Interpretation of the Background of the Enactment of the Cryptography Law: The National Cryptography Battle Begins

On January 1, 2020, China's first "Cryptography Law of the People's Republic of China" will officially come into effect. Prior to this, there had only been the "Regulations on the Management of Commercial Encryption Products" announced on April 23, 2007, and the "Measures for the Administration of the Use of Encryption Products by Overseas Organizations and Individuals in China."

Many people only associate the concept of "password" and "cryptography" with the passwords they enter for logging into their phones and websites, leading to a misunderstanding that the "Cryptography Law" is about the government controlling everyone's passwords. In reality, this is a complete misinterpretation of the concept of cryptography in the "Cryptography Law."

Li Zhaozong, the Director of the Chinese National Cryptography Management Bureau, stated: "The Cryptography Law is an important part of the national security legal system under the framework of the overall national security concept. It is a technical and professional specialized law." In the Cryptography Law, cryptography refers to the technology, products, and services that use specific transformation methods to encrypt and protect information for security authentication purposes. This is different from the "passwords" used in daily life by most people for emails, social media, and phones. Here, "cryptography" mainly refers to "cryptography technology" and the "encryption/decryption services" provided.

Many people have linked the recent "Cryptography Law" with the Chinese government's promotion of blockchain technology. As we all know, blockchain technology is based entirely on cryptographic techniques, with its core technology incorporating a large amount of traditional encryption methods. Therefore, it is reasonable to believe that if the government wants to fully control the future development of blockchain technology, it must first have complete control over cryptographic techniques and strictly manage the use of cryptographic technology. It can be said that the "Cryptography Law" does have a significant relationship with the development of blockchain technology, but if the understanding of the "Cryptography Law" is limited to blockchain alone, it may be too narrow.

Blockchain, as an emerging technology, indeed heavily relies on encryption and decryption techniques, but these technologies have been in use for a long time and are completely open. Therefore, restricting and controlling these technologies themselves may not have much significance. Furthermore, cryptographic technology is already widely used in our production and daily life, with almost all communication and business activities actively or passively utilizing cryptographic techniques, with blockchain being just a very small part of it. Therefore, for the "Cryptography Law," its coverage extends far beyond blockchain and is aimed at the entire country's communication and economic activities, holding significant importance.

As for why this "Cryptography Law" is introduced at this time, it does coincide with the large-scale discussions on blockchain technology in China recently, but in fact, this legislation has been brewing for quite some time. It is highly likely related to the global advancement in the use and management of cryptographic technology and the increasing demands for communication surveillance. In the past three years alone, various countries in Europe and America have been extensively brewing and promoting various encryption and anti-encryption technology schemes, causing considerable impact on society.

Currently, almost all mainstream cryptographic algorithms are open-source and well-tested. From the government's perspective, it is unlikely to eliminate or restrict the spread and use of these technologies, but rather to gain more control through their usage. For a long time, due to the necessity of considering personal and commercial privacy, as well as the significant demands for counter-terrorism, anti-criminal activities, and national security, governments have had to find a middle ground to balance the immense pressure from both sides.

Many governments hope to gain the initiative in cryptographic technology through some undisclosed technical means. Obviously, the country that has gone furthest in this direction is not China but the United States. Since World War II, the United States has managed cryptographic technology as a weapon and strictly restricted the export of cryptographic technology, leading to a series of civil rights movements and the rise of the Cypherpunk movement.

According to early disclosures, as early as the 1990s, the U.S. National Security Agency (NSA) attempted to produce a mobile chip set called the Clipper Chip, which had a backdoor built by the U.S. government for information encryption and decryption. The U.S. government tried to persuade mobile manufacturers to adopt the chip set, but the plan was ultimately canceled in 1996.

The "Prism Program" and "Bullrun Program" exposed by the Snowden incident shocked the world, marking the largest-scale eavesdropping and illegal invasion of personal privacy in history. According to the New York Times, as part of the Bullrun Program, the NSA spends $250 million annually to insert backdoors into software and hardware.

In the "post-Snowden" era, many believe that to avoid complex privacy issues, the government may somewhat control or reduce its supervisory powers. However, the reality is quite the opposite. The core countries of the Five Eyes alliance, including the U.S. and Europe, are seeking to "legally" gain greater monitoring rights through schemes to "legally" normalize and legitimize surveillance activities similar to the Snowden incident.

It is necessary to briefly introduce the Five Eyes Intelligence Network here. It is "an intelligence alliance of primarily English-speaking countries, formed under the UKUSA Agreement, an international intelligence-sharing group consisting of the UK, U.S., Australia, Canada, and New Zealand. The history of the Five Eyes alliance can be traced back to the Atlantic Charter issued by the Allies during World War II."

In 2014, after only one day of debate in the UK Parliament, the Data Retention and Investigation Powers Act (DRIPA) was legislated and became UK law. Snowden referred to this law as the "most extreme surveillance in Western democratic history," paving the way for subsequent laws.

On November 29, 2016, the UK House of Lords signed the comprehensive surveillance law called the Investigatory Powers Act (IPA). The new law classifies internet companies and traditional telecom companies as "communications service providers," assisting in various surveillance activities, from collecting call records to intruding into user phones to extract and store bulk user data. Internet service providers are required to retain customers' browsing history for 12 months. The law also allows the government to establish specialized information collection centers to gather searchable personal data from various sources. The IPA can be seen as formalizing various types of data monitoring that UK officials have been conducting in secret.

The law is known as the "Snoopers Charter" in civil society and has faced intense criticism and protests from various sectors. Since 2014, numerous organizations and individuals have attempted to abolish these two laws through various means. After repeated struggles between civil society and the government, DRIPA was abolished in December 2016, and in April 2018, a UK court ruled that the IPA did not comply with EU law, requiring a reduction in the scope of the IPA.

The European Court required that monitoring must be aimed at specific targets during specific times for the purpose of combating serious crime, and except in the most urgent situations, monitoring must obtain court approval.

Similarly, Australia, as one of the core members of the Five Eyes alliance, passed the controversial "anti-encryption law" about a year ago (December 6, 2018), requiring operators to assist authorities in obtaining encrypted content. Although it was dubbed the "anti-encryption law," it is actually an amendment to the Australian Telecommunications Act of 1997. It allows law enforcement agencies to issue "Technical Assistance Requests" to companies for "voluntary" assistance or for providing technical details of their network services. They can also issue "Technical Assistance Notices" to force companies to assist, such as viewing specific encrypted communication content; if refused, fines may be imposed. They can also use "Technical Capability Notices" to require companies to provide interfaces specifically to assist law enforcement agencies in obtaining suspects' communication content, or face penalties.

In simple terms, the law requires internet service providers to provide interfaces or backdoors as requested by the government to decrypt all relevant communication content. Furthermore, the law includes broad confidentiality clauses, where individuals in companies discussing government orders could face penalties of at least five years or more.

Although supporters of the law mention that it primarily targets serious crime suspects and criminals, including serious offenders, drug offenders, terrorists, and extremely serious criminals, many people still question whether it will not end up being used on everyone as the U.S. Prism program did. Therefore, many from the tech and security communities strongly oppose the law, but ultimately, they were unable to prevent its passage.

From the "Snoopers Charter" in the UK to the "anti-encryption law" in Australia, it is evident that the Five Eyes alliance has been tirelessly striving to gain greater monitoring rights and attempting to gain more control through backdoors and decryption. Therefore, the author believes that this is the broader context behind the introduction of the "Cryptography Law" in China. If China hopes not to fall behind in the global intelligence system in the future, or even to gain the initiative, it cannot but legislate in the field of cryptographic technology and respond promptly to various potential threats that may affect national security.

History from World War II shows that the battle of cryptography is crucial for both sides. Some commentaries believe that World War II ended two years earlier due to Turing's significant contribution to decryption, saving at least a million lives. While this statement may be exaggerated, it at least illustrates the importance of cryptographic technology in the global political landscape. The emergence of blockchain technology itself indicates a new stage in the application of cryptography, and various countries enacting a range of laws related to cryptography demonstrate an unprecedented level of emphasis on the battle of cryptographic technology. The introduction of the Chinese "Cryptography Law" signifies that the Chinese government has officially entered this battlefield without gunpowder, and this war may have just begun.

This article is from our partner LONGHASH

Join now to get the most comprehensive information on financial technology, blockchain insights, and industry examples!