The Privacy BlogThoughts on privacy, security, and other stuff.

Oct/10

21

Excellent EFF post on failures of Cryptography regulation

The EFF has an excellent article on eight reasons why government regulation of cryptography is a bad idea.

The short answer is: the bad guys can easily get it and use it anyway, and it will make security for the rest of us much worse (not including the big brother surveillance  and constitutional issues).

· · · · · · ·

3 comments

  • Darren Chaker · November 12, 2010 at 8:11 pm

    As we have seen with gun control, if you outlaw guns, then only the outlaws have guns! The theory of allowing government to regulate PGP has come and gone, likewise restricting or watering down encryption standards will fail us in two aspects.

    First, if the U.S. can break it, you know the Chinese can too since we educate much of their high tech industry at our finest schools. Second, if substandard encryption is available to U.S. citizens with the threat of being cracked, it could chill the production of intellectual property since there’s no way to keep it secure.

    Of course, we need to trust government they will not abuse its power or that someone within government would susceptible to be bribed to commit industrial espionage. Remember not long ago a task force was seeking a spy within its ranks. Who was placed in charge of the task force–the chief of counter-intelligence—who turned out to be the spy! See https://www.cia.gov/library/center-for-the-study-of-intelligence/csi-publications/csi-studies/studies/vol-52-no-1/the-movie-breach-a-personal-perspective.html

    In short, keep encryption secure, beyond reach of of government and most important–out of reach of competitors. In the long run it keeps us safer.

    Darren Chaker , DarrenChaker.com

  • Anonymous · August 18, 2011 at 8:23 pm

    The number of “criminals” in the US who actually even bother to use encryption is extremely small. The government shouldn’t have access like this. It weakens the whole system and leaves our entire cryptological framework wide open to attack. Also, there’s really not much stopping people from downloading GPG, TrueCrypt, et al. If regs were changed, these projects would have to move underground, but would likely still exist. It may become necessary to download encryption software from a foreign source (GPG4Win comes from Germany).

  • Author comment by lance · August 19, 2011 at 10:22 am

    Great points. From the early days of this debate there seems to have been an implicit thought that people outside the US can’t write strong cryptography.
    There is plenty of evidence that this is a poor assumption.

Leave a Reply

<<

>>