back to article IEEE joins the ranks of non-backdoored strong cryptography defenders

The Institute of Electrical and Electronics Engineers (IEEE) has joined the ranks of objectors to proposed law enforcement measures that would compromise access to strong cryptography. The august engineering body went beyond merely opposing the popular understanding of what constitutes a “backdoor”, instead framing its …

Sauce for the goose

We need a law that requires the FBI to make internal use of any crypto system that meets its standards for public use.

14
0
Silver badge

“forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”

My worry about any laws requiring people to reveal passwords are that there could be genuine situations where they cannot reveal the password because they don't know what it is. If your going to jail people for not providing passwords you could end up with people using encrypted files for revenge. EG. You found out your partner has been cheating, so you create an encrypted file on their phone/PC and then report that you suspect they have been looking at terrorist content. Plod come and take away their devices and come back asking you to provide the password to the jihadi.zip file found on your device.

17
0
Bronze badge

“Pervasive Monitoring is an Attack”

Sweet. The end of Google & much of Facebook.

Don't hold your breath, though.

5
2
Anonymous Coward

Re: “Pervasive Monitoring is an Attack”

You, inadvertently?, missed Microsoft :)

1
3
Silver badge

Passwords

“forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”

In the US, SCOTUS ruled over a century ago that forcing people to reveal lock combinations is a violation of their 5th Amendment rights. Subsequent court rulings extended that to passwords.

13
0
Silver badge

Re: Passwords

It's a crime punichable by a prison sentence in the UK. Although from my reading, there does appear to be a legitamate 'forgot' defence which the prosecution would have to demonstrate beyond reasonable doubt that this was incorrect. At least one person has been jailed for additional time on top of anti terrorism convictions.

2
0
Silver badge

I would think that the situation is simple

You can pass whatever laws you want about encryption in your country, other countries won't see things the same way and all you need is one competent programmer capable of creating a proper, robust encryption scheme and posting it on the Net and your laws are rendered obsolete.

I do think the most effective argument that the IEEE listed is the one saying that backdoored encryption would render companies less competitive.

We're already seeing that kind of result with the Cloud. Thanks to the NSA's shenanigans and the very public cases of judges ruling that data in another country should be made available to the US courts, we now see companies scrambling to make local centers for countries that are passing laws demanding it.

I cannot imagine that encryption will be different.

9
0
Silver badge

Re: I would think that the situation is simple

You describe the very battle the US government attempted to fight back in the 1980s and 90s: the early days of modern cryptography.

I don't remember just when they gave up that battle (sometime around the turn of the century), but I do recollect it was standard that you'd have to go to a non-US download site for a crypto-enabled version of anything, and that US-based organisations had to leave crypto to non-US parties: hence for example early SSL versions of Apache from Ben Laurie in the UK using an OpenSSL predecessor from Eric Young in Oz. Unless you were prepared to do long legal battle with the US govt!

4
0
Silver badge
Black Helicopters

Re: I would think that the situation is simple

@Nick Kew - Maybe it was when the t-shirt went on sale. Did anyone get the Munitions T-Shirt?

Obligatory XKCD

5
1
Bronze badge

Re: I would think that the situation is simple

I saw the proposal on the cypherpunks mailing list precisely to that effect--that if crypto is a munition, that the 2nd amendment would apply.

0
0
Bronze badge
Black Helicopters

Vulnerability Incentives

“targeted exploits on individual machines” among the options it feels should be available to law enforcement

Great. As if the government wasn't already incentivized to prolong the existence of vulnerabilities, and possibly encourage their creation, with which to build their arsenal.

1
0
Anonymous Coward

less worrying "compelling suspects to reveal keys or passwords" ???

One must be living under a totalitarian regime to consider it "less worrying" when the lack of human rights in a country allows laws to be passed that can be used to force suspects to testify against themselves -- i.e. having to actively help the prosecution to fish for evidence against them.

0
0
Silver badge

Re: less worrying "compelling suspects to reveal keys or passwords" ???

One must be living under a totalitarian regime

Welcome to Britain

1
0

Encryption will become ubiquitous

I am currently looking into encrypting all my disks with separate (long) passwords. My plan is that the system will be set up with the passwords for the current set of disks but I will not record them anywhere else. I certainly won't be able to remember them!

This is because I currently have a pile of old disks (some working, some not) which I can't send to the dump because they have private and personal data on them. My plan is that in future when I stop using a disk I can throw it away (or sell it on eBay) without worrying because no one (including me) can access the data any more.

Once I have that all set up I plan to look into extending it to removable media (memory cards). My drawer of USB sticks will then be full of encrypted drives which I don't know the password to. When I need one I will reformat it with a new password, use it for however long I need it and then throw away the password and put the stick back in the drawer.

If I can do this, how long will it be before it becomes ubiquitous on every device? In particular for memory cards. At which point no one will know whether the memory card they have confiscated from the terrorist suspect at the border is "empty" (no one knows the password) or contains the plans for their latest atrocity. It is unlikely anyone can prove beyond a reasonable doubt that the terrorist knows the password. Particularly if they are carrying several.

0
0
Devil

I use waffle as my encryption

Never heard of WAFFLE

Just crap on continuously and never get to the point

Obscure what ever you are saying with a fug of improperly thought out statements and cliches

and assume the recipient will understand.

i came upon this technique as it was regularly used by others - i never could decipher it, so it must be good.

1
0
Anonymous Coward

Re: I use waffle as my encryption

That encoding technique seems to work exceptionally well for amanfromMars 1...

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018