April 27th, 2002, 08:48 AM
US Department of Justice on Encryption!
Have you heard what the US Department of Justice's policy on encryption is? The Administration is against it, unless there is a "recovery system" (backdoor).
[I'm sure they must realize that people can hold secrets in their minds too.]
Many large ISPs have been accomodating the US Government by running monitoring software on their customers data, and making it available to various authorities. So, how many encryption software authoring companies are likewise providing law enforcement with backdoors into encrypted data (private property)?
Certainly law enforcement will keep their cooperation a secret, allowing the software sales to continue. Now there's a *real* opportunity for the Federal Trade Commission to act against consumer fraud (but don't hold your breath).
Furthermore, it is not any secret that there is much corruption in law enforcement. So, how safe is the encryption "recovery system" information with them?
The following is a direct quote from the US Department of Justice policy:
"The Administration's policy is to promote the development and use of strong encryption which enhances the privacy of communications and stored data while preserving law enforcement's ability to gain access to evidence as part of a legally authorized search or surveillance. We are willing to look at any options that advance these goals, as well as protecting national security, securing electronic commerce and preserving U.S. competitiveness. The Administration has identified one method to achieve the necessary balance -- the use of encryption products that incorporate recovery systems. With such products, law enforcement agents can, pursuant to lawful process, obtain recovered "plaintext." The Administration is open to other approaches."
If you didn't get enough from that quote, you can find more at CyberCrime.gov.
What are your thoughts?
April 27th, 2002, 09:46 AM
hmm cool post.. still debateable though..
April 27th, 2002, 12:38 PM
This doesn't surprise me - here in the UK, the current government passed a bill (the RIP bill - nice choice of name ) requiring any ISP to keep records of all data if requested to do so.
And of course, this can all be done without requiring a court order .....
Bit more difficult to apply this to something like PGP, unless there is some way that your private key/passphrase is recorded (or decrypted).
May 20th, 2002, 09:55 PM
"they" can have a copy of everything i send.... if they give me a valid address to use for their cc addressee! Actually, there aren't enough agents on the payroll to go thru all the email even after the thousand buzzwords are keyed on with whatever program they might use to sort with. It would take ten thousand volunteers to sort thru and forward the few that might be worth looking at... jmho.