INVITATION TO CYBERSECURITY 286 civil disobedience. Other hacktivists expose corrupt leaders by linking them to illegal activities. This is a gray area because it ignores the rights of the accused and borders on vigilante justice. Vigilante justice is when individuals without the proper authority attempt to enforce the law. Vigilante justice is illegal and unethical, and hacktivists have themselves been arrested for trying to take the law into their own hands by hacking to expose evidence of crimes. The crypto wars of the 1980s and 1990s provide a good illustration of civil disobedience in the domain of cybersecurity. During this era, strong computer encryption was considered a military munition and protected from export under the United States International Traffic in Arms Regulations (ITAR). Therefore, exporting computer cryptography was illegal. While it may sound strange to group computer encryption with military-grade weapons like missiles and machine guns, up to this point in history, strong encryption was considered a military advantage that needed to be protected from falling into enemy hands. But once cryptographic algorithms were implemented in software and could be run on any computer, the idea of trying to keep cryptography contained was considered ludicrous by many. Effectively, the ITAR made posting encryption algorithms on a computer network bulletin board illegal because it could then be accessed by people in different countries—a form of exporting. Meanwhile, many believed that people had a right to protect their computer network communications from eavesdropping, and argued that preventing people from using cryptography was unethical. Phil Zimmermann was a proponent of this view, and he created free software to encrypt and authenticate digital communications. He called his software Pretty Good Privacy (PGP) and made it available online in 1991, violating ITAR. He faced a serious criminal investigation but was never charged with a crime. Zimmerman became a cult hero for his actions. Some of his supporters made shirts with the RSA encryption algorithm printed on them as a form of protest, pointing out the absurdity that a shirt then somehow qualified as an export-controlled munition (see Figure 10.3). The export restrictions around computer cryptography were eliminated in the late 1990s, but the crypto wars have never completely been resolved. The United States government has an uncomfortable relationship with computer cryptography, at times arguing that it is a threat to national security and hampers criminal investigations. Many technologists, on the other hand, point out its benefits to individuals and organizations, the futility of trying to regulate it, and the dangers of incorporating cryptographic backdoors into cryptosystems. The idea of a cryptographic backdoor is that cryptosystems would include some mechanism that would allow messages that were encrypted by them to be decrypted by law enforcement under the proper legal authority. Many cyber experts argue that trying to create a backdoor that can only be used by people with the proper legal authority is a fool’s errand and dangerous. Either cryptography is strong and protects us all equally (i.e., the good and bad guys alike), or cryptography is weak and we all forfeit the assurance of genuine cryptographic privacy.
RkJQdWJsaXNoZXIy MTM4ODY=