From protecting troops to securing the internet, cryptography is the basis of data security, but – as RSA Conference attendees might recall – it could have ended up very differently
The industry-leading conference is attended by over 40,000 people annually, though most are unaware that it initially came about as a hail-Mary pass by a team of researchers who had spent years refining their cryptographic toolkit – and suddenly found themselves facing an existential threat.
That was the Clipper chip, a specialized microchip developed by the US National Security Agency to force companies into embedding encryption into their devices that could be cracked by authorities if they needed to access terrorist or other critical communications.
The cryptography community, once fragmented, began to see the need for a more integrated, trusted, and open field. Their answer came in the form of the first RSA Conference, launched by Jim Bidzos in 1991.
Guest speakers included Peter Neumann and Burt Kaliski Jr., asymmetric key cryptography pioneers Whitfield Diffie and Martin Hellman, and of course, Ron Rivest, Adi Shamir, and Leonard Adleman, who invented the public-key encryption technology of the same name that started it all in 1982.
This innovation marked a crucial step in adapting cryptography for the Internet age; but as we widen the lens, it becomes clear: this was only the latest chapter in the centuries-old history of cryptography.
Prior to the modern age, it was synonymous with encryption, the process of converting readable information into an unreadable form using a secret method. As a result, text then could only be understood by someone possessing the necessary decryption technique, which was typically shared only with authorized recipients.
Over time, though, cryptography has become increasingly complex, with the development of rotor cipher machines in World War I and the advent of computers in World War II playing a pivotal role in pushing the boundaries of the technology.
In the immediate post-World War II period, the market for cryptography was almost entirely military. This meant that when the Cold War began and the US tightened controls on Western technology, it was classified as a “weapon of war” and subject to strict export regulations. This made sense at the time, considering encryption’s crucial role in securing sensitive military communications.
By the 1960s, however, financial organizations were beginning to require strong commercial encryption on the rapidly growing field of wired money transfer. The U.S. Government’s introduction of the Data Encryption Standard in 1975 meant that commercial uses of high quality encryption would become common, and serious problems of export control began to arise.
The name RSA refers to the public-key encryption technology developed by RSA Data Security, Inc.
The idea for the RSA Conference, however, came about over a 1991 phone call between Bidzos, CEO of RSA Security at the time, and the executive director of the Electronic Privacy Information Center.
The plan worked, hastened by the demise of the Clipper chip, which ultimately faded into obscurity after being proven insecure in 1997. Over the next several decades, support for the RSA Conference grew, transforming from a core attendance of “50 or 60 cryptographers” into a regular forum for the cybersecurity community as a whole to meet and collaborate.
The need for secure communication and data encryption has become a constant public concern, particularly following the widespread adoption of personal computers. In 1991, Phil Zimmermann’s PGP cryptosystem and its distribution on the internet became the first major ‘individual level’ challenge to controls on the export of cryptography.
The first widely available program implementing public-key cryptography, PGP quickly was in hot water, and after a report from RSA Security, the United States Customs Service began criminally investigating Zimmermann. At the time, the US Government had long regarded cryptographic software as a munition, and thus, subject to arms trafficking export controls. The investigation lasted three years, but was ultimately dropped after the code for PGP became public.
The rise of cryptography – now woven into everyday activities such as secure messaging, online banking, and wifi connectivity – has given rise to new legal questions. At the center of this is a potential conflict between laws granting investigators access to encrypted data and the protection of individual privacy rights.
The complexity of this issue was exemplified in the aftermath of a 2015 mass shooting in San Bernardino, California.
Despite the resolution of this particular case, government access to secured devices remains a hotly debated topic among security experts, fueling an ongoing push for stronger encryption – though how it will play out among today’s tech giants remains to be seen.
In today’s digital landscape, it’s hard to tell what the future of cryptography will look like, but it is likely to be impacted by several factors. One of which is the development of quantum computing.
In response, nations across the globe are racing – and effectively competing with each other – to develop quantum-resistant cryptographic algorithms to prepare for what experts are calling “Q-Day,” when current encryption will be vulnerable to quantum computing attacks.
As technology continues to evolve, so too must cryptography. Without robust encryption, our connected world faces a staggering $10.5 trillion dollar annual cost from cybercrime by 2025, according to Cybersecurity Ventures. Safeguarding the digital future starts with securing our defenses now.