Sophos Naked Security wrote, US government calls for "responsible" - as in breakable - encryption.
Well, this is nothing new... but it is still concerning as the government continues to demand access to private communications. Now you may believe that the government's argument has merit, and that it should be able to access private communications with the appropriate legal process leading to a warrant issued by an impartial judge. However, that doesn't solve the problem because strong encryption is already available from sources outside the United States, such as JavaScrypt: Browser-Based Cryptography Tools (https://www.fourmilab.ch/javascrypt/), ProtonMail (https://protonmail.com/), and GnuPG (https://www.gpg4win.org/), just to name a few.
As with calls for gun control, calls for encryption control simply limit the ability of people who are committing no crimes, and pose no threat to national security. Groups of people using encryption to engage in organized crime or terrorist activities are not going to limit their use of strong encryption just because the United States government thinks that they should.
Of course the United States government is not the only one looking to prevent its citizens from having access to strong encryption:
"In a statement released recently by Australian Attorney General George Brandis and the Minister for Immigration and Border Protection Peter Dutton, the two officials called for weakening encryption standards and for increased sharing of surveillance between Five Eyes countries." (Deep Dot Web, July 2017)
"In an interview with the BBC, Home Secretary Amber Rudd called the use of end-to-end encryption communications offered by tech companies and used by terrorists as a "completely unacceptable" situation. Rudd insists organizations behind encrypted messaging systems should not "provide a secret place for terrorists to communicate with each other." (Apple Insider)
"A leaked document reveals the UK government has drawn up yet further, disturbingly dystopian draft bulk surveillance powers, which would give authorities carte blanche to monitor citizens' live communications, and effectively illegalize encryption. A cybersecurity expert told Sputnik this has terrifying implications not merely for internet privacy. The rules would compel all communications companies — including phone networks and ISPs — to provide real-time access to any named individual's full content within a single working day, as well as any "secondary data" related to that individual, including encrypted content." (Sputnik News)
"After being threatened with a ban, it looks like Telegram is playing ball with Russia's government. Russian communications regulator Roskomnadzor confirmed in a statement [in June 2017] that Telegram, an app with over 100 million users globally, had submitted all required data and now works within the country's legal framework. The announcement comes after Russian authorities put pressure on the company on Monday to register itself with the government as an "organiser of information dissemination," saying the messaging app allowed terrorists to communicate secretly, with "high degree of encryption." Failure to do so would cause Telegram to be banned, authorities had threatened." (CNET)
The question is one of whether governments have a compelling interest in weakening encryption in the name of national security, or in order to fight organized criminal activity. Will preventing you and I from having strong encryption to safeguard our own privacy make us safer from criminals and terrorists? Government seems to think it will... do you?
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.