Interpretation of the Background of the Cryptography Law: National Crypto War Showdown Begins

Source / LongHash

On January 1, 2020, China's first "Cryptography Law of the People's Republic of China" will be officially implemented. Prior to this, there had been only one "Administrative Regulations on the Use of Commercial Cryptographic Products" and "Overseas Organizations and Foreign Organizations and Management Measures for Individuals Using Password Products in China.

Because many people only use the passwords entered on mobile phones and websites for the so-called "password" and "password law" concepts, many people have misinterpreted that the "password law" allows the party and the government to control everyone's password. . In fact, this is a complete misunderstanding of the concept of cryptography in the Code.

Li Zhaozong, director of the State Administration of Cryptography of China, said: "Cryptography is an important part of the national security legal system under the framework of the overall national security concept, and it is also a technical and specialized law." The password in the cryptography law is Refers to technologies, products, and services that use specific transformation methods to encrypt and protect information, etc., whose main function is encryption protection and security authentication. This is different from the "password" used by ordinary people in email, social media, and mobile phones. Therefore, "password" here mainly refers to "cryptographic technology" and "encryption / decryption services" provided.

Many people have linked this "crypto law" with the blockchain technology recently promoted by the Chinese government. As we all know, blockchain technology is completely based on cryptography, and its core technology uses a large number of traditional encryption technologies. Therefore, it is reasonable to believe that if the government wants to fully control the development of future blockchain technology, it must first fully control cryptography and strictly manage the use of cryptography. It must be said that the "Cryptography Law" does have a considerable relationship with the development of blockchain technology, but if the understanding of the "Cryptography Law" stays on the blockchain, it will inevitably limit the pattern of the scheme to too small a place .

Blockchain, as an emerging technology, does rely heavily on encryption / decryption technologies, but these technologies have been used for a long time and are completely open technologies. Therefore, limiting and controlling these technologies itself is not too Great significance. Secondly, cryptographic technology has been widely used in our production and life. Almost all communications and business activities will actively or passively use cryptographic technology, and blockchain is only a very small part of it. Therefore, for the "Cryptography Law", its coverage is far beyond the blockchain, but it is of great significance for the communication and economic activities of the entire country.

And why does it come out at this point of time, it does coincide with the large-scale discussion of China's blockchain technology nodes, but in fact, this plan has been brewing for a long time. And, it is likely to be related to the recent global use and management of cryptographic technology, and further upgrades in communication monitoring requirements. In fact, in the last three years, various European and American countries have been extensively brewing and promoting various types of encryption and anti-encryption technology solutions, which have caused a lot of influence in society.

In fact, almost all mainstream cryptographic algorithms are currently open source and tried and tested. From the perspective of the government, it is unlikely to eliminate or restrict the spread and use of technology. I hope that we can start with the way of use and gain more control. . For a long time, because governments must consider the need for personal privacy and business privacy, as well as the huge demands of anti-terrorism and crime and national security, governments can only find an intermediate route to balance the huge pressure from both sides.

Many governments hope to gain cryptographic technical initiative through some undisclosed technical means. Obviously, it is definitely not China that goes the farthest-it is the United States. After the Second World War, the United States already managed cryptography as a weapon, and strictly restricted the export of cryptography, which has led to a series of civil rights movements and the rise of the Cyherpunker movement.

According to the information disclosed earlier, as early as the 1990s, the National Security Agency (NSA) tried to produce a mobile phone chipset called Clipper Chip, which uses the US government's built-in backdoor to implement information Encryption and decryption. The U.S. government tried to get the chipset to mobile phone makers, but was unsuccessful, and the plan was eventually cancelled in 1996.

The "Prism Project" and "Bullrun Project" exposed by the Snowden incident shocked the world again. This is the largest ever eavesdropping and illegal breach of personal privacy. According to the New York Times, as part of the Bullrun program, the NSA spends $ 250 million a year plugging backdoors into software and hardware.

In the "post-Snowden" era, many people think that the government may control or reduce the government's supervision power to a certain extent in order to avoid complex privacy issues. However, the actual situation is exactly the opposite. European and American governments with the "Five Eyes Alliance" as the core And the intelligence system seeks to adopt programs to "legitimately" obtain greater monitoring rights, and normalize and legalize monitoring similar to "Snowden" behavior.

Here we need to briefly introduce the Five Eyes Intelligence Network (FVEY). This is an intelligence alliance in an English-speaking country. It is an international intelligence sharing group formed under the Anglo-American agreement. Its members include Australia, Canada, New Zealand, the United Kingdom, and the United States. The history of the Five Eyes Alliance dates back to the Atlantic Charter issued by the Confederates during World War II. Therefore, as long as one country can achieve a breakthrough in monitoring solutions, it can immediately contribute its intelligence with other countries.

In 2014, after only one day of debate in the British Parliament, the "Data Retention and Investigation Powers Act (DRIPA)" was legislated into British law, which was referred to by Snowden as "the most Extreme surveillance "and paved the way for subsequent bill passage.

On November 29, 2016, the British House of Lords signed and passed an Investigatory Powers Act (IPA) (https://www.gov.uk/government/collections/investigatory-powers-bill ) Large-scale Integrated Surveillance Act. The new bill classifies Internet companies along with traditional telecommunications companies as "communications service providers" and assists in various surveillance activities-from collecting phone records to hacking user phones to extract and save bulk user data. Internet service providers will be required to keep customers' browsing history for 12 months. The bill also allows the government to create specialized information collection houses to collect searchable personal data from various sources. The IPA can be seen as the charter of many types of data surveillance that British officials have been conducting in secret.

The bill is known by the people as the "Snoopers Charter" and has been fiercely criticized and protested from all sides. Since 2014, many communities and people from all walks of life have tried to repeal these two bills by various means. After repeated tug-of-wars between the civil and government, in early 2018, a British court ruled that DRIPA was not in compliance with EU law and abolished DRIPA. , And asked to narrow the scope of IPA,

The European Court of Justice requires that government functions monitor specific targets at specific times for the purpose of combating major criminal offenses, and that, except in the most urgent cases, surveillance must be approved by the court.

Australia, also part of the Five Eyes Alliance, passed the controversial "anti-encryption law" about a year ago (December 6, 2018), requiring practitioners to assist officials in obtaining encrypted content. Although known as the "anti-encryption law" by the outside world, it is actually an amendment to the Australian Telecommunications Act 1997. It allows law enforcement agencies to file "Technical Assistance Requests (TARs)", companies provide "voluntary" assistance, or provide technical details of their own network services; they can also submit "Technical Assistance Notices (TANs)" , Forcing companies to provide assistance, for example, they must assist in viewing specific encrypted communication content, and they will be fined if they refuse; they can also use the "Technical Capability Notice (TCN)" to require companies to provide interfaces specifically to assist law enforcement agencies in obtaining The content of the suspect's communication will be punished otherwise.

Simply put, the bill requires that Internet service providers be able to provide interfaces or backdoors to allow the government to decrypt all relevant communications according to government requirements. In addition, the program also provides an extensive confidentiality clause, assuming that someone in the company talks about a government order and can be punished by up to 5 years.

Although lawmakers in support of the bill mentioned that the program mainly targeted suspects and criminals involved in serious crimes, including mainly similar to serious offenders, drug offenders or terrorists and extremely serious criminal offenses, it was still Many people question that it is difficult to guarantee that it will not be used by everyone else like the US "prism" plan. As a result, many people from the technology community and the security community are strongly opposed, but ultimately failed to prevent the program from being adopted.

From the passage of the British "Peeper Charter" to the passage of Australia's "Anti-Encryption Law", it can be seen that the "Five Eyes Alliance" has been relentlessly trying to obtain greater monitoring rights, and trying to gain more control through backdoors and decryption. More control. Therefore, the author believes that this is the general background for the introduction of China's "Cryptography Law." If China hopes that it will not fall behind in the global intelligence system, or even control the initiative, it will not be possible to not legislate in the field of cryptography and target countries that may affect the country Respond promptly to potential threats to security.

It can be known from the history of World War II that the offensive and defensive battle of cryptography is very important for both sides. There have been comments that Turing's significant contribution to decryption caused World War II to end two years in advance, and it has also saved the lives of at least one million people. This statement may be exaggerated, but at least it illustrates the importance of cryptography for the global political landscape. The emergence of the blockchain technology itself indicates that the application of cryptography has reached a new stage. The intensive introduction of various laws on cryptography in various countries demonstrates that the offensive and defensive battles for cryptography have also received unprecedented attention. The promulgation of China's "Cryptography Law" shows that the Chinese government has officially joined this battlefield without gun smoke, and this war may have just begun.

LongHash , read the blockchain with data.