Cryptography has been around for centuries, but it really took off with the rise of computers in the early 60s and 70s. Thanks to the mathematical advantages offered by computers, huge advances were made with the technology. The story of the Data Encryption Standard (DES for short) involves IBM, the NSA, and as always with their involvement, a great amount of suspicion.
The Data Encryption Standard was a catalyst for further innovation in cryptography. Although now outdated, the idea behind DES was to create a government standard of encryption for unclassified or sensitive material. Encryption was and still is an essential tool for states to keep their secrets secret.
The role of IBM and the NSA
As cryptography began to advance, early computing companies began to investigate its uses. IBM was one such company that began to invest heavily in cryptography, realising that as computers evolve, cryptographic techniques would become valuable assets for companies around the world. Through the 1960s, they worked with Lloyds Bank in providing the underlying techniques for automatic teller machines (ATMs) to be used in and around London.
IBM’s own creation is directly linked to the NSA. The NSA is credited with providing the necessary funding for its development. Such examples are evidence of how encryption is not just important to individuals, but can also enhance businesses and the economy. However, IBM’s most important contribution to encryption was not in providing Lloyds Bank with the ability to safely create ATMs. Rather, its creation of what became known as the Data Encryption Standard is its key work.
The NSA’s influence on DES is notable as well. For the DES system to work, a key of “bits” is necessary to make the algorithm secure to brute force attacks. The NSA was involved in the key size debate.
Initially, DES was implemented with a 128-bit key. At the time, this would have been practically, technically, and financially intensive to crack. It is now known, however, that thanks to NSA interference, the key size eventually chosen was a 56-bit key. This inherently reduced the security of DES as the larger the key is, the harder it is to crack.
IBM went on to argue that the reason for the size reduction was so the key could fit on a computer chip. Many have questioned this though. Instead, they argue that the 56-bit key was chosen because the NSA could crack it with a brute force attack.
A brute force attack involves having a computer repeatedly attempt to guess the key. The longer the key, the more difficult it becomes for a computer to guess. A shorter key is therefore easier to crack, especially with the NSA’s resources.
Some have argued that the relationship between IBM and the NSA goes further, with the NSA placing a back door in DES. A back door is the equivalent of having your own set of keys to unlock the encryption any time you wish to do so. It should be noted however that both of these claims have not been proven.
Having a state-run security agency heavily involved in the creation of an encryption standard can be viewed from both positive and negative perspectives. At the time, the NSA was at the forefront of encryption technology, so its expertise would be invaluable to a new company such as IBM.
Yet the NSA’s involvement also raises important questions. What were the NSA’s motives, particularly in regards to its involvement in the key size debate? By limiting the key size, the NSA is thereby rendering DES susceptible to attacks by both international and domestic state and non-state actors.
Impact of the Data Encryption Standard
When the Data Encryption Standard was introduced, it was used on financial transactions for the US government and was also the international standard for business and data security internationally. Such use cases highlight the importance of the back door or the potential for brute force from the NSA. By using DES, it may have been possible for the US government to access all of this information whether another state liked it or not.
On a more positive note, DES was made public. At the time, many of cryptography’s secrets were well guarded by the NSA. By making DES public, the world of cryptography was now in the open for analysis, comparison, and ultimately for the improvement of the science as a whole. Cryptography was no longer being monopolised by the NSA.
DES was a seminal moment for cryptography. The introduction of the system allowed for further academic research as well as the questioning of the role of government in encryption. Although DES was broken by the Electronic Frontier Foundation in the 1990s, the story of the involvement of IBM and the NSA provides a fascinating insight into the role of governments and corporations. The narrative that we see is one that still rumbles on to this day. Following the cracking of DES, it has since been replaced by the Advanced Encryption Standard in 2001.
If you would like to learn more about the history of cryptography, make sure you check out Steven Levy’s book ‘Crypto: How code rebels beat the government, saving privacy in the digital age’.