US law enforcement hasn't given up on its dreams of forcing tech companies to allow access to encrypted devices. New York Times sources have learned that the Department of Justice and the FBI have been meeting with security researchers in an effort to develop systems that would let police reach encrypted data without making them vulnerable to hacking. At the same time, officials have reportedly renewed talks about asking Congress to draft and pass legislation requiring the use of those mechanisms.
The new push is still unlikely to please many privacy advocates and security experts. Both camps maintain that there's no such thing as a device that's open to law enforcement, but secure against malicious intruders -- if you introduce a vulnerability for one side, you introduce it for everyone. What's to stop rogue developers from writing tools that make it easy to strip the secret key? There are also philosophical problems. Mandatory access implies that the government has a right to access user data, and that this right is ultimately more important than the security risk it might create for innocent people.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.