Federal law enforcement officials are still arguing for a US
encryption standard that includes secret “backdoor keys” that would let law
enforcement – presumably with a warrant – unlock people’s encrypted files and
messages. In theory the government would hold these “secret keys” safely
somewhere. That was what was behind the recent demand that Apple “un-encrypt”
the contents of a terrorist’s cell phone.
Could the government actually do this? Could they actually
manage to keep such “secret keys” safe? They couldn’t manage to keep safe the
TSA “master keys” – the keys that let the TSA open those cute little
TSA-approved luggage locks. They couldn’t manage to keep the highly private
security clearance files of 22.1 million people safe from hackers. And now it
turns out even the highly-secretive NSA – the very people who would presumably
keep those government “secret keys” – has had some of their most sensitive hacking
tools stolen online by hackers, who are offering them at auction over the internet.
The level of government incompetence
here is absolutely mind-boggling.
Of course the whole exercise is fruitless anyway. If the government approves an encryption standard
with a backdoor into it people who don’t want the government to access their
files and messages will simply not use it, or will encrypt their message with
other software first before encrypting the result with the government’s
standard. It isn’t hard to find good encryption
software that hasn’t been meddled with (and we know it hasn’t been “fixed” because
the source code is open to inspection by everyone).
This is another one of those issues (of which there are many
these days) where it is clear that the government policy-makers are simply so ignorant
about the technology they are trying to control that their efforts are laughably
ineffective.
Posts
