Slashdot Mirror
Crypto Restrictions Are Taking Over the World
zeke writes: "An article on SecurityFocus details how forced key escrow and other crypto restrictions have taken root around the world, in countries like France, South Africa, the Netherlands and the UK. Ironically, this leaves the United States -- the birthplace and graveyard of the Clipper Chip -- as one of the few bastions of unregulated encryption."
Sometimes, it's really useful that the U.S. has so many different conflicting (powerful) interests, and a fairly lengthy legislative process, because it keeps things like this away (or atleast delays them a while.) Sure, the export policy was especially bad for a while, but overall, things weren't (and there will still ways around the export rules).
Besides, we all know the NSA's top top top secret quantum computer can break any encryption quickly...
The author makes a very good point: whether we have the freedom to use crypto or not, crypto software itself hasn't come very far in the past few years.
So what can we do about it? Could Peek-a-Booty or the Six/Four protocol be used as springboards into more user-friendly crypto applications? Are there any other free/OSS projects to bring crypto to the masses? (Because God knows your average user couldn't figure out PGP or GPG if his life depended on it.)
It may not be free beer (no EU-style social safety net), but you have all the opportunity that you can make for yourself.
Curb CO2 emissions: Kill yourself today!
There is a considerable difference between a gun and a lock on the door to your house.
Just as there is a considerable difference between nuclear weapons and "munitions-grade encryption".
Encryption doesn't have the power to kill anyone, it just has the power to protect privacy and hide information. While a nuclear weapon has the power to destroy.
If they ban encryption, why not ban locks, doors, window shades, make walls out of glass, and allow video cameras and audio tapes to be placed in every nook and cranny of your house. You have nothing to hide, that's why high-grade encryption is useless right?
Think about it.
God, I love the fact I am a Canadian at times like these.
~ kjrose
You are completely missing the point
'The terrorists' are the guys that have the finance to develop and use illegal-level encryption (it's not really the biggest crime they'll commit). Same goes for other big time criminals. They have more to lose with low encryption (which the police can read) than high encryption (which wiull just give them a $20 fine)
Only small-time criminals with no resources and normal citicens will be forced to downgrade their encryption, making it easy for big brother to read their email....
Well, those countries don't have a history of providing their citizens with the almost absurd levels that the US does. In Britain, you don't have nearly the same rights that you do in the US, and while the Netherlands is a socially permissive country in many respects, it's also very tough on law and order for those things that it deems are social problems (just because in Amsterdam you can buy pot and sex doesn't mean you can kill someone in Utrecht). And South Africa has hardly had any history whatsoever of having solid personal freedoms. So while you can look at the problem pragmatically ("the US looked at the issues and realized that they're unworkable"), you can't just look at it from a US-civil-liberties perspective ("no one should be willing to give a government that much power").
The problem, as the author correctly identifies, is that anything along the lines of key recovery is completely unworkable in practice at all. While it might look nice sitting in a piece of legislation, it's impossible to enforce. Cryptography isn't something like a gun, that's physically manufactured, it's a bunch of mathematical equations (remember the whole RSA on a T-Shirt campaign?). You can't stop the providers of something based on mathematics, and you can't force everybody in teh world to start keeping track of other people's keys, or else they'll just start using "illegal" encryption.
And that's the real kicker: regardless of whether you want your citizens to have the power to encrypt things such that you can't have acccess to them, you can't stop them in any way. All you do by attempting is instantly incriminating a pretty significant portion of your population to access information that you can still get elsewhere (like keystroke loggers that the FBI uses to get passwords, or search warrants for hardware encryption devices, which are both pretty effective IMHO for key recovery purposes). You can't outlaw mathematics (the whole US issue highlighted that), so you really shouldn't try.
Lets think about that logically for a second...
What exactly makes you think criminals and terrorists are going to hand over thier keys for escrow?
I don't think this is an invasion of privacy so much as a complete waste of money and a source of unneeded complexity.
You may be right; I've never seen what I'd call reliable statistics about online ordering or online banking. I suspect that you can't get reliable statistics because "that's proprietary".
... ;-)
And, I suppose, the main effect of anti-encryption laws will be to make it easy for ISPs to spy on both sorts of commercial traffic. All it would take would be a few bribes to the right person in your local ISP, and you could get the credit card or bank account numbers of all their customers.
Of course, considering some of the recent financial scandals in the US, it might not be long before we have anti-cryptography laws passed to that this sort of interception is possible. I wonder how much it would cost per senator to make commercial encryption illegal?
(I hope I'm just joking
Those who do study history are doomed to stand helplessly by while everyone else repeats it.
... supports strong encryption for it's fellow citizens and the industry and I count Germany to the developped countries...
"Of course it is. That's what a (civil) right is: a constraint on other people's behavior as it relates to you. This is distinct from a liberty, which is your freedom to do various things as you please."
Your definition of a "right" is in fact a negation of the concept of rights. just because the government abitrally gives someone a privellege and calls it a "right" dosen't make it one. 50 years ago the state I live in assigned Whites the privillege of constraning the behavior of minorities, and defended this injustice under the banner of states rights. Those laws were just a big a violation of real rights as the so called civil rights laws are.
" We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness. --That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed"
Notice the source of rights, "endowed by their Creator"?. It dosen't matter if you consider the "creator" to be a devine power, or natural laws, rights are NOT the creation of governments, which only exist to protect rights. The US government could no more magicly create a "right" not to be discriminated against in 1964, than the slave states could magicly create a "right" to own another human being between 1776 and 1865.
Allowing the government to assume the power to create "rights" is very dangrous, because at the same time you are giving them the power to repeal rights, real ones like "Life, Liberty and the pursuit of Happiness" one of which you have allready claimed can be constrained by the arbitary civil "rights" created in 1964.
Quemadmodum gladius neminem occidit, occidentis telum est