A paper from some of the most important names in crypto/security history scorchingly condemns plans by the US and UK governments to ban “strong” (e.g. “working”) crypto.
Twenty years ago, law enforcement organizations lobbied to require data and
communication services to engineer their products to guarantee law enforcement
access to all data. After lengthy debate and vigorous predictions of enforcement
channels “going dark,” these attempts to regulate the emerging Internet were abandoned. In the intervening years, innovation on the Internet flourished, and law
enforcement agencies found new and more effective means of accessing vastly larger
quantities of data. Today we are again hearing calls for regulation to mandate the
provision of exceptional access mechanisms. In this report, a group of computer
scientists and security experts, many of whom participated in a 1997 study of these
same topics, has convened to explore the likely effects of imposing extraordinary
access mandates.We have found that the damage that could be caused by law enforcement exceptional access requirements would be even greater today than it would have been 20
years ago. In the wake of the growing economic and social cost of the fundamental
insecurity of today’s Internet environment, any proposals that alter the security dynamics online should be approached with caution. Exceptional access would force
Internet system developers to reverse “forward secrecy” design practices that seek to
minimize the impact on user privacy when systems are breached. The complexity of
today’s Internet environment, with millions of apps and globally connected services,
means that new law enforcement requirements are likely to introduce unanticipated,
hard to detect security flaws. Beyond these and other technical vulnerabilities, the
prospect of globally deployed exceptional access systems raises difficult problems
about how such an environment would be governed and how to ensure that such
systems would respect human rights and the rule of law.
Keys Under Doormats: Mandating
insecurity by requiring government
access to all data and communications [Harold Abelson, Ross Anderson, Steven M.
Bellovin, Josh Benaloh, Matthew Blaze, Whitfield
Diffie, John Gilmore, Matthew Green, Peter G.
Neumann, Susan Landau, Ronald L. Rivest, Jeffrey
I. Schiller, Bruce Schneier, Michael Specter, and
Daniel J. Weitzner/MIT]
Security Experts Oppose Government Access to Encrypted Communication [Nicole Perlroth/NYT]
(via /.)