Intelligence Community's Top Lawyer Endorses Desire For Unicorns, Leprechauns & Golden Keys That Don't Undermine Encryption
from the same-thing dept
Bob Litt, the General Counsel for the Office of the Director of National Intelligence (ODNI), gave a speech on Wednesday trying to address the public's ongoing concerns about government surveillance. The speech is long, but it's well worth reading. There's a lot of "yes, we could have done a better job explaining ourselves, and we promise we're learning" kind of talk, but little of real substance. However, at the very end of the speech, he joins the ridiculous bandwagon of ignorant government and law enforcement attacking the idea of encryption the government can't crack. But, similar to the Washington Post's magical golden key (not a backdoor!) proposal, Litt has some wishful thinking about a magic key that only the government can use:Encryption is a critical tool to protect privacy, to facilitate commerce, and to provide security, and the United States supports its use. At the same time, the increasing use of encryption that cannot be decrypted when we have the lawful authority to collect information risks allowing criminals, terrorists, hackers and other threats to escape detection. As President Obama recently said, “[i]f we get into a situation in which the technologies do not allow us at all to track someone that we’re confident is a terrorist …that’s a problem.” I’m not a cryptographer, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the integrity of encryption technology but that enables both encryption to protect privacy and decryption under lawful authority to protect national security.I'm not sure how many times in how many different ways this needs to be explained, but what they're asking for is a fantasy. You cannot put a backdoor in encryption and create a magic rule that says "only the government can use this in lawful situations." That's just not how it works. At all. The very idea of decryption by a third party "compromises the integrity of the encryption technology," almost by definition.
Separately, Litt's reassurances elsewhere ring incredibly hollow. In trying to respond to concerns about so-called "incidental" collection of information under Section 702 of the FISA Amendments Act (information that the NSA isn't allowed to collect, but does so anyway and then hangs onto it and makes it searchable by a variety of government agencies), he notes that they have "reaffirmed" that such data must be deleted if they're determined to have no foreign intelligence value, but then (no joke!) his own speech has an asterisk with a giant loophole. Here is the speech posted on the ODNI's own Tumblr page:
Under the new policy, in addition to any other limitations imposed by applicable law, including FISA, any communication to or from, or information about, a U.S. person acquired under Section 702 of FISA shall not be introduced as evidence against that U.S. person in any criminal proceeding except (1) with the prior approval of the Attorney General and (2) in (A) criminal proceedings related to national security (such as terrorism, proliferation, espionage, or cybersecurity) or (B) other prosecutions of crimes involving (i) death; (ii) kidnapping; (iii) substantial bodily harm; (iv) conduct that constitutes a criminal offense that is a specified offense against a minor as defined in 42 USC 16911; (v) incapacitation or destruction of critical infrastructure as defined in 42 USC 5195c(e); (vi) cybersecurity; (vii) transnational crimes; (or (vii) human trafficking.Yes, some of the activities covered by this list are pretty bad. But it doesn't change the fact that the NSA isn't supposed to collect such information or retain it at all. Writing in all these exceptions is pretty damn broad, especially given the NSA and its "cute" interpretations of the law.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, bob litt, encryption, golden key, incidental collection, magic key, nsa, odni, section 702, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
After the clueless silence that follow the question you add: that's why such thing is not feasible. There is no security if there's a hole in it, call it whatever you want. To finish it while mocking these morons propose to change the name 'Golden Key', 'Solution' or whatever they call it to "Cyber Unicorn". At least it's cute and rhymes with Cyber War.
[ link to this | view in thread ]
'I’m not a cryptographer, but I am an optimist'
"I’m not a scientist, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the laws of physics as we know them but that enables both faster than light travel and infinite replication of physical goods without expending any energy."
"I’m not a chemist, but I am an optimist: I believe that if our businesses and academics put their mind to it, they will find a solution that does not compromise the vast diversity and complexity in genetics but that enables both completely effective cures for every disease and treatments that work equally well for every single person, treatments that don't require any modifications between individuals."
[ link to this | view in thread ]
Re:
I'll second the proposed name change to 'Cyber Unicorn'. It's catchy, while at the same time describes perfectly what they are asking for: Something that doesn't exist.
[ link to this | view in thread ]
Re: 'I’m not a cryptographer, but I am an optimist'
It's like when you have a terminal patient and the family starts lashing out at the doctors because "there must be something that can be done" as if they haven't tried everything possible. You know, denial. Because there are plenty of security holes that weren't abused when discovered to show that any weak point will be exploited eventually.
[ link to this | view in thread ]
In typical Obama fashion, he'll make it seem as if his decision is "balanced", when it fact it's pro-surveillance to the extreme.
So he'll say "we need encryption for cybersecurity, but we also need golden keys to decrypt everything ourselves".
[ link to this | view in thread ]
I'm not ...
I also believe my optimistic vision will occur first.
[ link to this | view in thread ]
[ link to this | view in thread ]
in terms they may understand
It doesn't stop a burglar from breaking entering via said window even though its an 'official use only window'.
[ link to this | view in thread ]
Re: Re: 'I’m not a cryptographer, but I am an optimist'
[ link to this | view in thread ]
[ link to this | view in thread ]
Could not these government mandated backdoors for digital devices and services, also be applied to doorlock manufacturers? Could not they also be mandated into supplying government with it's own separate copy of a universal doorlock key? With which, the government could use this universal key to unlock any door in a citizen's home with minimal effort. While leaving behind little evidence that such a search of the home ever took place.
If the answer is yes. The government reserves that right to unlock all backdoored products citizens use to communicate, locks on their homes, and requires businesses craft these backdoors into the products they sell. Would this not imply the government also reserves the right to unlock and peer directly into a citizen's private life, thoughts, and associations?
After all, the ultimate universal key a government can possibly posses. Is one with which, grants government the ability to directly peer into the private lives of all citizens. While also offering citizens no way of knowing who's private communications are being secretly unlocked through use of universal keys in the government's possession.
I say no! Such universal keys grant government too much power over the lives of citizens, and destroys the constitutional principles enshrined in the 4th Amendment. Such that a citizen's private communications can no longer reasonably be thought of as exhibiting an actual expectation of privacy, due to forced use of government mandated backdoors. While also failing to meet the constitutional standard of only seizing a citizen's communications upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Such universal keys also all but destroy any chances of future whistleblowers communicating their message to the public. For if such messages were to take place over backdoored communication channels. For which, the government has both access to the archives of everyone's messages, and is also in possession of the universal key capable of unlocking all those archived messages. Such whisleblowing actions will be deemed too risky and near impossible.
It's hard to image how freedom and democracy could survive through such a bleak looking authoritarian future. Or how future administrations who grasp ahold the helm of power. Could possibly restrain itself from abusing such awesome powers into the indefinite future.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
I'm not a cook
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
Right there is one of the major reasons that governments wish to have backdoors; they have much more to hide that the citizens that they wish to spy on.
[ link to this | view in thread ]
Re: I'm not a cook
[ link to this | view in thread ]
Re: 'I’m not a cryptographer, but I am an optimist'
Rather than belittling or mocking them, we instead empower them.
[ link to this | view in thread ]
Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'
Kind of already at that stage.
[ link to this | view in thread ]
The proper ending to the sentence
...so now I'm going to defer to the expertise of people who are."
[ link to this | view in thread ]
Re:
Nobody protects artists or creative types. They exist to be exploited. You bosses know this as well and will do anything to keep it this way.
[ link to this | view in thread ]
That such a backdoor would do the *opposite* of what the intelligence community ostensibly wants (by making unwary consumers vulnerable while letting *everyone* know not to use American software products) is apparently unknown to the ODNI.
It's the cybersecurity equivalent of the surgeon general recommending everyone have a daily bleeding to stay healthy and free of bad humours.
[ link to this | view in thread ]
Re: 'I’m not a cryptographer, but I am an optimist'
I'm the Big Bad Wolf, but I'm an optimist. I am sure the the little pig will let me in.
[ link to this | view in thread ]
This is a wonderful idea...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Actually, one can get closer to this aim
That would mean that any communication that needs to get "legally" decrypted needs to pass through all of the involved entities.
Now it would particularly nice if, say, law enforcement cannot decrypt any communication by themselves but have to hand it off to an authorized judge first.
That would actually put technical measures in place for ensuring non-violation of the Fourth Amendment.
Which, of course, means that it will never work since the executive will not tolerate getting locked out of the cookie jar and will get back in, never mind whether it is illegal.
And then we are back at the situation where all the compromise-enabling information is in a single hand.
In the end, reliable key escrow is not insoluble because cryptographers can't make it work, but because sociologists can't make it work.
We have repeatedly demonstrated that we don't have the humans for making it work. There is no technological solution for that.
[ link to this | view in thread ]
Re:
FTFY
[ link to this | view in thread ]
Re: 'I’m not a cryptographer, but I am an optimist'
From the same government that had to take a vote in the Senate on whether climate change is a hoax.
[ link to this | view in thread ]
Re: Actually, one can get closer to this aim
The US government rejected such an encryption system that locked them out of the data and required a court order to access US citizen's communications. The US government chose to go went with 'Stellarwind' instead. Stellarwind gave the US government unfettered access to all US citizen's communications without involving judges or warrants.
http://www.computerweekly.com/feature/Interview-the-original-NSA-whistleblower
So you are correct Master David. We do have the technological means to make such a system plausible. But we humans lack the integrity, social, and moral means as a species to make such a system practical. As the choice between Thinthread and Stellarwind proved. As the unconstitutional actions of the NSA, FBI, DEA, DOJ and CIA under the executive branch have proved. As well as the lack of reform efforts in all three branches of government after the Snowden revelations have also proved.
[ link to this | view in thread ]
Re:
Yes it is.
Golden Keys ARE back doors.
Just like a system with a back door special password. That key, or password, works for anyone who happens to have it (a copy of it).
In every way you can describe a back door in a system, the golden key is equivalent.
[ link to this | view in thread ]
Re: Re:
We'll put it in a lockbox.
[ link to this | view in thread ]
Re: Actually, one can get closer to this aim
Judges hardly ever deny warrant applications, but at least there would then be a paper trail for all these searches. Until the DOJ compromised the judicial computer systems and stole the other half of the key. Nah, they would never do that, right?
[ link to this | view in thread ]
I’m not an optimist, but I am a cryptographer...
Any solution that enables decryption under lawful authority to protect national security must by definition compromise the integrity of encryption technology.
Bob Litt is spouting...something, something, hmmm, what rhymes with "Bob Litt"?
[ link to this | view in thread ]
Re:
We will prevail.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
It turns out that pretty much every company that delivers stuff has access to the back door as well, which is how I learned the code that opens them all up: I asked the pizza guy.
[ link to this | view in thread ]
Sauce for the Goose
[ link to this | view in thread ]
The Big Unicorn In The Room
Assuming that the DoJ wasn't just a power-grabbing street-gang and actually had a modicum of integrity left, where's my constitutional right to privacy?
There just aren't enough child predators and terrorists in this world to justify my entire life being put on display for the courts to mull over to see if I did something wrong that day.
[ link to this | view in thread ]
Re: Sauce for the Goose
It would be this, since that's essentially how it works right now. It's not that companies are required to create special devices, it's that either they're paid to do so or the NSA modifies them. In any case, the devices the President uses is not the same as the devices you & I use, even if they're technically the same model.
Remember the big deal about Obama's Blackberry? That was a stock Blackberry modified by the NSA to enhance security.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: The Big Unicorn In The Room
According to the government, you lost that right as soon as you allowed the private data to touch a third party server. They want to expand that to include if the data exists on a device you didn't build yourself.
[ link to this | view in thread ]
Re: Re: Sauce for the Goose
The NSA are the very people who believe that they are entitled to spy on heads of governments, by installing backdoors where possible. They has the presidents phone in their hands, and if they know what the president is thinking, they know what intelligence and with what slant to give him, hmmm....
[ link to this | view in thread ]
Re: The Big Unicorn In The Room
Oh, I think I see where you went wrong...
[ link to this | view in thread ]
We empower those who act on gut feeling...
[ link to this | view in thread ]
It is perfectly possible to design strong crypto that allows govt access
1. have everyone generate a public/private key pair
2. take a message you want to encrypt
3. choose a random string (nonce) and use that nonce as the key to a symmetric cipher to encrypt the message
4. encrypt the nonce with the sender's public key
5. encrypt the nonce with the recipient's public key
6. encrypt the nonce with the provider's (or government's) public key
7. attach all three encrypted nonces to the encrypted message and send
The only people who can decrypt that message are the three people with the corresponding private keys: the sender, the recipient, and the provider/govt. The ability of the provider/govt to decrypt the message does not undermine the crypto in any way.
[ link to this | view in thread ]
Re: It is perfectly possible to design strong crypto that allows govt access
[ link to this | view in thread ]
Really?
Even if a way were found around that (like all prototypes must be NSA approved before production), it would likely take less than 24 hours before that key was released into the wilds of the internet.
I suspect this whole "story" is a distraction - what ELSE is going on in this field (or a closely related one) that the government doesn't want us looking at too closely?
[ link to this | view in thread ]
"The very idea of decryption by a third party "compromises the integrity of the encryption technology," almost by definition. "
If there exists a key that can decrypt it at all, it does not become less secure because either 1) someone has a copy of that key or a 2) second key exists. As a matter of fact, any number of keys COULD exist to the same encrypted content and meaningfully decrease the security.
The question is who has the keys and can they be trusted Suposedly, you trust yourself with your private key. But the correctness of this trust is the ONLY thing that makes that encryption secure. If yo're the type who gets wasted and like to get on a bar stool and recite your key, then all bets are off. So also with other keys. Each one is as secure as the other so long as there aren't a ridiculous number of them and they're both kept secret from all other parties including the other key holder.
So you may have a point, but I'm afraid you fail to make it using your present argument.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: It is perfectly possible to design strong crypto that allows govt access
[ link to this | view in thread ]
The guy is still a toddler, not mature enough to realize that the problem is "I did wrong" rather than "I got caught".
[ link to this | view in thread ]
Re:
Exactly. Even if the keys stayed with the federal government, there's no way they would be kept secure indefinitely. Whether it would be intentionally leaked, accidentally leaked, purchased, or stolen, it's too valuable a secret to be kept secret forever. And if the keys were given to local police as well, then forget it. Just the sheer number of people with access guarantees it would get out quickly.
[ link to this | view in thread ]
Re: Re: 'I’m not a cryptographer, but I am an optimist'
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
An alternative even more secure design
2. Encrypt a banal message of similar length to the first one message with the government's public key and send.
3. In the case that the difference between the two messages are shared, compared and discovered to be different, blame damn encryption software.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re: Re: 'I’m not a cryptographer, but I am an optimist'
Everyone's opinion is not in fact equally valid, someone who has studied a subject for years, or decades, is far more qualified to give a statement regarding their field of choice than someone how lacks those qualifications, and while someone with only a vague familiarity with a given field/subject are certainly welcome to give their opinion, the two statements or opinions are not even remotely close.
One person knows what they are talking about and has the experience to back it up, the other one doesn't, so society needs to stop treating both as though they are equally valid and should be given equal consideration.
Now, this is not to say that the person without experience cannot make good points, or come up with interesting ideas, as sometimes not knowing what you 'can't do' allows you to think of ideas and solutions that the more educated on the subject might have ignored, but more often than not, the one with experience will be right, the one without, will not.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: I'm not a cook
[ link to this | view in thread ]
Re:
Are you trying, poorly, to suggest that the intelligence agencies should share their back door (aka 'golden key') with the RIAA and MPAA?
Or would it be too much work for the **AA-holes to monitor and decrypt all traffic looking for copyrighted bits? Would it be better for the intelligence agencies to simply send notices to the **AA-holes that they found a copyright infringement? Or would even that be too much work? Maybe the intelligence agencies should just send an infringement notice directly to the ISPs and cut out the middle man?
Oh, wait. I know what the **AA-holes would like best. The intelligence agencies simply show up in the middle of the nigtht and secretly arrest and 'disappear' anyone they suspect of copyright infringement, with no due process. Why bother the ISPs?
> We can't afford to let pirates and other
> copyright violators hide behind encryption.
I just suggested the answer for you. And it's just as evil as 'golden keys'.
[ link to this | view in thread ]
Re: It is perfectly possible to design strong crypto that allows govt access
While technically clever and simple in implementation, that is the most idiotic statement I've heard in a while.
The purpose of crypto is to communicate privately.
Being mandated to include a way for and unknown number of unknown third parties to read the secret message totally and utterly undermines crypto.
Having a central government Key repository (car keys, house keys, vault keys, etc) that keeps copies of each and every key on your keyring does not undermine security in any way. Idiotic. Keys are for security. Giving the government all keys provides a central weak point. An unknown number of weak points because all those keys can be copies unlimited times.
[ link to this | view in thread ]
Re: Re:
Poe's law and all, but I'm pretty sure that was a joke.
[ link to this | view in thread ]
Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'
As the Good Doctor once put it:
[ link to this | view in thread ]
Re: Re: Re: 'I’m not a cryptographer, but I am an optimist'
As the Good Doctor once put it:
[ link to this | view in thread ]
Obligatory for the children there for ya.
[ link to this | view in thread ]
ayn rand was right
where a girl was showing a beautiful computer model of wind flowing around buildings in a city,
I told her it was kind of useless because the wind turbine technology we have had for the last thousands of years does not handle well turbulence...
and she said something like :
"perhaps you need to properly design new wind turbines then"
[ link to this | view in thread ]
Clipper chip
we need to kill all the internet sites talking about "Clipper chip"
[ link to this | view in thread ]
Re:
If it was democracy it cannot. Study history.
Thankfully we do NOT have a democracy here in the USA, we NEVER have had one here, and we will NEVER have one here though they are trying hard to make it seem like we do. Why not? Because they all have ALWAYS (100%) gone to tyranny.
Thank God we have a Constitutional Republic. The US Constitution IS basically our government and their contract (it defines our contract with, and it is from where, those who serve within our governments get their authority).
"... a bleak looking authoritarian future"
That is up to us, it has ALWAYS been up to us.
[ link to this | view in thread ]
Re: Re:
That depends on which definition of "democracy" you use.
[ link to this | view in thread ]
Re: It is perfectly possible to design strong crypto that allows govt access
1. Why would you assume that you only need to include one Golden Key? If my email went from the US to the UK, wouldn't the GCHQ demand their own ability to read my mail? If I sent a message from the US to my US-citizen friend who happened to be on vacation in Japan, isn't Japan going to want a key? If the email was between two US citizens, maybe DHS and the FBI would someday need to read it, but who's going to stop the NSA from illegally reading my communication? They should have their own key, and my email system shouldn't apply it unless I'm sending the message to an international destination. How's it going to know that? Under current law, the IRS asserts that it doesn't even need a warrant to read emails stored for more than 18 months on an online server; do they get a key so that they can unlock the database of stored, encrypted emails once they're the right age? Where does it stop?
2. Assume there's a single key that can decrypt every email message originating in the US. Every country and bad-ass gang of evil-doers is going to be trying like hell to guess or steal the US public-private key pair. The private key simply won't be private for long. (see point #6, below)
3. Email is useful as an example, but the Government will want to access all communications, because it can't tell whether there's something nefarious happening until it reads the data. (Of course, the NSA just assumes that ALL encrypted messages are of interest.) So, every encrypted communications path will need to provide dozens of golden keys; HTTPS links, VPN channels, financial data links, EVERYTHING.
4. So, now my email system needs to manage not only the public keys for my friends, but also an undefined number of Golden Keys from the various agencies and foreign governments that might potentially, some day have a legal right to read my mail. Ignoring the concern that I now need to extend my trust to many entities to protect their Golden Keys and their stored copies of my emails, who is going to verify that all of these Golden Keys I've received are actually owned by the agencies that are allowed to get copies of my mail? How hard will it be for a bad guy to issue his own key under the guise of a valid eavesdropper, or to hack a government web page and insert his own key instead of the government's key?
6. How frequently will the Golden Keys roll over to a new key? The NSA recommendation for communications security of most classified links is to change the key daily. These Golden Keys are protecting so much data, they should probably be protected at least as high as Top Secret. So, now you need to reissue the government's public key(s) every day. But it's not good practice to store encrypted data when the encryption key has been superceded, so the data storage facility is going to want to decrypt everything as soon as it's intercepted and then maybe bulk encrypt it for long term storage. But heck, ya' might as well scan the info for trigger phrases as long as it's just sitting there in readable form, right? Anyone out there who trusts every government agency, foreign and domestic, to always ignore that temptation?
7. Finally, why would any government invest in such a scheme when it would so easily be thwarted. While reducing the privacy of law-abiding citizens and increasing the risk of HUGE data breaches, this scheme doesn't offer any greater insight into the encrypted communications of people who choose not to use a product that sends a copy of the data to the Golden Key recepients.
These points were framed against the straw man approach of using multiple public keys to share a symmetric key among multiple authorized (or potentially maybe someday authorized) recipients, but all of these issues would remain detractors of any approach that allows third-party access to encrypted communications.
[ link to this | view in thread ]
Re: Re: It is perfectly possible to design strong crypto that allows govt access
Presumably if this golden key nonsense were mandated, the law would also make it a felony to transmit any incompatible encrypted message. Probably it would also be illegal to make, sell, import, or possess software or hardware capable of doing that.
[ link to this | view in thread ]
If we were going in the direction of mandating government access
That's the state of the issue right there. And this notion of a golden key even though it presents obvious problems, helps the courts justify the subpoena of decrypted data.
[ link to this | view in thread ]
This presents yet another opportunity for new technology
That way, private data is lost (locked beyond practical cryptanalysis) just from the owner not taking action for a short period of time (say a week or month).
Considering how our right to speedy trial is regarded by the courts, that would be plenty to assure that all the courts could subpoena is garbage.
[ link to this | view in thread ]
Re: This presents yet another opportunity for new technology
Wouldn't that depend on a particular software implementation? Law enforcement, intelligence, or criminals (insert joke here) could snap the ciphertext and use some decryption software that doesn't implement the time bomb. I don't see how it would be possible to encrypt something so the key works only temporarily.
[ link to this | view in thread ]
Software implementation
You could use the same device that Invisible Inc suggested for emails that expired, in which a third party held a part of the key and released it only within time limits.
In this case, the same third party would hold a part of your key (encrypted, itself, so it's useless on its own) and would delete it upon expiration. The expiration date is renewed with frequent check-ins (e.g. once a week).
Once the original data is seized (stolen, intercepted, whatever), the check-ins cease. The key rapidly expires, and the data turns into (essentially) a block of garbage.
It's an encryption scheme with a dead-man kill switch.
[ link to this | view in thread ]
Re: Software implementation
[ link to this | view in thread ]
"Law enforcement wouldn't go for it"
If the third party is centralized and in their jurisdiction then yeah, they might try to subpoena all the partials. The cure for that is to either launch the service out of US jurisdiction (much the way that VPNs do) or to decentralize the service (friendly companies hold each other's timelock codes).
It's not illegal yet. But neither are VPNs, and neither is robust encryption -- yet. But criminalizing these things would be a big step in admitting that we're in a police state. Still the technology would continue to develop encryption beyond reach of the law, such as deniable encryption (encrypted data that appears as garbage in unused portions of the storage device.)
[ link to this | view in thread ]
Re: "Law enforcement wouldn't go for it"
Indeed, that's the thing to watch for. Hopefully encryption will become too mainstream, and it will be too late to ban it without major backlash.
[ link to this | view in thread ]