Slashdot Mirror
Crypto Restrictions Are Taking Over the World
zeke writes: "An article on SecurityFocus details how forced key escrow and other crypto restrictions have taken root around the world, in countries like France, South Africa, the Netherlands and the UK. Ironically, this leaves the United States -- the birthplace and graveyard of the Clipper Chip -- as one of the few bastions of unregulated encryption."
You are completely missing the point
'The terrorists' are the guys that have the finance to develop and use illegal-level encryption (it's not really the biggest crime they'll commit). Same goes for other big time criminals. They have more to lose with low encryption (which the police can read) than high encryption (which wiull just give them a $20 fine)
Only small-time criminals with no resources and normal citicens will be forced to downgrade their encryption, making it easy for big brother to read their email....
Well, those countries don't have a history of providing their citizens with the almost absurd levels that the US does. In Britain, you don't have nearly the same rights that you do in the US, and while the Netherlands is a socially permissive country in many respects, it's also very tough on law and order for those things that it deems are social problems (just because in Amsterdam you can buy pot and sex doesn't mean you can kill someone in Utrecht). And South Africa has hardly had any history whatsoever of having solid personal freedoms. So while you can look at the problem pragmatically ("the US looked at the issues and realized that they're unworkable"), you can't just look at it from a US-civil-liberties perspective ("no one should be willing to give a government that much power").
The problem, as the author correctly identifies, is that anything along the lines of key recovery is completely unworkable in practice at all. While it might look nice sitting in a piece of legislation, it's impossible to enforce. Cryptography isn't something like a gun, that's physically manufactured, it's a bunch of mathematical equations (remember the whole RSA on a T-Shirt campaign?). You can't stop the providers of something based on mathematics, and you can't force everybody in teh world to start keeping track of other people's keys, or else they'll just start using "illegal" encryption.
And that's the real kicker: regardless of whether you want your citizens to have the power to encrypt things such that you can't have acccess to them, you can't stop them in any way. All you do by attempting is instantly incriminating a pretty significant portion of your population to access information that you can still get elsewhere (like keystroke loggers that the FBI uses to get passwords, or search warrants for hardware encryption devices, which are both pretty effective IMHO for key recovery purposes). You can't outlaw mathematics (the whole US issue highlighted that), so you really shouldn't try.
Lets think about that logically for a second...
What exactly makes you think criminals and terrorists are going to hand over thier keys for escrow?
I don't think this is an invasion of privacy so much as a complete waste of money and a source of unneeded complexity.
Well that all depends on your point of view.
The UK has far more employment rights than the US has.
also the right to medical treatment.
the right to life (no death penality).
The right to get arrested without being put in handcufs.
Hell I can even crack a joke with the police if they get stopped, and give them a bit of hastle e.g. Have you got any ID? so long as i don't break any serious law or take the piss to much.
I can buy tin foil, baking soda, spoons, bongs etc.... without feer of being arrested.
I can have a open bottle in the car.
I can cross the road.
When I was younger I had even more rights, maybe the UK is just trying to catch up with the poor human rights policy in the US.
thank God the internet isn't a human right.
Some links to info on Canadian crypto laws:
Electronic Frontier Canada's Crypto Page
A Notice to Exporters, part of the Canadian Export and Import Permits Act: "Export Controls on Cryptographic Goods"
A speech by John Manley from 1998, then the Minister of Industry: Canada's Cryptography Policy
The Canadian government's cryptography website: Cryptography/Cryptographie
I have somewhat of a stake in Canada's crypto laws, as I've been writting and maintaining a strong cryptography extension for PHP which uses the Crypto++ library. Of course, my code itself contains absolutely no cryptographic code, it just links to the aforementioned library, but still...
J
I think the idea is not to thwart, but to provide punishment for it.
I'm playing Devil's Advocate here, I'm not saying it's right. I think the mentality might be along the lines of "Yah well it sure sucks that we weren't able to bust Al Capone on anything but IRS dodging."
It's very possible that they're looking for ways to define 'accomplice'. Let me put it another way: Lots of people were involved in executing 9-11. But besides the hijackers (that died), how can we punish the other people involved? Well, if they used illegal encyrption to communicate, they could be arrested and pulled out of the plan of the next attack.
Again, I'm playing Devil's Advocate here. I'm explaining what their reasoning probably is, I'm not saying that I support it or that it'd even work. I'm saying that I could see some old powerful fart using reasoning like that.
Why should I need crypto when I have palladium to ensure the security of my PC anyway?
A musician without the RIAA, is like a fish without a bicycle.
... supports strong encryption for it's fellow citizens and the industry and I count Germany to the developped countries...
Am I the only one who really read this, or did I not read it right.
I saw places where it said "..and the police can order you to hand over your keys" or '..such and such a company has to register with the officials', but nowhere did it say '...you can't use encryption'. (I do agree that the key escrow stuff is very bad though.)
Just like a gun, ecnryption can be used for good things (hiding my p0rn from my girlfriend), or bad (emailing terrorism plots to agents.) In this country (USA), if the police have enough evidence, they can go to a judge and get a very specific search warrant. So, if they accuse me of having illegal p0rn (instead of just the good stuff), they can search my computer till the cows come home. But if they find a terrorism plot, they can't use that information.
To follow that point, what is wrong with issuing a search warrant and demanding that I decrypt the data?? I may not like it, especially if I'm guilty or don't want to share my p0rn, but I don't see where that is any different than letting the police go through a drug dealers house looking for drugs. Ok...there is that fifth amendment thing, so maybe a law like that couldn't even be enacted in the US.
And so what if company X has to register with the government. They probably had to get a business permit anyway, and if they do anything novel they probably have patents. Not too many companies survive by being secret about their existance.
So...tell me what is all the hub, bub.....
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.