Bruce Schneier has written a short piece over at Lawfare in response to ongoing calls to weaken encryption. Unlike during the cold war there is no longer a distinction between consumer grade encryption and military encryption. This is because customized encryption is both more expensive and less secure, because it is unique, non-standard, and untested.
In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."
The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.
Earlier on SN:
U.S. Attorney General William Barr Demands Backdoored Encryption (2019)
FBI: End-to-End Encryption Problem "Infects" Law Enforcement and Intelligence Community (2019)
The Crypto Warrior--Why Politicians Want a ‘Back Door’ into Your Devices—and Why it Will Never Work (2016)
(Score: 0) by Anonymous Coward on Monday September 02 2019, @01:59AM
Barr wasn't talking of encryption algorithms. He was talking of possibilities. It matters not at all if the "consumer" protection is "military grade" if keys are compromised by submitting them to TPTB. Or require a storehouse of the keys/nonces used that is encrypted with the public key of "the government" such that they can decrypt it at will with their "private" key. Or require such transmissions to be real-time so that the government has a database of such. Or any other method by which the government may force access to be possible. You and I may recognize that as a compromise of the system. They wouldn't.