Historical Facts About Encryption

Controversies surrounding encryption and cryptography have been making the news quite a bit lately, at least in legal and technical circles.  One of the highest profile recent controversies revolved around when the government could force Apple to help decrypt iPhones.  There have been other controversies around when a court can force a criminal defendant to decrypt their own harddrives.  Some politicians have been asking for backdoors to be placed in encryption software.

This post will not look directly at any of these recent controversies.  However, as with many things, a historical perspective can aid in understanding these controversies as well as the increasing importance of encryption in society.  So, let’s look at a few facts from the history of cryptography as well as how it is used now.

Encryption is ancient

Encryption has been used for thousands of years, done by hand long before computers were developed.  It has been traced back to ancient Egypt.[1]  One early, and famous, form of encryption was the Scytale used by the Spartans around the fifth century B.C.[2]  Scytales were wooden staffs that were cut to a precise diameter.  The Spartans would wrap this staff with a thin piece of parchment and then write their message across the paper.  When they unwrapped the paper, it would be difficult to decipher the message.  When the message was sent to its recipient, they would then wrap it around their staff, cut to the same diameter, to be able to read the message.

The Caesar Cipher is another famous cipher used in ancient history.  In its simplest form, each letter is replaced by the fourth letter after it in the alphabet.  So, an A would become a D.  There are indications that ciphers similar to that were used prior to Julius Caesar, but Suetonius’ description of Julius Caesar’s use of them helped ensure they were well known.

Tusculum Bust of Julius Caesar. Photo by Gautier Poupeau under CC-BY 2.0 license.

Tusculum Bust of Julius Caesar. Photo by Gautier Poupeau under CC-BY 2.0 license.

Cryptanalysis has been around for a long time

William Friedman (Photo from https://commons.wikimedia.org/wiki/File:William-Friedman.jpg in public domain)

William Friedman

Cryptanlaysis is essentially breaking the codes used in cryptography, while cryptography is the science of making efficient and effective encryption schemes.  The word itself is quite new and was brought into the English language by William F. Friedman.[3]

The practice though dates back to the 9th Century at the latest and may have seen use before that.   One of the earliest surviving texts on cryptanalysis dates to around 801 A.D. and was written by Al-Kindi from Basra.[4]

Unbreakable cryptography has been around for some time.

The one time pad is a theoretically unbreakable form of encryption.  In its simplest form, each character or bit of a source document is combined with the corresponding part of the key, which must be truly random.  This means that the key needs to be at least as long as the message.  Also, to maintain their security, the key cannot be reused.  If the key is used repeatedly, cryptanalysis becomes possible.  In practice, this process is rarely used because it requires creating, managing, and possibly finding a secure way to transmit a secret key that can be enormously long.  It is also not overly efficient.  It is though theoretically unbreakable when done properly.

This system was first fully detailed in 1882 by Frank Miller, though the somewhat similar systems were around before that.  Though the practical issues mean that one time pads do not see much use, they have seen some important usage.  The English made some use of one time pads during World War II and an early teletype communication system between Washington and Moscow used a variant system.

Cryptography played a role in the American Revolution and its immediate aftermath

Both the Revolutionaries and the British made use of cryptography during the American Revolution.[5]  George Washington exchanged encrypted messages with Marquis de Lafayette.  Charles Dumas, the famed author, provided encrypted intelligence to the nascent United States in this era.  Many well-known statesmen and prominent leaders including Thomas Jefferson, Benjamin Franklin, and John Adams were known to use encrypted messages.  On a more personal level, John and Abigail Adams exchanged encrypted personal messages to protect their privacy.[6]

Both sides also made use of cryptanalysis.  For instance, some of Washington’s men intercepted messages sent by Dr. Church, a spy for the British.  They were eventually able to decrypt these messages and arrested Dr. Church.[7]

The fact that encryption was used during the Revolution has meaning today to legal scholars.  Because of how much the world, particularly technology, has changed since the Constitution was written, some legal scholars are concerned with latent ambiguities in the Constitution.[8]  These are Constitutional issues that would have been unambiguous to the Framers of the Constitution, but which have become unclear in modern contexts.  In other words, we now face questions today which the Framers could not possibly have considered since they had not yet been imaged yet.  This does not really apply to Cryptography.  Obviously, cryptography is much more common now than it was during the revolutionary era, but this is a difference only in degree.  Many of the Framer’s had personally used encryption and were recently involved in a war where the other side had also used encryption.  The Revolutionaries had both broken encryption and faced encryption they could not break.  They of course would not have expected it to be used nearly so much as it is now, but they were well aware of its uses in politics, warfare, and even for simple personal privacy.  The Federal Courts even faced questions of encryption and personal incrimination quite early in their history, with one prominent case dealing with Aaron Burr in 1807.[9]

Modern Usage

Cryptography is pervasive throughout the modern world, more so than many people realize.  SSL or TLS (their usage often signified by “https” in a URL or a lock icon in some browsers) helps provide security on the web.  Without the security and authentication provided by SSL and TLS, it would be unwise to handle sensitive transactions, such as any banking.

Encryption is often used to protect stores of significant data, including database backups.  Some commentators have argued that lawyers may soon have an ethical obligation to use encryption for at least some highly sensitive data.[10]  Cryptography also plays a role in authentication, providing a way to verify that the sender of a message is who they say they are.  It is the basis for digital signatures.  Cryptography plays a vital role in the modern Internet, and modern life, which goes far beyond mere privacy and is essentially required for any electronic transaction in which you need to be certain of the identity of the other party.

[1] Fred Wrixon, Codes Ciphers & Other Cryptic & Clandestine Communication 17 (1998).

[2] Simon Singh, The Code Book 8 (1999).

[3] Alfred J. Menezes, Paul C. van Oorschot & Scott A. Vanstone, Handbook of Applied Cryptography 275 (1996).

[4] Simon Singh, The Code Book 15 (1999)

[5] Ralph E. Weber, United States: Diplomatic Codes and Ciphers 1775-1938, 22-25 (1997).

[6] John A. Fraser, The Use of Encrypted, Coded and Secret Communications Is an “Ancient Liberty” Protected by the Constitution, 2 VA. J. L. & TECH. 2, 22 (1997).

[7] Ralph E. Weber, United States: Diplomatic Codes and Ciphers 1775-1938, 22-23 (1997).  After his arrest, Dr. Church was imprisoned until he was effectively banished.  The ship he left the U.S. on was lost.

[8] Lawrence Lessig, Code Version 2.0 25-26 (2006).  Other legal scholars have expressed similar concerns without using the term latent ambiguities.  See e.g. A. Michael Froomkin, The Metaphor is the Key: Cryptography, the Clipper Chip, and the Constitution, 143 U. PA. L. REV. 709, 844 (1995).

[9] See U.S. v. Burr, 25 F. Cas. 38 (D.Va. 1807)

[10] To be clear, there is no requirement to encrypt all e-mails with or about clients currently.  But commentators encourage it if the information is highly sensitive and note that those requirements are likely to become more strict.  See e.g.Daniel Kamitaki, Note, Beyond E-mail: Threats to Network Security and Privileged Information for the Modern Law Firm, 15. S. Cal. Int. L. J., 307, 336 (2006).