Sauce for the goose
We need a law that requires the FBI to make internal use of any crypto system that meets its standards for public use.
The Institute of Electrical and Electronics Engineers (IEEE) has joined the ranks of objectors to proposed law enforcement measures that would compromise access to strong cryptography. The august engineering body went beyond merely opposing the popular understanding of what constitutes a “backdoor”, instead framing its …
“forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”
My worry about any laws requiring people to reveal passwords are that there could be genuine situations where they cannot reveal the password because they don't know what it is. If your going to jail people for not providing passwords you could end up with people using encrypted files for revenge. EG. You found out your partner has been cheating, so you create an encrypted file on their phone/PC and then report that you suspect they have been looking at terrorist content. Plod come and take away their devices and come back asking you to provide the password to the jihadi.zip file found on your device.
“forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”
In the US, SCOTUS ruled over a century ago that forcing people to reveal lock combinations is a violation of their 5th Amendment rights. Subsequent court rulings extended that to passwords.
It's a crime punichable by a prison sentence in the UK. Although from my reading, there does appear to be a legitamate 'forgot' defence which the prosecution would have to demonstrate beyond reasonable doubt that this was incorrect. At least one person has been jailed for additional time on top of anti terrorism convictions.
You can pass whatever laws you want about encryption in your country, other countries won't see things the same way and all you need is one competent programmer capable of creating a proper, robust encryption scheme and posting it on the Net and your laws are rendered obsolete.
I do think the most effective argument that the IEEE listed is the one saying that backdoored encryption would render companies less competitive.
We're already seeing that kind of result with the Cloud. Thanks to the NSA's shenanigans and the very public cases of judges ruling that data in another country should be made available to the US courts, we now see companies scrambling to make local centers for countries that are passing laws demanding it.
I cannot imagine that encryption will be different.
You describe the very battle the US government attempted to fight back in the 1980s and 90s: the early days of modern cryptography.
I don't remember just when they gave up that battle (sometime around the turn of the century), but I do recollect it was standard that you'd have to go to a non-US download site for a crypto-enabled version of anything, and that US-based organisations had to leave crypto to non-US parties: hence for example early SSL versions of Apache from Ben Laurie in the UK using an OpenSSL predecessor from Eric Young in Oz. Unless you were prepared to do long legal battle with the US govt!
@Nick Kew - Maybe it was when the t-shirt went on sale. Did anyone get the Munitions T-Shirt?
“targeted exploits on individual machines” among the options it feels should be available to law enforcement
Great. As if the government wasn't already incentivized to prolong the existence of vulnerabilities, and possibly encourage their creation, with which to build their arsenal.
One must be living under a totalitarian regime to consider it "less worrying" when the lack of human rights in a country allows laws to be passed that can be used to force suspects to testify against themselves -- i.e. having to actively help the prosecution to fish for evidence against them.
I am currently looking into encrypting all my disks with separate (long) passwords. My plan is that the system will be set up with the passwords for the current set of disks but I will not record them anywhere else. I certainly won't be able to remember them!
This is because I currently have a pile of old disks (some working, some not) which I can't send to the dump because they have private and personal data on them. My plan is that in future when I stop using a disk I can throw it away (or sell it on eBay) without worrying because no one (including me) can access the data any more.
Once I have that all set up I plan to look into extending it to removable media (memory cards). My drawer of USB sticks will then be full of encrypted drives which I don't know the password to. When I need one I will reformat it with a new password, use it for however long I need it and then throw away the password and put the stick back in the drawer.
If I can do this, how long will it be before it becomes ubiquitous on every device? In particular for memory cards. At which point no one will know whether the memory card they have confiscated from the terrorist suspect at the border is "empty" (no one knows the password) or contains the plans for their latest atrocity. It is unlikely anyone can prove beyond a reasonable doubt that the terrorist knows the password. Particularly if they are carrying several.
Never heard of WAFFLE
Just crap on continuously and never get to the point
Obscure what ever you are saying with a fug of improperly thought out statements and cliches
and assume the recipient will understand.
i came upon this technique as it was regularly used by others - i never could decipher it, so it must be good.