back to article IEEE joins the ranks of non-backdoored strong cryptography defenders

The Institute of Electrical and Electronics Engineers (IEEE) has joined the ranks of objectors to proposed law enforcement measures that would compromise access to strong cryptography. The august engineering body went beyond merely opposing the popular understanding of what constitutes a “backdoor”, instead framing its …

  1. Old Used Programmer Silver badge

    Sauce for the goose

    We need a law that requires the FBI to make internal use of any crypto system that meets its standards for public use.

  2. mark l 2 Silver badge

    “forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”

    My worry about any laws requiring people to reveal passwords are that there could be genuine situations where they cannot reveal the password because they don't know what it is. If your going to jail people for not providing passwords you could end up with people using encrypted files for revenge. EG. You found out your partner has been cheating, so you create an encrypted file on their phone/PC and then report that you suspect they have been looking at terrorist content. Plod come and take away their devices and come back asking you to provide the password to the jihadi.zip file found on your device.

  3. Claptrap314 Silver badge

    “Pervasive Monitoring is an Attack”

    Sweet. The end of Google & much of Facebook.

    Don't hold your breath, though.

    1. Anonymous Coward
      Anonymous Coward

      Re: “Pervasive Monitoring is an Attack”

      You, inadvertently?, missed Microsoft :)

  4. The Man Who Fell To Earth Silver badge

    Passwords

    “forensic analysis of suspected computers, and compelling suspects to reveal keys or passwords.”

    In the US, SCOTUS ruled over a century ago that forcing people to reveal lock combinations is a violation of their 5th Amendment rights. Subsequent court rulings extended that to passwords.

    1. BebopWeBop Silver badge

      Re: Passwords

      It's a crime punichable by a prison sentence in the UK. Although from my reading, there does appear to be a legitamate 'forgot' defence which the prosecution would have to demonstrate beyond reasonable doubt that this was incorrect. At least one person has been jailed for additional time on top of anti terrorism convictions.

  5. Pascal Monett Silver badge

    I would think that the situation is simple

    You can pass whatever laws you want about encryption in your country, other countries won't see things the same way and all you need is one competent programmer capable of creating a proper, robust encryption scheme and posting it on the Net and your laws are rendered obsolete.

    I do think the most effective argument that the IEEE listed is the one saying that backdoored encryption would render companies less competitive.

    We're already seeing that kind of result with the Cloud. Thanks to the NSA's shenanigans and the very public cases of judges ruling that data in another country should be made available to the US courts, we now see companies scrambling to make local centers for countries that are passing laws demanding it.

    I cannot imagine that encryption will be different.

    1. Nick Kew

      Re: I would think that the situation is simple

      You describe the very battle the US government attempted to fight back in the 1980s and 90s: the early days of modern cryptography.

      I don't remember just when they gave up that battle (sometime around the turn of the century), but I do recollect it was standard that you'd have to go to a non-US download site for a crypto-enabled version of anything, and that US-based organisations had to leave crypto to non-US parties: hence for example early SSL versions of Apache from Ben Laurie in the UK using an OpenSSL predecessor from Eric Young in Oz. Unless you were prepared to do long legal battle with the US govt!

      1. Allan George Dyer
        Black Helicopters

        Re: I would think that the situation is simple

        @Nick Kew - Maybe it was when the t-shirt went on sale. Did anyone get the Munitions T-Shirt?

        Obligatory XKCD

        1. Claptrap314 Silver badge

          Re: I would think that the situation is simple

          I saw the proposal on the cypherpunks mailing list precisely to that effect--that if crypto is a munition, that the 2nd amendment would apply.

  6. GnuTzu
    Black Helicopters

    Vulnerability Incentives

    “targeted exploits on individual machines” among the options it feels should be available to law enforcement

    Great. As if the government wasn't already incentivized to prolong the existence of vulnerabilities, and possibly encourage their creation, with which to build their arsenal.

  7. Anonymous Coward
    Anonymous Coward

    less worrying "compelling suspects to reveal keys or passwords" ???

    One must be living under a totalitarian regime to consider it "less worrying" when the lack of human rights in a country allows laws to be passed that can be used to force suspects to testify against themselves -- i.e. having to actively help the prosecution to fish for evidence against them.

    1. Alister Silver badge

      Re: less worrying "compelling suspects to reveal keys or passwords" ???

      One must be living under a totalitarian regime

      Welcome to Britain

  8. Graham Cobb Silver badge

    Encryption will become ubiquitous

    I am currently looking into encrypting all my disks with separate (long) passwords. My plan is that the system will be set up with the passwords for the current set of disks but I will not record them anywhere else. I certainly won't be able to remember them!

    This is because I currently have a pile of old disks (some working, some not) which I can't send to the dump because they have private and personal data on them. My plan is that in future when I stop using a disk I can throw it away (or sell it on eBay) without worrying because no one (including me) can access the data any more.

    Once I have that all set up I plan to look into extending it to removable media (memory cards). My drawer of USB sticks will then be full of encrypted drives which I don't know the password to. When I need one I will reformat it with a new password, use it for however long I need it and then throw away the password and put the stick back in the drawer.

    If I can do this, how long will it be before it becomes ubiquitous on every device? In particular for memory cards. At which point no one will know whether the memory card they have confiscated from the terrorist suspect at the border is "empty" (no one knows the password) or contains the plans for their latest atrocity. It is unlikely anyone can prove beyond a reasonable doubt that the terrorist knows the password. Particularly if they are carrying several.

  9. Anonymous Coward
    Devil

    I use waffle as my encryption

    Never heard of WAFFLE

    Just crap on continuously and never get to the point

    Obscure what ever you are saying with a fug of improperly thought out statements and cliches

    and assume the recipient will understand.

    i came upon this technique as it was regularly used by others - i never could decipher it, so it must be good.

    1. Anonymous Coward
      Anonymous Coward

      Re: I use waffle as my encryption

      That encoding technique seems to work exceptionally well for amanfromMars 1...

    2. Adrian 4 Silver badge

      Re: I use waffle as my encryption

      But lawmakers are well ahead of you there. They've been using waffle for years. Do you really think you can get it past them ?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021