next up previous
Next: What should be regulated? Up: Trade and Industry Issues Previous: Are shared infrastructures workable?

The real applications of cryptography

Finally, I would like to reiterate the point made in my `Crypto in Europe' paper that the vast majority of fielded cryptographic systems support applications in which there is no conceivable law enforcement interest in having access to master keys, such as automatic teller machines, satellite TV decoders, prepayment gas and electricity meters, motorway toll tags and burglar alarm signalling.

The big new growth areas for cryptographic applications also have nothing to do with message secrecy but rather with the protection of intellectual property. The most significant organisation driving crypto development by companies such as Intel and Microsoft is not the NSA but Walt Disneygif. They refuse to release digital versions of their videos -- which PC hardware and software vendors greatly desire in order to sell the next generation of multimedia systems -- until a reasonable level of protection can be afforded to this digital content.

The ultimate solution will probably involve a confluence of the successors to the mechanisms currently used in Digital Video Disks and satellite TV, together with tamper resistance based on PC CPUsgif. This is actually a far harder problem than protecting military communications as the `enemy' has unsupervised access to many instances of the system, while military tamper prevention techniques such as protective detonation are not available. The gravity of the threat is clear from the widespread piracy of satellite TV smartcards.

In these applications, the current regulation of `cryptography' serves no national intelligence purpose and simply gets in the way of exports. It will also become unfeasible to regulate `cryptography' once better-then-military-grade crypto is routinely incorporated into the majority of consumer electronic devices.

Ross Anderson
Tue Oct 21 11:00:05 BST 1997