To all, I've been following this thread with great interest, agree with most of the opinions, and have enjoyed the common-sense presentations.
The bulk of previous comments supporting public encryption suppression have presented "security and protection from the bad guys" as the main argument for restricting strong encryption from the general public. To support this argument, the government - what or wherever that entity may be - has also been assumed capable of accomplishing the restriction task and that although we live in a world with many strong technical competitors, only the restricting government will have the capability of decrypting messages using strong encryption and also the weaker encryption permitted for public use. I have a additional few questions I would like to submit for review, although I would like to caveat that other than using PGP and PKI and verifying that they are operational within a given environment I have not worked much with encryption technologies. It is my weak domain, so please forgive if I am off base. I humbly ask: 1. If a particular government restricts strong encryption but other governments permit its use, won't the restrictive government's laws significantly limit their ability to now create or adopt emerging stronger encryption technologies? Also, won't this force ALL encryption development into government labs? (Since the bulk of any product development occurs in the private sector and occurs in free societies, the restrictive government has effectively removed their private sector from the competitive product development cycle.) This can't be good for their economy. 2. Now imagine if the highest level of "public" encryption decided as acceptable by an encryption restrictive government is actually breakable under the right conditions - perhaps with a couple of billion dollars, some top line equipment and the right people. Wouldn't this completely open the doors to all of the restrictive government's private/public/commercial proprietary and internal secrets, personal information and financial data, now making it all freely available to any other government in the world willing to develop this decryption ability? 3. And finally - and I suspect this may be the ugliest result: Because most important military technology concepts are initially researched in the private/public/commercial sector, and this sector will no longer have access to strong encryption, other world governments now will have the theoretical ability to freely acquire information from all researchers living within the encryption restriction zone. Result - isn't the restrictive government now at a significantly greater risk than they were to begin with? Instead of the occasional bad guy getting through the surveillance loop, now the entire world will have access to most or all of the restrictive government's brain-trust of ideas. (They can see us, but we can't see them because they are all using better encryption!) We must always take great care that the cure is not worse than the disease. If so, a trip back to the drawing board is in order. J.D. Hobbs, CISSP InfoSec Analyst/Consultant
