The Crypto Wars
- Chapter 13: The Crypto Wars
Chapter 13: The Crypto Wars
“If privacy is outlawed, only outlaws will have privacy.”
Phil Zimmermann, “Why I Wrote PGP” (1991)^1^
Introduction
The Crypto Wars are the ongoing conflict between states seeking surveillance capability and individuals developing privacy technology. The conflict began when strong cryptography moved from classified military research to civilian availability. States that had monopolized the most effective practical cryptography suddenly faced citizens with similar defensive capability. The response was predictable: attempts to control cryptographic technology and pressure systems toward backdoors.^22^
The largest attempts at broad control largely failed, for reasons economic analysis explains. But failure was not total, and the conflict continues.
13.1 History: Export Controls to Clipper Chip
Cryptography as Munitions
Until late 1996, many U.S. exports of strong cryptographic software were classified as munitions under the International Traffic in Arms Regulations (ITAR).^2^ In late 1996, most commercial encryption items moved to Commerce controls, with further liberalization over the next several years. Sharing strong cryptographic software across borders could trigger export-control penalties severe enough to chill researchers and developers.
The classification reflected Cold War assumptions: cryptography was military technology, and maintaining cryptographic superiority over adversaries justified restricting civilian access. That civilians might have legitimate privacy needs, independent of military considerations, did not factor into the regulatory framework.
The absurdity became apparent as computing proliferated. Mathematical formulas available in university libraries could trigger export problems when distributed as software. Regulators treated publication format and distribution channel as legally significant in ways courts later found constitutionally suspect: printed publication and academic discussion received stronger practical protection, while posting source code online could invite export-control conflict.
Phil Zimmermann and PGP
Phil Zimmermann’s Pretty Good Privacy (PGP) crystallized the conflict.^3^ In 1991, Zimmermann released PGP as free software, providing strong public-key cryptography to ordinary users. PGP spread rapidly via the early internet, soon reaching users outside the United States.
The federal government opened a criminal investigation. For three years, Zimmermann faced potential export-control prosecution. The case became a cause celebre in the nascent internet community. Zimmermann’s response was characteristically cypherpunk: he published the PGP source code as a printed book, using a publication format that enjoyed stronger practical speech protection than export-controlled software files.^4^
The case was dropped without charges, but it established the template for Crypto Wars conflicts: the government asserts control authority; technologists route around restrictions; the restrictions prove unenforceable; formal policy catches up with technical reality.
The Clipper Chip
In 1993, the Clinton administration announced the Clipper Chip initiative: an NSA-designed cryptographic chipset with government-mandated key escrow.^5^ Users would have encryption, but government agencies would hold duplicate keys enabling decryption when legally authorized.
The proposal combined encryption with surveillance. Proponents argued this balanced privacy against law enforcement needs. Opponents identified fundamental problems.
Escrowed keys create a single point of failure; if the escrow database were compromised, all protected communications would be exposed simultaneously. The scheme also required trusting government agencies to access keys only when legally authorized, and given revelations about warrantless surveillance, this trust was not warranted. Researcher Matt Blaze discovered a flaw in Clipper’s protocol allowing users to disable escrow functionality while maintaining encryption.^6^ The system designed to ensure government access could be bypassed in ways that undermined its core assurance. Finally, technology companies recognized that products with government backdoors would lose international markets; customers seeking actual privacy would choose products without mandated vulnerabilities.
Clipper was effectively abandoned as market rejection made it commercially unviable. The episode showed that mandated backdoors face both technical and economic obstacles.
Resolution of the 1990s Battles
By the late 1990s, the first Crypto Wars were winding down. Legal challenges and commercial pressure converged with practical unenforceability, pushing policy toward liberalization. In 1996, Executive Order 13026 began transferring encryption controls from the State Department to the Commerce Department. The Bernstein litigation helped establish source code as protected speech and weakened the regulatory framework further.^7^
Export controls were substantially relaxed, though not eliminated. Strong cryptography became legal to distribute and deploy. The infrastructure for encrypted communication that we now take for granted became possible.
13.2 The Economic Logic of Cryptographic Control
Why States Seek Control
States seek cryptographic control because encryption threatens surveillance capability. The reasons connect to core state functions.
States extract resources through taxation, and full financial surveillance enables tax enforcement; encrypted financial transactions, invisible to authorities, undermine enforcement capability. As Chapter 10 examined, monetary systems enable state control, while encrypted payment systems route around that control by enabling transactions outside monitored channels. States monitor populations for various purposes: identifying dissent, tracking movements, understanding social networks. Encryption creates spaces invisible to such monitoring. Investigating crimes often requires accessing communications and records, and encryption can prevent access even with legal authority.
From the state’s perspective, encryption is a capability problem. Citizens with strong encryption can act without state visibility. This constrains state action regardless of whether that action is legitimate law enforcement or illegitimate repression.
Information Asymmetry and State Power
States benefit from information asymmetry: knowing more about citizens than citizens know about states. This asymmetry enables selective enforcement. It also chills behavior and enables preemptive intervention. When authorities can see all violations but must choose which to prosecute, enforcement becomes discretionary; everyone is guilty of something, and prosecution depends on official favor. Knowledge of surveillance changes behavior, as citizens who know they are watched modify actions to avoid attention, even when those actions are legal. Early detection of organizing or resistance enables intervention before movements gain strength.
Encryption reduces information asymmetry. States see less; citizens can coordinate without visibility. The power that asymmetry provides is diminished.
Economic Stakes
The economic stakes are substantial on both sides. For states, surveillance infrastructure is a massive investment; entire agencies have built capabilities premised on access, and encryption threatens the return on that investment. For citizens, privacy enables economic activity that surveillance would prevent; underground economies, regulatory arbitrage, protection of competitive information, and simple preference for non-observed life all have value to those who want them. For businesses, the tension runs in both directions: governments demand access while customers demand privacy, and the commercial value of serving privacy-conscious customers conflicts with regulatory compliance.
Democracy and the Surveillance Ratchet
Hans-Hermann Hoppe’s 2001 analysis of democratic and monarchic orders names a feature of democratic rule that bears on the history of surveillance legislation.^8^ Democratic rulers are temporary caretakers of the apparatus instead of owners of its long-term capital value, and that structural difference produces higher time preference in democratic decision-making than in hereditary monarchic decision-making.
Democratic surveillance legislation has consistently traded present political safety against future civil-liberties cost. The USA PATRIOT Act passed the House of Representatives with 357 yeas in October 2001, forty-five days after September 11.^9^ Each expansion of financial-surveillance authority under the Bank Secrecy Act’s successor legislation has passed with overwhelming bipartisan support in a political environment where the immediate political cost of opposing the expansion was visible and the long-term cost of supporting it was diffuse. The Chat Control, UK Online Safety Act, and eIDAS 2.0 battles in Europe track the same pattern. The political constituency for opposition is specialists who care about the architecture, while the political constituency for passage is whoever can frame the proposal as a response to a specific immediate concern.
The Hoppean reading is that democratic rulers discount future civil-liberties costs because they will not be in office to bear them. A more cynical reading is that they do not discount the future costs at all, because they expect the costs to accrue to opposition groups they will not belong to. Both readings produce the same pattern, and the pattern is what this book’s cost-asymmetry argument contends with.
13.3 Why Control Fails (and Where It Doesn’t)
The Structural Obstacles
Cryptographic security rests on mathematical properties that legal prohibition cannot change. If a problem is computationally hard, it remains hard regardless of what legislators decree. No law can make factoring large primes easy, and no policy reverses the relationships that make the schemes work. Cryptographic knowledge can be independently discovered, so suppressing it in one jurisdiction does not prevent discovery elsewhere; the mathematical relationships exist whether anyone knows them or not. Once published, mathematical knowledge cannot be unpublished; papers, textbooks, and internet archives preserve cryptographic techniques permanently and globally. Once algorithms are published, competent programmers can implement them directly, so suppressing implementations pushes toward suppressing programming itself.
The near-zero marginal cost of information compounds the problem. A cryptographic algorithm, once discovered and published, can be copied infinitely at negligible cost. One escaped copy becomes unlimited copies, and encryption software spreads faster than enforcement can track. The internet enables global distribution faster than any national enforcement mechanism can respond, and software published in one jurisdiction is available worldwide within minutes.
Even ignoring the distributed-knowledge problem, effective control would require coordination among states with divergent interests. Not all states want to restrict encryption; some benefit economically from serving as havens for privacy technology development. Each state controls only its own territory, so a backdoor mandate in one country does not touch software developed elsewhere. Even coordinated international agreements face enforcement gaps, and motivated actors can find jurisdictions that neither participate nor enforce.
Where Control Succeeds
Despite these obstacles, cryptographic control is not entirely ineffective. It succeeds not against the mathematics but around it. Cryptography is hard to implement correctly, and most users cannot evaluate whether a given implementation is secure; this creates opportunities for compromised implementations to spread under benign-looking names. Secure systems often sacrifice usability, so when encryption is hard to use, people use it less or use it incorrectly, undermining security in practice while it remains sound in theory. Most users accept defaults, and systems that ship with weak or absent default encryption leave most users unprotected regardless of what strong options formally exist. Companies operating within a jurisdiction must comply with local law or face sanction; major platforms often implement surveillance capabilities because regulatory compliance requires it, not because their engineers prefer insecurity. And encryption protects data, not people: physical coercion can compel key disclosure regardless of cryptographic strength, and the “$5 wrench attack” remains effective against the uncareful target.
Control therefore fails against sophisticated, motivated actors operating with good tools and good practices. It often succeeds against ordinary users who lack the expertise or the motivation to implement strong privacy. The resulting two-tier situation, in which those who prioritize privacy get it while everyone else does not, is the equilibrium the rest of the book takes for granted.
13.4 Jurisdictional Competition and Arbitrage
Jurisdictions compete for economic activity, and technology development is part of that competition. Privacy-friendly jurisdictions attract both developers and users. Programmers prefer working where their work is legal, and encryption development has clustered in jurisdictions with favorable treatment. Businesses serving privacy-conscious customers locate where they can legally do so; jurisdictions such as Switzerland and Estonia have attracted privacy-focused technology companies. High-value users seeking privacy choose service providers partly by jurisdiction, and demand for offshore services reflects the same arbitrage dynamic operating on the consumption side.
Economist Charles Tiebout analyzed how competition among jurisdictions for residents creates pressure toward policies residents prefer.^10^ Applied to cryptography, the analysis illuminates several dynamics at once. Developers and companies can relocate, and the credible threat of exit constrains what any single jurisdiction can impose. Jurisdictions known for privacy protection attract privacy-seeking activity, and the resulting reputation becomes an asset worth maintaining. When some jurisdictions offer favorable treatment, others face pressure to match or lose economic activity to those that do.
This competition can race toward privacy protection or toward surveillance, depending on which pressures a given government responds to. Governments responding primarily to law enforcement and intelligence pressures compete to offer more surveillance capability, racing toward the bottom. Governments responding primarily to economic development pressures compete to offer more privacy protection, racing toward the top. The outcome depends on which incentives dominate in which jurisdictions, and the present picture is mixed: some jurisdictions compete on privacy while others expand surveillance, and the same actors sometimes find themselves on opposite sides of the line as they cross borders.
13.5 The Ongoing War
The Shift from Tools to Builders
The Crypto Wars did not end with 1990s liberalization. They intensified, but along a different axis. The earlier battles tried to stop cryptography itself from escaping military control; once strong encryption became ordinary software, that front collapsed. States then adapted. If the mathematics could not be suppressed and the software could not be contained, the remaining pressure point was human.
A protocol cannot be arrested. A developer can. A piece of open-source code is legally awkward to prosecute directly; the person who wrote it, deployed it, promoted it, or operated infrastructure built around it is a clear legal target. Sanctions regimes, money-transmission statutes, anti-money-laundering law, and conspiracy doctrines all reach individuals regardless of what the underlying protocol does or does not do. The second phase of the Crypto Wars is a war against builders, because builders are the only remaining human chokepoint in systems designed to eliminate human chokepoints.
The chilling effect is the mechanism. When writing privacy-preserving code can carry the risk of a decade in prison under aggressive readings of sanctions or money-laundering law, fewer people write such code. When operating private-commerce infrastructure can be prosecuted as a criminal enterprise regardless of how users behave, fewer operators build. The prosecutions do not need to succeed on every legal theory to succeed as policy; they only need to raise the personal cost of building to a level that deters the marginal entrant.
Two cases anchor the pattern. Bernard von NotHaus’s Liberty Dollar, which circulated private silver and gold pieces and paper certificates intended for use as current money alongside Federal Reserve notes from 1998 through the mid-2000s, drew a federal counterfeiting and conspiracy prosecution that ended the operation.^15^ The theory was not that von NotHaus had operated an unlicensed financial service but that privately minted coins designed to circulate as current money attacked the monetary unit itself. The jury instruction framed Liberty Dollar as an attempt to undermine public faith in United States currency. Physical centralized competition with state money, in identifiable hands, attracts a more direct legal answer than digital systems usually face.
Tornado Cash showed the digital version of the same pressure operating without a custodian to seize. Its core pool contracts became immutable on Ethereum once deployed, so no officer could turn them off. On August 8, 2022, the Office of Foreign Assets Control added Tornado Cash itself to the Specially Designated Nationals list, targeting the smart-contract code and the Ethereum addresses at which it ran instead of a person or a company; U.S. persons were prohibited from interacting with those addresses regardless of purpose.^16^ The designation did not hold. In November 2024 the Fifth Circuit held in Van Loon v. Department of the Treasury that Tornado Cash’s immutable smart contracts were not “property” under the International Emergency Economic Powers Act and could not be designated under OFAC’s statutory authority, and on March 21, 2025, Treasury removed Tornado Cash from the sanctions list. The criminal cases against the developers who wrote the protocol, including Alexey Pertsev in the Netherlands and Roman Storm in the United States, continued on separate legal grounds and were unaffected by the delisting.^17^ Protocol resilience and personal safety are different problems. Immutable code can outlast direct suppression, and the humans who wrote it absorb the legal pressure the protocol deflects. Control has migrated from the code to the coder, from the system to the people who maintain it.
The Commercial Spyware Arm
Encryption has won the wire. A message protected by a modern ratchet is unreadable in flight, so the state buys its way back in at the endpoint, where decrypted content is available by the same pathway the user sees it. Commercial spyware is the instrument the state reaches for once direct control of the math and prosecution of builders have failed to reach the content itself. Chapter 12 documents the industry’s structure and vendor accountability record; the Crypto Wars reading is narrower, placing spyware as the third phase after cryptographic control and builder prosecution have run their course.^11^
Content encryption, however mathematically secure, is insufficient once the endpoint is compromised. Chapter 22 takes up the operational response.
The Current Legal Battles
Proposals for “responsible encryption” with “exceptional access” continue to emerge with arguments close to what Clipper offered three decades earlier, and the technical problems remain. Since 2022, a cluster of specific legislative projects has made the current phase of the conflict unusually concrete.
The European Union’s proposed Regulation on Child Sexual Abuse (CSAR), commonly called “Chat Control,” would require providers of interpersonal communications services to scan user content for child sexual abuse material. The scope covers services that implement end-to-end encryption. Scanning end-to-end-encrypted content requires either breaking the encryption or inserting a scanner at the endpoint before encryption occurs; both paths amount to the same architectural compromise. Chat Control is triangular intervention applied to messaging: the state modifies the terms of the provider-user exchange by forcing the provider to surveil on the state’s behalf, in the same way Chapter 10 described the state forcing banks to surveil their depositors. Germany, Austria, the Netherlands, and several other member states have blocked qualified majority across successive Council presidencies, and the European Parliament’s LIBE Committee rejected mandatory scanning in its own November 2023 position. The text has been revised and reintroduced across four years without adoption. The durability of the opposition shows that the Clipper-era arguments about backdoor risk remain persuasive when they are presented as architectural claims instead of policy preferences.
The United Kingdom’s Online Safety Act 2023 is further along. Section 122 of the Act grants the communications regulator Ofcom the power to issue notices requiring “accredited technology” to scan end-to-end-encrypted communications for child sexual abuse material and for terrorism-related content. At the time of the Act’s passage, the government issued a ministerial statement conceding that the power would not be exercised until “technically feasible” scanning became available. The statutory power remains, and its exercise depends on regulatory judgment, not on any additional primary legislation. Each of the major end-to-end-encrypted services operating in the UK, including Signal and WhatsApp and Apple’s iMessage, announced that they would withdraw their services from the United Kingdom before implementing client-side scanning. The European Court of Human Rights held in Podchasov v. Russia in February 2024 that a statutory requirement to weaken end-to-end encryption “cannot be regarded as necessary in a democratic society,” which is the first high-court holding in a Council of Europe member state that the architectural compromise fails a proportionality test.
The European Union’s eIDAS 2.0 regulation introduces a different attack vector. Article 45 of the regulation, as originally drafted, would have compelled web browsers to trust Qualified Website Authentication Certificates issued by member-state-designated providers, without the browsers’ usual authority to audit, revoke, or remove certificates they consider insecure. The mechanism would have enabled any designated member state to issue certificates that browsers are obliged to accept, which is the architectural definition of a man-in-the-middle capability against Transport Layer Security. Browser vendors including Mozilla, civil-liberties organizations including the Electronic Frontier Foundation, and more than five hundred academic cryptographers signed open letters against the draft. The final text, adopted in April 2024, includes a derogation clause permitting browsers to take “precautionary measures” when there are “substantiated concerns related to breaches of security”; browser vendors have interpreted this as preserving Certificate Transparency logging and revocation authority. The underlying mandate to trust qualified certificates remains, which is the compromise the regulation was designed to produce.^12^
The cypherpunk read of these three episodes is not that regulation always loses, because Ofcom’s Section 122 powers are real and can be exercised. Nor is it that regulation always wins, because Chat Control has been blocked for four years. The read is that the architectural arguments against backdoors, which were developed in response to Clipper, have survived three decades of technological change and now constitute the only durable defense against the current wave. When the argument is framed as “this is a backdoor,” policy opposition holds. When the argument is framed as “this is a targeted mechanism for a serious crime,” policy opposition weakens. The architectural frame is the one defenders must maintain.
The NeuralHash Withdrawal
In August 2021 Apple announced NeuralHash, a system that would have scanned images on user devices against a hash set of known child sexual abuse material before the images were uploaded to iCloud. The system was presented as privacy-preserving: the hash comparison would occur on the device, and only flagged matches would be reported. Within a month, security researchers published adversarial collisions against the NeuralHash function, showing that a determined attacker could craft images that produced false-positive matches against arbitrary target hashes. The objection from academic cryptographers, from civil-liberties organizations, and from Apple’s own engineering community concerned architecture, with the false-positive rate as a secondary concern. A scanner on every device, even one scanning for a single content class on the day of deployment, was an infrastructure whose future uses would not be controlled by the provider.
Apple withdrew the system in December 2022. No successor has been deployed. The firm redirected its effort into an on-device, opt-in Communication Safety feature that does not report outside the device. The withdrawal showed that architectural critique can overturn a commercial deployment before the infrastructure is entrenched. The same critique applies to every client-side scanning proposal that follows, and the same cryptographic objections continue to apply.^13^
Continuing Regulatory Threats
Platform liability for user content creates incentives to surveil users and undermine end-to-end encryption. Cryptocurrency regulation extends financial surveillance through KYC requirements, exchange registration, and travel rules.^25^ Proposals for international frameworks to govern encryption seek to close jurisdictional arbitrage opportunities.
The “Going Dark” Debate
Law enforcement agencies argue they are “going dark”: losing access to communications that encryption protects, and the FBI has campaigned for mandatory access capabilities.^14^ Access has in fact expanded, not contracted; despite encryption, law enforcement has more access to more data than ever before, with metadata, location tracking, and platform cooperation providing vast information streams. Every security expert who has examined the question concludes that mandated access introduces vulnerabilities that spread beyond police use and become targets for compromise by hostile actors.^18^
Post-Quantum Concerns
Quantum computing threatens current public-key cryptography. A sufficiently powerful quantum computer could break RSA and elliptic curve cryptography that secure most current internet traffic.^19^^23^
This creates both threat and opportunity. Encrypted data captured today could be decrypted later when quantum computers mature, making “harvest now, decrypt later” a viable strategy for patient adversaries.^24^ At the same time, post-quantum cryptography has moved from research into early standardization and deployment planning; NIST finalized its first core standards in 2024, but the transition to quantum-resistant algorithms remains a major infrastructure project.^20^ States may try to use that transition as an opportunity to mandate backdoors in new cryptographic standards.
The Conflict Continues
The Crypto Wars continue as a durable feature of the relationship between states and citizens with access to strong cryptography. States want surveillance capability; citizens want privacy; cryptography can provide privacy that resists state surveillance; states therefore seek to constrain cryptography. Neither side can permanently win. Cryptography cannot be uninvented and state power cannot be abolished, and the conflict persists because both sides have durable interests.
Chapter Summary
Cryptographic control fails against sophisticated actors for structural reasons. Mathematics is indifferent to legal prohibition, information replication costs nearly nothing, and global coordination among jurisdictions with divergent interests is practically impossible. Control still succeeds against ordinary users through implementation difficulty and usability barriers: most users accept defaults, cannot evaluate cryptographic security, and operate within jurisdictions that compel institutional compliance. The two-tier equilibrium, strong protection for those who prioritize it, weak protection for everyone else, is the empirical result of three decades of conflict.
The current phase targets builders. Sanctions, money-transmission statutes, and conspiracy doctrines reach individuals in ways protocols cannot be reached, and prosecutions need not succeed on every theory to succeed as policy. A concrete cluster of regulatory initiatives carries the phase: the European Union’s Chat Control proposal, the United Kingdom’s Online Safety Act Section 122 powers, and the eIDAS 2.0 browser-trust mandate. Each has drawn on the Clipper-era vocabulary of “exceptional access” and has been resisted on architectural grounds, and Apple’s withdrawal of the NeuralHash client-side scanning proposal in December 2022 showed that the critique can still overturn a commercial deployment before it becomes entrenched. Commercial spyware is the state’s answer to the fact that content encryption has won the wire, and the spyware industry survives sanctions on individual vendors through ordinary market substitution. Control has migrated from the code to the coder and from the transport to the endpoint, and Chapter 22 takes up the operational response.
The conflict is durable. Cryptography cannot be uninvented and state power cannot be abolished, and jurisdictional arbitrage opens opportunities without guarantees, and race dynamics can move toward surveillance as readily as toward privacy depending on which pressures governments respond to. Chapter 14 develops the cryptographic foundations this chapter assumes, and Part V examines the specific implementations the political and economic analysis here presupposes.^21^
Endnotes
^1^ Phil Zimmermann, “Why I Wrote PGP,” originally published in the PGP User’s Guide (1991, updated 1999), https://web.archive.org/web/20240101000000/https://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html. See also Chapter 2, note 15 for the cypherpunk-history treatment.
^2^ For a fuller history of U.S. cryptographic export controls, see Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption (Cambridge, MA: MIT Press, 1998).
^3^ See Zimmermann, cited in note 1 above.
^4^ The printed source code strategy exploited a legal distinction in practice. Regulators treated software as export-regulated, while books received stronger and clearer speech protection. Philip Zimmermann, PGP: Source Code and Internals (Cambridge, MA: MIT Press, 1995).
^5^ On the Clipper Chip proposal and controversy, see A. Michael Froomkin, “The Metaphor Is the Key: Cryptography, the Clipper Chip, and the Constitution,” University of Pennsylvania Law Review 143, no. 3 (1995): 709-897.
^6^ Matt Blaze, “Protocol Failure in the Escrowed Encryption Standard,” Proceedings of the 2nd ACM Conference on Computer and Communications Security (1994): 59-67.
^7^ Bernstein v. U.S. Department of State, 922 F. Supp. 1426 (N.D. Cal. 1996), and the subsequent Ninth Circuit panel opinion of May 6, 1999, Bernstein v. U.S. Department of Justice, 176 F.3d 1132 (9th Cir. 1999), holding that software source code was protected speech under the First Amendment. The opinion was withdrawn when the case went en banc, but the litigation contributed to the parallel liberalization of export controls under Executive Order 13026 (November 15, 1996) and subsequent Bureau of Industry and Security rule revisions.
^8^ Hans-Hermann Hoppe, Democracy: The God That Failed: The Economics and Politics of Monarchy, Democracy, and Natural Order (New Brunswick, NJ: Transaction Publishers, 2001). The time-preference argument is most concentrated in chapter 1 (“On Time Preference, Government, and the Process of Decivilization”) and chapter 2. Austrian-internal criticism includes Joseph T. Salerno, “Comment on Hoppe’s ‘On Time Preference,’” Review of Austrian Economics 9, no. 1 (1996), and later exchanges; Walter Block, “Is Monarchy a Libertarian Stance?” Reason Papers 32 (2010), defends Hoppe against some objections. The framework is used in the main text as a lens on surveillance legislation, not as a general endorsement of Hoppe’s monarchic-versus-democratic comparison.
^9^ Roll call vote no. 398, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act, H.R. 3162), 107th Congress, October 24, 2001: 357 yeas, 66 nays. Office of the Clerk of the U.S. House of Representatives, https://clerk.house.gov/Votes/2001398. The Senate passed the bill the following day by 98-1.
^10^ Charles M. Tiebout, “A Pure Theory of Local Expenditures,” Journal of Political Economy 64, no. 5 (1956): 416-424.
^11^ The commercial spyware industry is mature, globally deployed, and resistant to sanctions on individual vendors; see Chapter 12 note 8 for the full product-and-legal stack (NSO Pegasus, Intellexa Predator, Paragon Graphite, Candiru, Cellebrite, Magnet Forensics, and the U.S. NSO ruling). Citizen Lab, https://citizenlab.ca/, is the primary empirical source tracking deployments across state customers. WhatsApp LLC v. NSO Group, Case No. 4:19-cv-07123 (N.D. Cal. 2024), the first major civil accountability ruling against a spyware vendor. NSO Group, https://www.nsogroup.com/. U.S. Commerce Department Entity List designation of NSO Group (November 3, 2021), 86 Fed. Reg. 60759 (November 4, 2021).
^12^ Chat Control (EU CSAR proposal), the UK Online Safety Act Section 122, and eIDAS 2.0 Article 45 form the current cluster of regulatory pressure against end-to-end encryption; the European Court of Human Rights ruled in Podchasov v. Russia (February 2024) that weakening E2EE is not necessary in a democratic society. EU Regulation on Child Sexual Abuse (“Chat Control” / CSAR), proposal COM(2022) 209, https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52022PC0209, with European Parliament LIBE Committee position tracked at https://www.europarl.europa.eu/committees/en/libe/home. UK Online Safety Act 2023, Section 122, https://www.legislation.gov.uk/ukpga/2023/50/section/122. EU eIDAS 2.0 Regulation (EU) 2024/1183, https://eur-lex.europa.eu/eli/reg/2024/1183/oj. Mozilla, EFF, and cybersecurity-experts open letter on eIDAS 2.0 Article 45 at https://blog.mozilla.org/en/mozilla/mozilla-eff-cybersecurity-experts-publish-letter-on-dangers-of-article-452-eidas-regulation/. European Court of Human Rights, Podchasov v. Russia (App. no. 33696/19), judgment of February 13, 2024, https://hudoc.echr.coe.int/eng?i=001-230854. Signal Foundation, https://signal.org/, with public statements on withdrawing from jurisdictions that mandate client-side scanning archived at https://signal.org/blog/; see also Chapter 5, note 7.
^13^ Apple announced NeuralHash in August 2021 as an on-device CSAM scanner, researchers published adversarial collisions within a month, and Apple withdrew the system in December 2022. Apple’s original NeuralHash announcement (August 5, 2021), archived at https://web.archive.org/web/20210805170250/https://www.apple.com/child-safety/. Adversarial collision demonstration: AsuharietYgvar et al., “AppleNeuralHash2ONNX,” GitHub repository, https://github.com/AsuharietYgvar/AppleNeuralHash2ONNX. Academic and civil-liberties response: Harold Abelson et al., “Bugs in our Pockets: The Risks of Client-Side Scanning,” October 2021, https://arxiv.org/abs/2110.07450. Apple’s current on-device Communication Safety feature documented at https://support.apple.com/guide/iphone/communication-safety-iph00618be7a5/ios.
^14^ James Comey, “Going Dark: Are Technology, Privacy, and Public Safety on a Collision Course?” speech at the Brookings Institution, October 16, 2014, https://www.fbi.gov/news/speeches/going-dark-are-technology-privacy-and-public-safety-on-a-collision-course.
^15^ Bernard von NotHaus founded the Liberty Dollar in 1998 as a private precious-metal currency project; the federal prosecution centered on counterfeiting and conspiracy theories involving privately minted coins intended for use as current money. The conviction was upheld on appeal and Liberty Dollar’s operations ended thereafter. See United States v. Bernard von NotHaus, W.D.N.C. 5:09-cr-00027 (2011), and the Fourth Circuit’s affirmance.
^16^ U.S. Department of the Treasury, Office of Foreign Assets Control, designation of Tornado Cash, August 8, 2022, https://home.treasury.gov/news/press-releases/jy0916, listing numerous associated smart-contract addresses. Criminal charges against developers followed, including Alexey Pertsev in the Netherlands (convicted May 2024) and Roman Storm in the United States.
^17^ Van Loon v. Department of the Treasury, 122 F.4th 549 (5th Cir. 2024), held that Tornado Cash’s immutable smart contracts were not “property” under the International Emergency Economic Powers Act and could not be designated under OFAC’s statutory authority. Treasury formally removed Tornado Cash from the Specially Designated Nationals list on March 21, 2025, citing the “novel legal and policy issues raised by use of financial sanctions against financial and commercial activity occurring within evolving technology and legal environments.” Criminal cases against developers continued on separate legal grounds.
^18^ Harold Abelson et al., “Keys Under Doormats: Mandating Insecurity by Requiring Government Access to All Data and Communications,” Journal of Cybersecurity 1, no. 1 (2015): 69-79.
^19^ Daniel J. Bernstein and Tanja Lange, “Post-Quantum Cryptography,” Nature 549 (2017): 188-194.
^20^ NIST finalized FIPS 203 (ML-KEM), FIPS 204 (ML-DSA), and FIPS 205 (SLH-DSA) on August 13, 2024, https://csrc.nist.gov/projects/post-quantum-cryptography. See also Chapter 5, note 4 for the broader NIST PQC standardization context.
^22^ The cypherpunk movement provided the intellectual and organizational context from which the Crypto Wars were fought on the civilian side. Two founding documents anchor it. Eric Hughes, “A Cypherpunk’s Manifesto” (March 9, 1993), https://www.activism.net/cypherpunk/manifesto.html: “Privacy is necessary for an open society in the electronic age… We the Cypherpunks are dedicated to building anonymous systems.” Timothy C. May, “The Crypto Anarchist Manifesto” (1988, distributed at the Hackers Conference; published to the Cypherpunks mailing list in 1992), https://www.activism.net/cypherpunk/crypto-anarchy.html, predicted that public-key cryptography would dissolve state control of information flows entirely. The Cypherpunks mailing list, active from 1992, is archived at https://mailing-list-archive.cryptoanarchy.wiki/. Steven Levy, Crypto: How the Code Rebels Beat the Government - Saving Privacy in the Digital Age (Viking, 2001), is the standard popular history of this period.
^23^ The mathematical foundations of public-key cryptography that the chapter identifies as legally indifferent to prohibition originate in two landmark papers. Whitfield Diffie and Martin E. Hellman, “New Directions in Cryptography,” IEEE Transactions on Information Theory 22, no. 6 (1976): 644–654, introduced the Diffie-Hellman key exchange and the concept of asymmetric cryptography. Ronald L. Rivest, Adi Shamir, and Leonard Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Communications of the ACM 21, no. 2 (1978): 120–126, introduced RSA. Neal Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation 48, no. 177 (1987): 203–209, and Victor S. Miller, “Use of Elliptic Curves in Cryptography,” in Advances in Cryptology - CRYPTO ’85, Lecture Notes in Computer Science 218 (Springer, 1986): 417–426, introduced elliptic-curve cryptography. All four are the mathematical relationships the text argues cannot be reversed by legislative decree.
^24^ The “harvest now, decrypt later” threat describes adversary programs that capture and store currently encrypted traffic against the day a cryptanalytic capability makes retrospective decryption feasible. The NSA’s MUSCULAR and BULLRUN programs, revealed through the Snowden documents in 2013, showed that bulk interception of encrypted traffic was already operational policy. Glenn Greenwald and Ewen MacAskill, “NSA Prism Program Taps into User Data of Apple, Google and Others,” The Guardian (June 6, 2013); James Ball, Julian Borger, and Glenn Greenwald, “Revealed: How US and UK Spy Agencies Defeat Internet Privacy and Security,” The Guardian (September 5, 2013), on BULLRUN/EDGEHILL. NIST’s post-quantum migration guidance explicitly names harvest-now-decrypt-later as a primary threat motivating urgency in the transition: NIST, Migration to Post-Quantum Cryptography, Special Publication 1800-38 (2023), https://csrc.nist.gov/publications/detail/sp/1800-38/final.
^25^ The Financial Action Task Force Travel Rule (FATF Recommendation 16) requires virtual asset service providers to pass originator and beneficiary information with transfers above a threshold, extending bank-secrecy-style KYC obligations to cryptocurrency exchanges. FATF, Updated Guidance for a Risk-Based Approach to Virtual Assets and Virtual Asset Service Providers (October 2021), https://www.fatf-gafi.org/publications/fatfrecommendations/documents/guidance-rba-virtual-assets-2021.html. Domestic implementation in the United States proceeds through FinCEN under the Bank Secrecy Act; the proposed Travel Rule rulemaking for cryptocurrency is tracked at https://www.fincen.gov/. The EU’s Transfer of Funds Regulation (EU) 2023/1113 extended the Travel Rule to crypto-asset service providers from December 30, 2024. These requirements replicate the financial-surveillance architecture Chapter 10 analyzed: conditioning service access on disclosure, applied across the cryptocurrency layer.
^21^ Further reading on state surveillance history. For the pre-9/11 history of U.S. mass surveillance, the canonical text is James Bamford’s trilogy: The Puzzle Palace: A Report on America’s Most Secret Agency (Houghton Mifflin, 1982), Body of Secrets (Doubleday, 2001), and The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America (Doubleday, 2008). For the post-2001 surveillance expansion, Dana Priest and William Arkin, Top Secret America: The Rise of the New American Security State (Little, Brown, 2011), is the standard investigative treatment. On the Snowden revelations specifically, Glenn Greenwald, No Place to Hide (Metropolitan Books, 2014), is the journalist’s account; Luke Harding, The Snowden Files (Vintage, 2014), covers the Guardian‘s side; Edward Snowden, Permanent Record (Metropolitan Books, 2019), is Snowden’s memoir. The unpublished Church Committee reports, Intelligence Activities and the Rights of Americans, Senate Report No. 94-755 (1976), remain the broadest congressional investigation of U.S. surveillance and are available at https://www.intelligence.senate.gov/resources/intelligence-related-commissions. For the FBI side, Athan Theoharis, Spying on Americans: Political Surveillance from Hoover to the Huston Plan (Temple University Press, 1978), and Tim Weiner, Enemies: A History of the FBI (Random House, 2012), are the two standard histories. On the broader technical infrastructure, Whitfield Diffie and Susan Landau, Privacy on the Line, already cited, and Keith Devlin, The Math Behind the Scenes (Springer, 2022), cover the cryptographic-policy history. For contemporary mass-surveillance practice outside the U.S., Ronald Deibert, Reset: Reclaiming the Internet for Civil Society (House of Anansi, 2020), is the Citizen Lab director’s synthesis; Cédric Biscay et al., Privacy International’s State of Privacy reports at https://privacyinternational.org, track specific programs internationally. On the doctrinal and constitutional sides, Daniel J. Solove and Paul M. Schwartz, Information Privacy Law, 7th ed. (Aspen, 2020), is the standard U.S. legal treatise; Orin S. Kerr, The Digital Fourth Amendment (Oxford University Press, 2024), is the current reference on Fourth Amendment doctrine in digital contexts.
<- Previous: The Analytics Stack |
-> Next: Cryptographic Foundations |The Praxeology of Privacy – third edition. New chapters publish daily at 1600 UTC.
Really enjoying it so far. Breakdown in beginning on privacy, anonymity, and secrecy was very well done.
Reply to The BTC Philanthropist…
Highlights (1)
States seek cryptographic control because encryption threatens surveillance capability. The reasons connect to core state functions.
More from The Praxeology of Privacy
Write a comment