Slashdot Mirror

← Back to Stories (view on slashdot.org)

Congress Considers Mandatory Crypto Backdoors

Posted by Hemos on from the the-encryption-wars-begin dept.

disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.

6 of 1,105 comments (clear)

  1. Clock It! 2001-1984=17 Years Late by Col.+Panic · · Score: 5, Interesting
    The price of safety is too high if we are to reveal all communications to a government body. I am reminded of the arguments to register all firearms and the corresponding cry, "You can have my gun when you pry it from my cold, dead fingers!"

    Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.

    We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".

  2. Heavy crypto user? by Glytch · · Score: 5, Interesting

    Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.

    His sympathizers, on the other hand...

  3. How would that help? by cperciva · · Score: 5, Interesting

    From what I've heard, Osama Bin Laden doesn't use cryptography so much as he avoids using electronic communications at all. He has even (gasp) been reported to meet with his underlings *physically*, as in "lets all go into the same room and talk face-to-face".

    Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.

    --
    Tarsnap: Online backups for the truly paranoid
  4. don't forget Rivest's "Winnowing and Chaffing" by siraustin · · Score: 5, Interesting

    Back in 1998 Rivest wrote Chaffing and Winnowing: Confidentiality without Encryption.

  5. Mandatory backdoors -- french tried, gave up. by Nonesuch · · Score: 5, Interesting
    The government of France tried this. They outlawed all forms of encryption without providing the keys to the french government.


    For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.


    End Result?


    The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.


    There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.

    --

    I do not deploy Linux. Ever.
  6. Re:Best reply by lie+as+cliche · · Score: 5, Interesting

    `I think the best reply one can give to the politicians who want to impose this is: "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?'"

    I don't.

    The objective here isn't to stop the guy. They could've if they'd wanted to. About a week before the attack the U.S. Postal Service stopped delivering air mail to the region. They knew something we didn't, and opted not to stop it. And I think I know why.

    We hear a lot about terrorism against the U.S.. We don't usually hear the other side's complaints. Obviously they don't think of it as terrorism, they think of it as some sort of a protest. I wonder what they're protesting, and why. If our government did something unjust to them, I wouldn't trust our media to tell us about it. But as a tiny little group of malcontents going up against the U.S., about their only recourse is an attack like this. Given that the U.S. government knew about it beforehand, they didn't bargain to prevent it for one of two reasons. Either the price was considered too high, or the U.S. government thought that an attack like this would end up working in their favor. They've been looking for an excuse to nullify cryptography for years now. Anybody remember the Clipper chip? The legislation keeps being defeated, because people are siding with the need for privacy. Now they've been able to demonstrate a supposed need for the U.S. government to know everything that's being said anywhere in the country. Perhaps they think it will sway the common consensus in favor of their legislation.

    Galling, isn't it. More impressive (from a logistical standpoint) than crippling a nation with a store-bought knife and their own planes, is the prospect of prying your way into a nation's cryptography with someone else's store-bought knife, someone else's plane, and a bunch of lives you don't care about because you think of them as "your citizens", in the same usage as "your house" and "your car". Oh, and a temporary economic setback which you mitigate by printing more baseless currency. Clever.