Whenever a clueless authority figure who apparently knows nothing about security (like, apparently, FBI director James Comey) calls for a ban on crypto, here’s the article you should show them.
The most the government can probably do is bar companies from offering the most secure forms of encryption to their users. But encryption isn’t just one product. Just like the math it’s based on, it’s really more of a concept or an idea rather than a specific technical tool.And it’s pretty impossible to outlaw ideas.
In fact, the U.S. already tried to do that in the 1990s in policy debates about encryption now known as the “crypto wars” — which failed to stop the spread of encryption and ended up creating a bunch of security problems that still haunt the Internet.
Even if the government stopped big tech companies from offering end-to-end encryption, the tech would still be available. For one, the U.S. government has little authority to stop corporations outside its borders from offering the same capabilities. But perhaps more importantly, many other popular encrypted communication apps and tools are the result of open-source projects that rely on volunteer developers all around the world to make them better, so there’s no one person or company that the government can get to shut them down.
And because open-source projects make their code available to the public, there’s nothing to stop Islamic State supporters from using their own servers to set up their own versions of end-to-end messaging apps. And if they don’t want to go that far, terrorists could revert to older, more cumbersome open-source products that provide end-to-end encryption for things such as email that are also already out there.
Everything you need to know about encryption: Hint, you’re already using it. [Andrea Peterson/Washington Post]
(via Techdirt)