Slashdot Mirror
Crypto Restrictions Are Taking Over the World
zeke writes: "An article on SecurityFocus details how forced key escrow and other crypto restrictions have taken root around the world, in countries like France, South Africa, the Netherlands and the UK. Ironically, this leaves the United States -- the birthplace and graveyard of the Clipper Chip -- as one of the few bastions of unregulated encryption."
You are completely missing the point
'The terrorists' are the guys that have the finance to develop and use illegal-level encryption (it's not really the biggest crime they'll commit). Same goes for other big time criminals. They have more to lose with low encryption (which the police can read) than high encryption (which wiull just give them a $20 fine)
Only small-time criminals with no resources and normal citicens will be forced to downgrade their encryption, making it easy for big brother to read their email....
Well, those countries don't have a history of providing their citizens with the almost absurd levels that the US does. In Britain, you don't have nearly the same rights that you do in the US, and while the Netherlands is a socially permissive country in many respects, it's also very tough on law and order for those things that it deems are social problems (just because in Amsterdam you can buy pot and sex doesn't mean you can kill someone in Utrecht). And South Africa has hardly had any history whatsoever of having solid personal freedoms. So while you can look at the problem pragmatically ("the US looked at the issues and realized that they're unworkable"), you can't just look at it from a US-civil-liberties perspective ("no one should be willing to give a government that much power").
The problem, as the author correctly identifies, is that anything along the lines of key recovery is completely unworkable in practice at all. While it might look nice sitting in a piece of legislation, it's impossible to enforce. Cryptography isn't something like a gun, that's physically manufactured, it's a bunch of mathematical equations (remember the whole RSA on a T-Shirt campaign?). You can't stop the providers of something based on mathematics, and you can't force everybody in teh world to start keeping track of other people's keys, or else they'll just start using "illegal" encryption.
And that's the real kicker: regardless of whether you want your citizens to have the power to encrypt things such that you can't have acccess to them, you can't stop them in any way. All you do by attempting is instantly incriminating a pretty significant portion of your population to access information that you can still get elsewhere (like keystroke loggers that the FBI uses to get passwords, or search warrants for hardware encryption devices, which are both pretty effective IMHO for key recovery purposes). You can't outlaw mathematics (the whole US issue highlighted that), so you really shouldn't try.
Lets think about that logically for a second...
What exactly makes you think criminals and terrorists are going to hand over thier keys for escrow?
I don't think this is an invasion of privacy so much as a complete waste of money and a source of unneeded complexity.
Some links to info on Canadian crypto laws:
Electronic Frontier Canada's Crypto Page
A Notice to Exporters, part of the Canadian Export and Import Permits Act: "Export Controls on Cryptographic Goods"
A speech by John Manley from 1998, then the Minister of Industry: Canada's Cryptography Policy
The Canadian government's cryptography website: Cryptography/Cryptographie
I have somewhat of a stake in Canada's crypto laws, as I've been writting and maintaining a strong cryptography extension for PHP which uses the Crypto++ library. Of course, my code itself contains absolutely no cryptographic code, it just links to the aforementioned library, but still...
J
... supports strong encryption for it's fellow citizens and the industry and I count Germany to the developped countries...
Am I the only one who really read this, or did I not read it right.
I saw places where it said "..and the police can order you to hand over your keys" or '..such and such a company has to register with the officials', but nowhere did it say '...you can't use encryption'. (I do agree that the key escrow stuff is very bad though.)
Just like a gun, ecnryption can be used for good things (hiding my p0rn from my girlfriend), or bad (emailing terrorism plots to agents.) In this country (USA), if the police have enough evidence, they can go to a judge and get a very specific search warrant. So, if they accuse me of having illegal p0rn (instead of just the good stuff), they can search my computer till the cows come home. But if they find a terrorism plot, they can't use that information.
To follow that point, what is wrong with issuing a search warrant and demanding that I decrypt the data?? I may not like it, especially if I'm guilty or don't want to share my p0rn, but I don't see where that is any different than letting the police go through a drug dealers house looking for drugs. Ok...there is that fifth amendment thing, so maybe a law like that couldn't even be enacted in the US.
And so what if company X has to register with the government. They probably had to get a business permit anyway, and if they do anything novel they probably have patents. Not too many companies survive by being secret about their existance.
So...tell me what is all the hub, bub.....
I rarely read replies, it's my opinion and if you thought about your opinion a little more, I'm OK with that.