
Trump’s DOJ tries to rebrand weakened encryption as “responsible encryption” - bangonkeyboard
https://arstechnica.com/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/
======
chha
"We know from experience that the largest companies have the resources to do
what is necessary to promote cybersecurity while protecting public safety. A
major hardware provider, for example, reportedly maintains private keys that
it can use to sign software updates for each of its devices. That would
present a huge potential security problem, if those keys were to leak. But
they do not leak, because the company knows how to protect what is important."
(Quote from Rod Rosenstein in the article).

This kind of says it all, doesn't it? It's not a matter of if the keys from
these large companies are exposed, just a matter of when, similar to what
happened to Piriform earlier this year. If all such companies are to keep
master keys which can decrypt communication going through their software they
are likely to be an even bigger target.

According to Amnesty 119 out of 160 governments had restrictions on freedom of
expression in 2014. I can think of several that are likely to be interested in
being able to read whatever messages are being sent in order to target
dissidents. Journalists are in many cases depending on privacy and security to
be able to do their job. At the moment the US is ranked at 43 out of 180 for
freedom of the press by Reporters without Borders; if Rosenstein gets his
wish, what is the likelyhood that journalists will be among the first to be
targeted?

There can be no middle road or "responsible encryption" as they describe it.
The data is either encrypted with the recipient being the only one with the
means to decrypt it, or it's not encrypted at all.

------
tony-allan
What is the DOJ going to say when China, Russia, and every other country wants
access to phones or is their position that its ok for the USA but not ok for
everyone else?

Apple will have to agree or withdraw from those countries or break faith with
users. What do Apple shareholders think about that?

~~~
dragonwriter
> What is the DOJ going to say when China, Russia, and every other country
> wants access to phones

I suspect that the people that are in support of this are perfectly fine with
every government being authoritarian and surveilling everything within its own
borders. (Of course, they want their own covert operations to be immune to
that, but they aren't concerned with following local law, anyway, so that's
not an issue.)

------
jlgaddis
That's a nice move, copying a play from the infosec industry and calling this
"responsible encryption", implying that any/the other way is anything _but_
responsible (just like companies do with "responsible disclosure").

"If these tech companies were 'responsible', they would help us -- your
friendly, caring government who knows better than anyone (including yourself)
what's best for you -- spy on everyone and everything because otherwise, you
know, terrorists will kill you and paedophiles will rape your children."

------
nameless912
I'm pretty sure the responsible, patriotic thing to do now is encrypt the shit
out of everything. Right? Do I have that right?

------
CharlesDodgson
What can possibly go wrong

~~~
joshmn
Depends on your IQ level. /s

------
CptBland
It sounds like what they want is the opposite of responsible.

