U.S. Government Wants All Providers of Encrypted Internet Services to Implement Key Escrow
September 27th, 2010Wikipedia has an entry on key escrow, if you aren’t familiar with the concept.
Via: New York Times:
Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.
Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.
James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.
“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”
The key element to getting this passed over the howls of the EFF, ACLU, industry, etc is going to be something big enough that nobody cares anymore as long as the government is ‘doing something about the problem’. This bill has been sitting around in an FBI filefolder since the last crypto wars ended in the late 90s, waiting for its time. Why now?
My guess is all this noise about Stuxnet being targeted at the Iranian enrichment center may well be right, but it’s not the end goal of Stuxnet (or, rather the program/organization that created it) – it’s just a practice run. If, say, half a dozen nuclear reactors melt down simultaneously across the US and it’s blamed on the ‘hackers’, can you imagine a universe where this bill is not passed? Bonus points if we can pin it on the Chinese somehow.
Soon anyone will work out the net is totally ‘useless’ and go back to been alone/family/tribe/gang/networks/cells/city.
It will be like “The Lives of Others” or the series Rubicon, you know what the tech is, where is is and why its in place.
“who’ and ‘how good’ is the only real ? left.