course, to the rapid growth of crypto R&D operations outside the US.

I am fascinated by Hellman's retrospective view of his own actions. Even at the time, at least in interviews, he seemed remarkably evenhanded and cautious, especially compared to some of the more vociferous pro-crypto researchers.

65535November 18, 2014 11:49 AM

‘…NSA documents and Hellman’s recollection both suggest that Inman first tried to get a law drafted to restrict cryptographic research, along the lines of the Atomic Energy Act. For political reasons, the NSA history says, Inman’s proposed bill was “dead on arrival. - Stanford Magazine

Those were more rational days. Until Phil Zimmermann will legally harassed for years.

Now, all the NSA has to do is give Congress “the least untruthful statement” and NSA gets anything it wants while certain senators roll over like a lap dog.

Andrew_KNovember 19, 2014 2:16 AM

Those were more rational days.
-- 65535

That was one of my first toughts, too.

Also the article shows how important state-independent financing of security projects has become. And that expecially projects rejected for state financing are worth a second look.
We should start crowdfunding for bias independend University research financing.
If everyone would give just some bucks each month... hey wait isn't that, what taxes were intended to be?

andrewsNovember 19, 2014 2:34 AM

Back in the day, there were certain forms of encryption available for use in the US, even if export was not permitted. They'd have stronger versions not-for-export, sometimes obtained by using multiple encryption passes.

For instance:
DES - legal in US, the basis of unix crypt(3)
3DES - do it 3 times for greater security

XOR - legal, xor data against key
3XOR - do it 3 times for greater security

ROT13 - legal in some circumstances
3ROT13 - do it 3 times for greater security.

I do recall one case where a researcher was jailed for giving a presentation on ROT13 security because the federal govt felt that the technology should not be available for foreign use. Interestingly enough, the researcher was a Russian showing how ROT13 could be cracked, presenting in a US forum.

vas pupNovember 20, 2014 9:06 AM

Just curious: are they going to ban the following software to deny your privacy protection:
By the way, are they behind prevention of hardware design implementation to disconnect by user on demand video and audio input collection from user's electronic device?
For me the latter solution may have commercial competitive advantage if there are no underwater rocks banning it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.