I have to agree, the *only* reason to restrict public encryption, is to
make it easier to read by third party (who the government obviously
think will only be them)

Once again one country thinks they can police the internet (my tally is
US in the lead, UK following closely and Australia sucking up to
everyone else in a lame attempt of political brown nosing)

I personally, hate (as strong a word as it is, I do mean it) the idea of
other people reading/viewing/using something I send privately, if they
want to catch terrorists and "cyber-criminals" maybe they should use
their heads and not make laws to please the masses.

Another example of DMCA-Related stupidity.  I remember a while ago laws
being made that made Australian ISP's into broadcasters (which I haven't
seen actually implemented) which means they are responsible for the
content viewed by their subscribers, once again the details were
important a while ago, but just so the government could sway a single
senator with the "anti-pornography" laws. So all the parents could sleep
safe at night that their children wouldn't look at pornography on the
internet

I'm starting to think im OT here (s/think im OT/know im OT/)

I can see the next thing the government will step into will be the
"security news groups cause the latest viruses" from that whole
disclosure thing going on.

"It's not who you know, it's who you're bribing".


-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] 
Sent: Saturday, 4 May 2002 00:19
To: [EMAIL PROTECTED]
Subject: RE: strong encryption - governments denying individuals the
right to use


To all, 

I've been following this thread with great interest, agree with most of
the 
opinions, and have enjoyed the common-sense presentations. 

The bulk of previous comments supporting public encryption suppression
have 
presented "security and protection from the bad guys" as the main
argument for 
restricting strong encryption from the general public. 

To support this argument, the government - what or wherever that entity
may be - has also been assumed capable of accomplishing the restriction
task and that 
although we live in a world with many strong technical competitors, only
the 
restricting government will have the capability of decrypting messages
using 
strong encryption and also the weaker encryption permitted for public
use.

I have a additional few questions I would like to submit for review,
although I 
would like to caveat that other than using PGP and PKI and verifying
that they 
are operational within a given environment I have not worked much with 
encryption technologies.  It is my weak domain, so please forgive if I
am off 
base. 

I humbly ask:

1. If a particular government restricts strong encryption but other
governments 
permit its use, won't the restrictive government's laws significantly
limit 
their ability to now create or adopt emerging stronger encryption 
technologies?  Also, won't this force ALL encryption development into 
government labs? (Since the bulk of any product development occurs in
the 
private sector and occurs in free societies, the restrictive government
has 
effectively removed their private sector from the competitive product 
development cycle.) This can't be good for their economy.

2.  Now imagine if the highest level of "public" encryption decided as 
acceptable by an encryption restrictive government is actually breakable
under 
the right conditions - perhaps with a couple of billion dollars, some
top line 
equipment and the right people.  Wouldn't this completely open the doors
to all 
of the restrictive government's private/public/commercial proprietary
and 
internal secrets, personal information and financial data, now making it
all 
freely available to any other government in the world willing to develop
this 
decryption ability?  

3. And finally - and I suspect this may be the ugliest result: Because
most 
important military technology concepts are initially researched in the 
private/public/commercial sector, and this sector will no longer have
access to 
strong encryption, other world governments now will have the theoretical

ability to freely acquire information from all researchers living within
the 
encryption restriction zone. 

Result - isn't the restrictive government now at a significantly greater
risk 
than they were to begin with?  Instead of the occasional bad guy getting

through the surveillance loop, now the entire world will have access to
most or 
all of the restrictive government's brain-trust of ideas. (They can see
us, but 
we can't see them because they are all using better encryption!)  


We must always take great care that the cure is not worse than the
disease.  If 
so, a trip back to the drawing board is in order.


J.D. Hobbs, CISSP
InfoSec Analyst/Consultant



 



Reply via email to