Hello Insecurity, Goodbye Privacy. Thank you, President Obama

Some people say that Internet Security is an oxymoron, because we hear so much about the different ways in which hackers and criminals break into our data, steal our identities, and even use information to commit “real world” crimes like burglary, when it becomes clear that someone’s gone on vacation.  Well now the Obama Administration along with the FBI and NSA are proposing to make things worse, according to an article in today’s New York Times.

According to the Times, the government is going to propose requiring that developers give up on one of the key principals of securing information– use of end to end encryption, the argument being that law enforcement does not have the visibility to information they once had, say, in the Nixon era, where the NSA acted as a vacuum cleaner and had access to anything.

As our friend Professor Steve Bellovin points out, weakening security of the Internet for law enforcement also weakens it for benefit of criminals.  Not a month ago, for instance, David Barksdale was fired from Google for violating the privacy of teenagers.  He could do that because communications between them were not encrypted end-to-end.  (Yes, Google did the right thing by firing the slime).

This isn’t the first time that the government has wanted the keys to all the castles, since the invention of public key cryptography.  Some of us remember the Clipper chip and a government-mandated key escrow system that the Clinton Administration wanted to mandate in the name of law enforcement.  A wise friend of mine said, and this applies equally now, “No matter how many people stand between me and the escrow, there exists a value of money for me to buy them off.”  The same would be true here, only it would be worse, because in this case, the government seems not to be proposing a uniform technical mechanism.

What’s worse– this mandate will impact only law abiding citizens and not criminals, as the criminals will encrypt data anyway on top of whatever service they use.

What you can do: call your congressman now, and find out where she or he stands.  If they’re in favor of such intrusive policy, vote them out.

[del.icio.us] [Digg] [Facebook] [Reddit] [Twitter]