Crypto Wars Podcasts

My first attempts at podcasts for this site, produced sometime ago on YouTube, were two videos about the Crypto Wars. This is the story about the attempts to control the use of strong encryption in the late 1990s, and then again in more recent years. From about 2014 to 2018. This includes things like the Investigatory Powers Act in the UK, and other similar laws elsewhere. The two podcasts are linked below.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Crypto Wars 2.0

I was invited to give a talk at Oxford University on Crypto Wars 2.0 for the Cyber Security DTC that is jointly ran by Oxford and Royal Holloway. I have given a talk on the Crypto Wars at Durham in the past but this talk was a combination of a revisiting the the Crypto Wars today, but also a look to the future. I have produced a podcast of the talk and the slides are available here.

Podcast – quick history of encryption

I did a quick video of a very short history of encryption for a friend who was putting on a screening of Citizen Four. I tried to put the film into some context, including the crypto wars. Hard to do in ~10 minutes but I think I managed it.

Please accept YouTube cookies to play this video. By accepting you will be accessing content from YouTube, a service provided by an external third party.

YouTube privacy policy

If you accept this notice, your choice will be saved and the page will refresh.

Investigatory Powers Bill

The video below is a recording of Teresa May answering questions on the draft Investigatory Powers Bill. some interesting highlights (or low lights) for me where the following:

  • She essentially didn’t answer the question on why it is unhelpful to compare the retention of web history with that of an itemised phone bill. The two things are not the same. An itemised phone bill doesn’t record a version of the conversation that took place. Now, although I believe that the retention is not include the exact pages visited, it does include the IP address of the website. So even though that is not exact pages visited, it does give some idea of the content that might have been viewed as they could go and retrospectively visit the site. Importantly, this doesn’t include whether the site has changed in the meantime. Also it is not clear to me whether the IP address and the site are recorded. Obviously this is important as you can host a large number of websites on a single server… In short this comparison is supposed to be there for clarification, it doesn’t clarify anything.
  • Some of the wording seems to be vague to say the least. This is of some concern as it could allow for a degree of ‘mission creep’. Where the legislation is used for things that it was not really intended for. We have already seen the government use terrorism laws for strange things, the most obvious of which was them being used to freeze Icelandic bank accounts during the financial crash.
  • No sunset clause. So the bill will not time out on its own, and realistically unless the attitude of a future government is very difference from today. We might well be stuck with it forever.
  • I will also point out that there seems to be some scope for the weakening of encryption in the bill. We haven’t seen this since the May 2000 Electronic Communications Act, in which the Home Office left in a vestigial power to create a registration regime for encryption services. Basically the capacity to weaken/back door encryption. This did have a sunset clause which expired.