Re: Making Non-compliant Encryption Illegal
What is to keep committed privacy advocates, whether or not criminals, from implementing their own cryptography? A few, in order of increasing importance, are:
1. Phones and other devices on which the manufacturer has made non-"store" difficult to install "for the customers' safety" of course.
2. Designing a secure encryption algorithm (especially one that is provably secure) is hard; many, including skilled cryptographers, have tried and fallen short.
3. Implementing a secure encryption scheme is hard and rarely done; many, including highly skilled and experienced programmers, have tried and fallen short.
4. Guaranteeing that a vulnerability free implementation of a provably secure encryption algorithm in an environment so that it is not vulnerable to operating system defects, both when installed and after all future OS modifications is hard, and since the nature of future changes is unpredictable, unlikely to be attainable.
5. Guaranteeing the entire system of (4) against all application software almost certainly will, over time, present opportunities to those intent on breaking in.
I doubt that managers at NSA or any other major SigInt organization worry much about this problem.