[liberationtech] NYT report on Obama admin's wiretap plans

Daniel Colascione dan.colascione at gmail.com
Mon Sep 27 12:05:13 PDT 2010 

On 9/27/2010 10:59 AM, Jacob Appelbaum wrote:
> It's unclear what is exactly being proposed. This looks like the start
> of the second crypto wars; hopefully we'll win this one even quicker
> than the last.

I'm not sure that this is a repeat of the last "crypto war"; that was a
misguided attempt, rooted in American exceptionalism, to delay the
widespread adoption of strong cryptography. It was fought with key
escrow, and secret (and badly broken) government ciphers. It was doomed
to fail, of course, because algorithms can't be regulated, and because
the rest of the world is fully capable of developing its own cryptography.

The present proposal appears to take a different and more insidious
approach --- though I agree it's hard to determine exactly what's being
proposed. If I'm interpreting Ms. Caproni's implication correctly,
cryptography per se won't be regulated, but companies will be required
to provide backdoors even in otherwise-secure software no matter what
encryption they use. Imagine a Skype client that explicitly checks
whether a user has an outstanding wiretap order and, if so, sends a copy
of the conversation to an LEA server somewhere. Any foreign company
wanting to do business in the US would have to provide a similar
facility --- presumably only for its US customers. This proposal seems
less about national security than about further expanding the reach of
domestic law enforcement.

I don't think cryptographers, small companies, FOSS projects, and the
creators of security infrastructure would be affected; it'd be bad
politics and wouldn't be worth the effort. But quietly threatening a few
of the largest software vendors (like RIM and Skype) might be enough to
get them to proactively include backdoors in their products, and that
would be enough to compromise the privacy of most people the government
wants to observe.

A few weeks ago, RIM blinked in the face of pressure from the UAE and
India, and I can't help but wonder whether it emboldened the authors of
this proposal. Fortunately, the reaction to this proposal already seems
immensely negative. I doubt it will proceed beyond this point.

> I'd like to read the actual text of the bill - is that available
> somewhere yet?

Not that I've seen so far. Let me know if you find something.

Regards,
Daniel Colascione

More information about the liberationtech mailing list