Archive for November, 2015

Crypto regulation: political amateur hour

Thursday, November 19th, 2015

What is it about cryptography that brings out the worst in politicians?

It doesn’t seem to matter which jurisdiction you look at, the political class seems to have fantasies of putting the crypto genie back in the bottle. For example, in the UK they want companies like Google and Apple to allow government to peek into the content of communication that passes through their platforms. That’s impossible if there is end-to-end encryption, of course. In the US, the FBI wants companies to build technological solutions to prevent encryption above all else.

This is idiotic on two levels:

  1. Do the bad guys – such as ISIL – actually use strong crypto, or are they too stupid for that? The evidence is that they do not use strong crypto, at least not yet.
  2. Is it feasible to prevent the bad guys from using strong crypto? The techniques, algorithms, know-how and software to secure communications are all widely known and available as open source. The best a government can hope for is to make it a nuisance for law abiding citizens and for dumb criminals to use strong crypto. Smart criminals will use it regardless of what the law says.

How’s this for a suggestion? Any government official responsible for public safety, security, military, policing or trade who seriously and publicly advocates to control the use, import or export of strong crypto should be fired from their job, on the basis of gross incompetence. To suggest such controls is to admit profound ignorance of the topic at hand.

There is no “discussion” about whether crypto controls work. They do not. Decades of experience have shown that they only serve to impair trade, as buyers avoid products from manufacturers whose governments limit crypto (notably the US with ITAR). As for the bad guys? They will use whatever crypto they want, including none at all, without regard for laws.