9 Epic Failures of Regulating Cryptography
Recently Apple has announced that it is providing basic encryption on mobile devices that they cannot bypass, even in response to a request from law enforcement. Google has promised to take similar steps in the near future. Predictably, law enforcement has responded with howls of alarm .
We’ve seen this movie before. Below is a slightly adapted blog post from one we posted in 2010, the last time the FBI was seriously hinting that it was going to try to mandate that all communications systems be easily wiretappable by mandating “back doors” into any encryption systems. We marshaled eight “epic failures” of regulating crypto at that time, all of which are still salient today. And in honor of the current debate, we’ve added a ninth.
They can promise strong encryption. They just need to figure out how they can provide us plain text. – FBI General Counsel Valerie Caproni, September 27, 2010
[W]e’re in favor of strong encryption, robust encryption. The country needs it, industry needs it. We just want to make sure we have a trap door and key under some judge’s authority where we can get there if somebody is planning a crime. – FBI Director Louis Freeh, May 11, 1995
If the government howls of protest at the idea that people will be using encryption sound familiar, it’s because regulating and controlling consumer use of encryption was a monstrous proposal officially declared dead in 2001 after threatening Americans’ privacy, free speech rights, and innovation for nearly a decade. But like a zombie, it’s now rising from the grave, bringing the same disastrous flaws with it.