OpenBSD Journal

Congress wants Crypto Backdoors

Contributed by webmaster on from the knee-jerk dept.

Wired is reporting on a renewed call in Congress for a prohibition on strong cryptography unless it contains backdoors. From Wired Magazine :
"In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance."
Of course, I'm assuming they would prefer that "Backdoor" not exist in the crypto systems they use. What concerns me is the intentional engineering of a vulnerability into a system meant to safeguard communications. Nothing good comes from that.

If the crypto systems that I use to safeguard administrative access to my business systems, and the privacy and integrity of my customers data (as required by HIPAA) are compromised by an intentionally engineered vulnerabilty, who bears responsibility? Are the collective governments of the world willing to expend the money, time and human resources necessary to secure and monitor every business system in the world? If secure communications were compromised between a financial house and a financial market, and the market were manipulated as a result, that certainly qualifies as a national emergency. Are our governments really willing to secure everything to the extent that only their prying eyes are privy to our secrets? How will we ensure that our friends aren't gathering business intelligence by decrypting our traffic as well? Of course, our friends would never do this, as no ally of the United States has ever been accused of engaging in industrial espionage against American businesses.

I acknowledge that, in the aftermath of fear and uncertainty created by the tragic events in NYC and Washington, DC, this idea may seem reasonable to our lawmakers, but it will only serve to weaken systems used by businesses and individuals world-wide. What is to prevent the bad guys from using alternate forms of encryption, such as privately developed systems, or one-time pads? This "call" only serves to ensure that terrorists develop a preference for custom developed software, whilst making it illegal for businesses to do so.

(Comments are closed)

Comments

  1. By Anonymous Coward () on

    Well that pretty fucking much defies the objective of the cryptography in the first place does it not? One person has to find the back door and it's useless.

    Nice to see US congress is as stupid as ever... thank feck I live in the UK... oh wait is that really better?

  2. By Anonymous Coward () on

    Does this mean that the government will be using products with backdoors as well? Could Congressional or Presidential crypto keys be subpenoed or acquired through FOIA requests?

  3. By Guilherme Buonfiglio de Castro Monteiro () guilherme.monteiro@ebizz.com.br on mailto:guilherme.monteiro@ebizz.com.br

    They won't stop this terrorism acts with encryption backdoors or weaking encryption capabilities. That's all a political problem.
    Thinking US-Gov way, maybe they should prohibit all Fligh Simulator products, or force all SMTP software to have "moderator-like" functions! :(
    You know, cars are a good thing, but they can kill people... Airplanes are also a good thing, but they can be used like bombs, so, stop them!
    Mr. Santos Dumount got sick when he saws his invention used in 1st World War. Was it his fault?
    Big-brother actions are not the way to protect people. Too-much governement power is also an error.
    All this problems are politycal problems that can be resolved destroying very nice things like encryption.

  4. By Anonymous Coward () on

    Why don't they just have a mandatory licensing system for terrorists? Then you they can just forbid the the registered individuals from using any crypto, less they forever loose government approval to perform their acts of terror ....

    Common -- is congress really this stupid? This is just exploiting a very sorry circumstance to push through a law that will only harm law-abiding people and corporations...

  5. By niekze () niekze@yahoo.com on http://www.nothingkillsfaster.com

    when they outlaw encryption, only outlaws will have encryption?


    Hmm, if such a stupid idea were implemented, I would flood them with registrations of all my rot26 keys, to be in accordance with the law :)

  6. By c o r e () coreremoveme@axley.net on http://www.axley.net

    Well, my comment on slashdot has not been modded up so there are still only 21 signatures. But there's still time to get the word out! <br> <br> Sign this petitition at http://www.petitiononline.com/rot13/ to help protect the freedom of all Americans and even those in other countries from the illogical and irrational lawmakers in washington behind this. <br> <br> -core

  7. By Matt Burke () matt@botchitt.com on mailto:matt@botchitt.com

    Hang on a sec...

    If backdoors are forced into open-source crypto methods, doesn't that mean anyone with the source code (whether clued on crypto algorithms or not) will be able to completely bypass any security afforded through the use of crypto?

  8. By Colitis () jamiew at clear dot net dot nz on mailto:jamiew at clear dot net dot nz

    Does this mean I won't be allowed to use ROT13 until it's had a backdoor put into it? :-)

  9. By Jurgen () on

    As if terrorists would ever us encryption mechanisms with embedded backdoors in it! There are enough tools, programs, etc... which enable terrorists to use strong encryption for communicating. Actually I don't think some terrorists have a very well knowledge of privary and encryption, and simply disclosure policies with ISP's can be enough to find some evidence.

  10. By Anonymous Coward () on

    Could any US citizen here try to take this to the US Congress, please?

    • switching off the Internet altogether
    • adding computers to the list of ammunition
    • giving the writing of code outside official labs the same status as the development of chemical, biological or nuclear weapons
    • putting all free developers under immediate arrest under suspicion of colaboration with terrorists
    • blacklisting free/open software users and supporters as potential would-be terrorists
    • ...

    Eventually closing all international borders and banning any international flights, outlawing any courier services or post office, seizing dangerous devices such as faxes, telephones, walky-talkies, radios, ... perhaps TV sets and envelopes with glued strips.

    The rest of the world will be ever so thankful to the great nation of freedom for this great effort to preserve world's freedom.

  11. By Boris () boris@fusium.net on --

    If that passes out, I'll be forced to move
    business out of the US.

  12. By Gimlet () tom@eos.umsl.edu on mailto:tom@eos.umsl.edu

    As is typical with any technology-related issue, our elected representatives clearly do not understand how encryption works. It would be nice if we had more Federal Reserve-style technocrats in various fields that could provide governmental guidance in key areas.

  13. By Toni Nikkanen () toni@tuug.fi on mailto:toni@tuug.fi


    This could be a clever plot to make us all think they are stupid (which, by the way, is a remarkable success). This way we underestimate the threat they pose to free speech.

Latest Articles

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]