The NSA Hated Civilian Encrypted Data Way Back in the 1970s

Illustration for article titled The NSA Hated Civilian Encrypted Data Way Back in the 1970s

In the 1970s, civilian researchers at places like IBM, Stanford and MIT were developing encryption to ensure that digital data sent between businesses, academics and private citizens couldn't be intercepted and understood by a third party. This concerned folks in the U.S. intelligence community who didn't want to get locked out of potentially eavesdropping on anyone, regardless of their preferred communications method. Despite their most valiant efforts, agencies like the NSA ultimately lost out to commercial interests. But it wasn't for lack of trying.

As we looked at yesterday, the people who developed the government-funded ARPANET (the precursor to our modern internet) saw it as a tool that would perhaps one day enable a fantastic array of uses in the private sector. From online banking to having an entire library at your fingertips, the futuristic thinkers who built the internet knew that they were truly changing the world. But if anyone was going to have confidence in this technology — whether it was banks looking to send money halfway around the world, or private citizens reading a controversial book — there needed to be a reasonable expectation of privacy and security. Enter the encryption researchers of the 1970s.


As Jay Stowsky at UC-Berkeley notes in his 2003 paper "Secrets or Shields to Share?" the intelligence community fought tooth and nail against the private development of cryptography for computers. When the NSA got wind of the research developments at IBM, Stanford and MIT in the 1970s they scrambled to block publication of their early studies. When that didn't work, the NSA sought to work with the civilian research community to develop the encryption. As Stowsky writes, "the agency struck a deal with IBM to develop a data encryption standard (DES) for commercial applications in return for full pre-publication review and right to regulate the length, and therefore the strength of the crypto algorithm."

Naturally, in the Watergate era, many researchers assumed that if the U.S. government was helping to develop the locks that they would surely give themselves the keys, effectively negating the purpose of the encryption. Unlike IBM, the researchers at Stanford and MIT didn't go along with the standard and developed their own encryption algorithms. Their findings were published (again, against the wishes of the NSA) in the late 1970s after courts found that researchers have the right to publish on the topic of cryptography even if it makes the government uncomfortable. According to Stowsky, the NSA retaliated by trying to block further research funding that Stanford and MIT were receiving through the National Science Foundation.

Once the intelligence community realized they couldn't legally stop the proliferation of encryption in the United States, they turned their attention to export laws. If U.S. citizens were going to have strong encryption, fine, but at least they could ensure that it wouldn't get in the hands of other countries. As you can imagine, these restrictions became futile efforts as the internet grew into a more widespread force in the 1980s. And, in fact, it harmed private developers in the U.S. throughout the 1990s who couldn't deliver their products overseas, where encryption software companies in places like Israel and Taiwan were able to gain huge market share over American firms.

The battles of the 1970s over privately developed encryption wouldn't be the last word on the subject. The 1990s and 2000s saw a number of efforts by various government agencies to build backdoors into burgeoning communications mediums. But the encryption arms race continues.


As we know today, cracking privately developed encryption tools continues to be a top priority for intelligence agencies around the world. But one wonders about some kind of alternate history scenario in which encryption had been less controversial. It's rather silly to imagine for so many reasons, but if the basic foundational technologies of the internet had developed even a few years earlier — at a time before the public's trust in government absolutely tanked — would the culture of encryption have been any different?


Would the master keys that the NSA so desperately wanted have been given to them without question? And how would that have effected the commercial potential of the internet — a system built on the faith that personal financial and communications transactions are reasonably secure from prying eyes? These are all navel-gazing questions of the retrofuture, I suppose. But in our Post-Privacy Age, interesting questions nonetheless.

Image: Illustration from the October 1978 issue of the NSA's Cryptologs magazine


Share This Story

Get our newsletter



The thing about this article: The NSA actually significantly strengthened DES, including against attacks which wouldn't even be understood by people outside the NSA until the late '80s.

DES is still effectively secure against anything but brute force attacks, and is still in use today as 3DES.

If the premise is that the NSA wants weak, breakable encryption, and DES is exhibit A, the argument is an odd one...