The following paragraph is from an opinion piece last year by CNN National Security Commentator Mike Rogers, called “Encryption a growing threat to security“:
Back in the 1970s and ’80s, Americans asked private companies to divest from business dealings with the apartheid government of South Africa. In more recent years, federal and state law enforcement officials have asked — and required — Internet service providers to crack down on the production and distribution of child pornography. And banks and financial institutions are compelled to prevent money laundering by organized crime and terrorists finance networks.
All of this is against companies’ bottom-line business interests, but it has been in the public interest. These actions were taken to protect the public and for the greater good. And all of it was done to mitigate a moral or physical hazard.
Don’t know about you but that “apartheid” line jumped right out at me. African history doesn’t come up enough on its own let alone in the crypto debates. So my attention was grabbed.
Let me just say I agree in principle with a “greater good” plea. That’s easy to swallow at face value. However, a reference to fighting wrongs of a South African government while talking about encryption as a threat to security…Rogers makes a huge error here.
My first reaction was tweeting in frustration how Biko might have survived (he was taken captive by police and beaten to death in prison) if he had better privacy. I mean history could have turned out completely different, far better I would argue, had activist privacy in South Africa not been treated as a threat to national security. Encryption could have preserved the greater good. I’ll admit that is some speculation on my part, which deserves proper research.
More to the point against Rogers, South Africa severely underestimated encryption use by anti-apartheid activists. That’s the fundamental story here that kills the CNN opinion piece. Use of encryption for good, to defeat apartheid, is not a secret (see “Revolutionary Secrets: Technology’s Role in the South African Anti-Apartheid Movement,” Social Science Computer Review, 2007) yet obviously it needs to be told more widely in America:
…development of the encrypted communication system was key to Operation Vula’s success
Basically (no pun intended) hobbyists had taught themselves computer programming and encryption using a British computer called the Oric 1 and some books.
An Oric 1 only cost £100 and was quite popular in the 1980s. You could say it had a following comparable to the Raspberry Pi today and therefore provides an extremely relevant story. With only a little investment, study and careful planning by ordinary people “Operation Vula” used encryption to fight against the apartheid regime.
When the operation was finally uncovered by the police in 1990 they knew too little and too late to disrupt Vula. Nonetheless to the very end the government accused people of terrorism when caught using encrypted communication; buildings using encryption were called “havens for terror“.
So my second reaction was to tweet “please watch ‘Vula Connection’ how a South African man used encryption to turn against his gov and end apartheid” to try and generate more awareness. It had 247 total views on that day; now, nine months later, it still has only 7,766. Not bad, yet not exactly a huge number.
I also tweeted “The Story of the Secret Underground Encryption Network of Operation Vula, 1995” for those who would rather read Tim Jenkin’s first-person account of crypto taking down apartheid.
His prison-break (please read Escape from Pretoria – a video also is available) and secure communication skills are critical to study thoroughly for anyone who wants to argue whether encryption is a “threat to security” in the context of apartheid and the 1980s.
Here is Tim Jenkin explaining what he did and why. Note there are only 185 views…
My third reaction was to contact the organizers of the RSA Conference, since it has a captive crowd in the tens of thousands. I know my tweets have limited reach (hat-tip to @thegrugq for immediate sub-tweets when I raise this topic, extending it to far wider audiences). A big conference seemed like another way for this story to go more mainstream.
So I suggested to conference organizers we create a “humanitarian” award, setup a nomination system/group and then I would submit Tim Jenkin. While Tim might not get the formal nod from the group, we at least would be on the right road to bringing this type of important historic detail forward into the light.
All that…because an op-ed incorrectly tried to invoke apartheid history as some kind of argument against encryption. Nothing bothers a historian more than seeing horrible analysis rooted in a lack of attention to available evidence.
So here we are today. RSA Conference just ended. Instead of Tim Jenkin on stage we were offered television and movie staff. CSI, Mr Robot, blah. I get that organizers want to appeal to the wider audience and bring in popular or familiar faces. I get that a lot of people care about fictionalized and dramatized versions of security, or whatever is most current in their media and news feeds.
It was painful to sit through the American-centric entertainment-centric vapidity on stage when I knew I had failed to convince the organizers to bring lesser-known yet important and real history to light. Even if Tim Cook had spoken it still would pale for me in comparison to hearing from Tim Jenkin. The big tech companies already have a huge platform and every journalist hanging on every word or press release. Big tech and entertainers dominate the news, so where does one really go for an important history lesson ready to be told?
What giant conference is willing to support telling of true war stories from seasoned experts in encryption, learning new insights from live interviews on stage, if not RSAC?
And beyond learning from history, Tim Jenkin also has become known for recent work on a free open source system helping people trade without money. Past or future, his life’s work seems rather important and worth putting out to a wider audience, no?
It would have been so good to have recognized the work of Tim, and moreover to have our debates more accurately informed by the real-world anti-apartheid encryption. If only RSAC had courage to bring the deeper message to the main stage outside of the cryptographer’s panel. I will try harder to encourage this direction next year.
This is a Security Bloggers Network syndicated blog post authored by Davi Ottenheimer. Read the original post at: flyingpenguin