RSS FeedBlogs

Unscrewing Security

Alec Muffett

RSS FeedSubscribe to this blog
About Author
Alec Muffett

Alec Muffett is a veteran security geek who believes strongly in common sense, full disclosure, defence in depth, privacy, integrity, simplicity and open source. He is an independent consultant, writer, and speaker specialising in security education.

Still Scrambling For Safety

Time for old magic in the debate on CCDP

Article comments
Dateline: the late 1990s; in the USA and UK there is fear and debate over development of new technology which renders moot the "existing capability" of Government agencies to intercept internet communication - thereby risking intelligence (even that which cannot be described in court for security reasons) being lost to the crime-fighting forces of good. This was not CCDP though, this was Mandatory Key Escrow and constituted an early salvo in the Crypto Wars. To analogise in modern parlance: the FBI (in the USA) wanted all HTTPS / SSL connections to be wiretappable, and to that end wanted to mandate that all cryptography use a particular algorithm which provided "trustworthy agencies" with cheap and easy decryption backdoors - ones that would only ever be used in pursuit of fighting crime - honest. Such analogy can only ever be imprecise because technology has so massively morphed - SSL barely existed in 1995 but we now use encryption almost everywhere rather than just Voice-over-IP (VOIP) which the US Government initially targeted. Also: the great increase in CPU-power available to an average device has rendered the concept of a hardware crypto-chip defunct except for certain exotic keystore purposes. So what happened in the many years after the Key Escrow debate? Google and Amazon and Ebay and e-commerce were invented; Skype and its IM-brethren smashed VOIP to bits - some friends still find it exciting, I find it retro - and in lockstep we've developed a taste for unfettered cryptography in our communication for those times where privacy is useful. The concept of (say) registering your HTTPS key with a government agency is risible. But be assured that the goal all those years ago was for the FBI to be able to tap all internet encryption and that today they really would be chasing after SSL and IM and Skype. In fact, they actually are still chasing after SSL and IM and Skype - inducing fear in their masters of going dark and losing access to content - yet they seemed to have weathered the loss of key escrow quite well... Now in the UK we have the CCDP proposals and the verbiage is much the same: the world is changing, the sky is falling, criminals and terrorists and paedophiles oh my! - forgive me but this was tragic and hyperbolic back in 1998, and it is still so. Thus we seem doomed to repeat the process - and lo! now that Cyber Albion is at need, from the soggy fens Professor Ross Anderson has convened Scrambling For Safety 2012 - a rebirth of the original nexus/conference which brought together all those who fought key escrow and similar Government meddling in the past. Let's hope Excalibur is still sharp.


Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
* *