Slashdot Mirror
Crypto Restrictions Are Taking Over the World
zeke writes: "An article on SecurityFocus details how forced key escrow and other crypto restrictions have taken root around the world, in countries like France, South Africa, the Netherlands and the UK. Ironically, this leaves the United States -- the birthplace and graveyard of the Clipper Chip -- as one of the few bastions of unregulated encryption."
Sometimes, it's really useful that the U.S. has so many different conflicting (powerful) interests, and a fairly lengthy legislative process, because it keeps things like this away (or atleast delays them a while.) Sure, the export policy was especially bad for a while, but overall, things weren't (and there will still ways around the export rules).
Besides, we all know the NSA's top top top secret quantum computer can break any encryption quickly...
Excuse me, aren't the US crypto regulations cause for Canadian-based OpenBSD, trouble with PGP, 128-bit-SSL, and more?
...? Oh come on..
Did you *actually* call the US 'one of the few bastions of unregulated encryption'
--
The author makes a very good point: whether we have the freedom to use crypto or not, crypto software itself hasn't come very far in the past few years.
So what can we do about it? Could Peek-a-Booty or the Six/Four protocol be used as springboards into more user-friendly crypto applications? Are there any other free/OSS projects to bring crypto to the masses? (Because God knows your average user couldn't figure out PGP or GPG if his life depended on it.)
It may not be free beer (no EU-style social safety net), but you have all the opportunity that you can make for yourself.
Curb CO2 emissions: Kill yourself today!
There is a considerable difference between a gun and a lock on the door to your house.
Just as there is a considerable difference between nuclear weapons and "munitions-grade encryption".
Encryption doesn't have the power to kill anyone, it just has the power to protect privacy and hide information. While a nuclear weapon has the power to destroy.
If they ban encryption, why not ban locks, doors, window shades, make walls out of glass, and allow video cameras and audio tapes to be placed in every nook and cranny of your house. You have nothing to hide, that's why high-grade encryption is useless right?
Think about it.
God, I love the fact I am a Canadian at times like these.
~ kjrose
You are completely missing the point
'The terrorists' are the guys that have the finance to develop and use illegal-level encryption (it's not really the biggest crime they'll commit). Same goes for other big time criminals. They have more to lose with low encryption (which the police can read) than high encryption (which wiull just give them a $20 fine)
Only small-time criminals with no resources and normal citicens will be forced to downgrade their encryption, making it easy for big brother to read their email....
I know the general Slashdot response is going to be how we are being oppressed, and that's my first reaction also. There is another side however. What these supposedly democratic countries are facing is the ugly truth about all such governments: they play by a set of rules while the other side is completely unfettered. With Western Europe's recent history of terrorist groups such as Action Direct and the Red Brigade, I think it's clear that they have serious obstacles to face when dealing with the current technologically adept terrorists. The fact is, since they are hindered by the "rights" that they do let us keep, we have to expect them to try something to protect us. We can be outraged, but do we have another method they can use? Creating a repository of keys is to me a desperate act, not just a simple power grab. The real question is how far behind the curve are these intelligence types when dealing with Internet enabled terrorists? All I'm saying is that I think this sucks, but it isn't necessarily a power grab to create a society based on "1984".
If thou see a fair woman pay court to her, for thus thou wilt obtain love
While I agree with you in principal, in an age where information itself can be a powerful weapon,
encryption is a problematic issue. There are those (of which I am not one) who would argue that
information ought to be subject to the same type of controls as narcotics or radioactive materials,
both of which have valuable and legally sanctioned uses.
Don't read this!
Well, those countries don't have a history of providing their citizens with the almost absurd levels that the US does. In Britain, you don't have nearly the same rights that you do in the US, and while the Netherlands is a socially permissive country in many respects, it's also very tough on law and order for those things that it deems are social problems (just because in Amsterdam you can buy pot and sex doesn't mean you can kill someone in Utrecht). And South Africa has hardly had any history whatsoever of having solid personal freedoms. So while you can look at the problem pragmatically ("the US looked at the issues and realized that they're unworkable"), you can't just look at it from a US-civil-liberties perspective ("no one should be willing to give a government that much power").
The problem, as the author correctly identifies, is that anything along the lines of key recovery is completely unworkable in practice at all. While it might look nice sitting in a piece of legislation, it's impossible to enforce. Cryptography isn't something like a gun, that's physically manufactured, it's a bunch of mathematical equations (remember the whole RSA on a T-Shirt campaign?). You can't stop the providers of something based on mathematics, and you can't force everybody in teh world to start keeping track of other people's keys, or else they'll just start using "illegal" encryption.
And that's the real kicker: regardless of whether you want your citizens to have the power to encrypt things such that you can't have acccess to them, you can't stop them in any way. All you do by attempting is instantly incriminating a pretty significant portion of your population to access information that you can still get elsewhere (like keystroke loggers that the FBI uses to get passwords, or search warrants for hardware encryption devices, which are both pretty effective IMHO for key recovery purposes). You can't outlaw mathematics (the whole US issue highlighted that), so you really shouldn't try.
Anti crypto laws are pointless. Organized crime and terrorists don't use crypto. They hide messages where no one is looking for them, and send plain text using code words that mean nothing to an outsider. A lot of stupid legislators think that if they pass a law against rain, then every day can be sunny. They are idiots.
How ya like dat?
You may be right; I've never seen what I'd call reliable statistics about online ordering or online banking. I suspect that you can't get reliable statistics because "that's proprietary".
... ;-)
And, I suppose, the main effect of anti-encryption laws will be to make it easy for ISPs to spy on both sorts of commercial traffic. All it would take would be a few bribes to the right person in your local ISP, and you could get the credit card or bank account numbers of all their customers.
Of course, considering some of the recent financial scandals in the US, it might not be long before we have anti-cryptography laws passed to that this sort of interception is possible. I wonder how much it would cost per senator to make commercial encryption illegal?
(I hope I'm just joking
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
... supports strong encryption for it's fellow citizens and the industry and I count Germany to the developped countries...
also the right to medical treatment."
Forcing someone to hire you or keep you employed is not a "right". It's a violation of another persons right not to employ you if they don't want to. Forcing someone to pay for your medical care is not a "right", it's a violation of another persons right not to pay for your medical care.
The failure to understand that there is no such thing as a "right" to force another person to perform an action that is advantagous to yourself is the reason real rights are being erroded on both sides of the Atlantic.
Quemadmodum gladius neminem occidit, occidentis telum est
"Of course it is. That's what a (civil) right is: a constraint on other people's behavior as it relates to you. This is distinct from a liberty, which is your freedom to do various things as you please."
Your definition of a "right" is in fact a negation of the concept of rights. just because the government abitrally gives someone a privellege and calls it a "right" dosen't make it one. 50 years ago the state I live in assigned Whites the privillege of constraning the behavior of minorities, and defended this injustice under the banner of states rights. Those laws were just a big a violation of real rights as the so called civil rights laws are.
" We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. --That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed"
Notice the source of rights, "endowed by their Creator"?. It dosen't matter if you consider the "creator" to be a devine power, or natural laws, rights are NOT the creation of governments, which only exist to protect rights. The US government could no more magicly create a "right" not to be discriminated against in 1964, than the slave states could magicly create a "right" to own another human being between 1776 and 1865.
Allowing the government to assume the power to create "rights" is very dangrous, because at the same time you are giving them the power to repeal rights, real ones like "Life, Liberty and the pursuit of Happiness" one of which you have allready claimed can be constrained by the arbitary civil "rights" created in 1964.
Quemadmodum gladius neminem occidit, occidentis telum est