| > we will all fare better in the policy debate to come if we are honest and careful about the opposing side's arguments I think we agree on this point. The largest problem faced is making policy makers understand the ramifications of tampering with encryption in any form, be it backdooring algorithms, weakening the encryption, outright bans or some other method to subvert encryption attempts. It would be foolish to do any of the above, since the result is a less safe technology infrastructure for the country in whole. > There is no daylight that I can perceive between "backdoor" and "weakened encryption" When I say "weakened encryption", I'm referring to mandates on maximum key size, etc... similar to what we had back in the 90's. We learned through trial that purposefully reducing encryption strength has short term benefits, but leads to long term security problems (there's still a need for some to use SGC certs!)... why repeat this nonsense? You mentioned something about due process and discovery in another post -- Me refusing to give the decryption key to my phone is no different than me setting fire to my "evil secrets" notebook... or refusing to give the combination to my safe. We already have laws in place that deal with this, and they work. The government doesn't need a secret key that can open any safe or door no more than they need a secret key that can open any encrypted file. Our problem is we have policy makers who fundamentally believe the government should have a master key to everything. We should also remind our policy makers we're only discussing this now in the open because we caught the NSA red handed doing all of these things in secret, plus more. They paid RSA to deliberately weaken algorithms, they actively captured and attempted to break encrypted files without warrants, they engaged the private sector in both subvert and overt attempts to remove encryption, and when all else failed, they just circumvented the entire thing. The public reaction to all this was to make the NSA's attempts to violate individual's privacy much harder. If the NSA had been a good citizen, people and companies may have been more receptive to working with them (although end-to-end encryption was still going to happen, because it's the right thing to do with a customer's data). The biggest problem with the government's desire to weaken or ban encryption is the "bad guys" will still use strong encryption methods -- they don't follow the law by definition. Other nations will still develop and use strong encryption, so it won't disappear. This leaves only normal folks vulnerable to both government overreach, as well as to the "bad guys". |