Infoworld NZ has just published an awful article (written by US reporter Sari Kalin and titled "Criminals Eyeing Encryption"), which emphasises repeatedly that encryption is a major problem just waiting to happen, using Dorothy Dennings report as a basis. This represents a rather ugly way to interpret the report (and, presumably, an attempt by the USG to recover something from a report which was supposed to come down firmly in favour of crypto restrictions but didn't).
Due to the late hour I got that wrong, it's Computerworld NZ, not Infoworld (slight difference in naming). Even later last night I wrote a letter to the editor which, I gather, will appear in the next issue. I've included it below in case anyone finds it useful, it's written for a general audience who probably aren't aware of the deeper issues apart from the fact that the USG has a peculiar attitude towards crypto, due to length constraints I couldn't go into too much detail. If you feel the need to circulate this, please don't do so until after next Monday when it's officially published. Peter. -- Snip -- The article "Crims eyeing encryption" in the September 9 Computerworld presents an extremely peculiar view of the study "Encryption and Evolving Technologies in Organised Crime and Terrorism". The final conclusion of the study was that there is no real "encryption problem" which justifies placing limitations on the use of encryption, and yet the article, by more or less ignoring the conclusion and concentrating instead on a number of scaremongering quotes, manages to create exactly the opposite impression. To understand what's involved here, it might be useful to know a bit about the background of the study. For a number of years the US government has held that it needs to strongly restrict peoples access to encryption. They can't actually provide you with any supporting facts for this because they're all classified, but if they were allowed to tell you, they're certain you'd agree with them. Now over the years they came to the realisation that people weren't really buying this argument, and so they decided to create a study which would provide proof, once and for all, that they were right. The two people who worked on this study were Dorothy Denning, virtually the only supporter of the US governments policy apart from the US government itself, and a vice-president of SAIC, a large defence contractor. They toiled away for quite some time, and finally announced their results a month or two back. Unfortunately the findings put them in a rather awkward position: Although the study was supposed to provide proof that there was some sort of "encryption problem" which needed to be countered, it instead showed that there wasn't really a problem at all. Sure, it showed that criminals occasionally use encryption, just like criminals also drive cars, eat pizza, drink Coke, and (quite probably) read Computerworld. The important point - which was almost completely ignored in the article in favour of running scaremongering quotes from a variety of US government officials - was that the "encryption problem", the whole reason for the governments' claimed need to restrict encryption, by and large didn't exist. It got even worse for the government though. So convincing was the evidence in the study that Denning - for years a very outspoken supporter of their policies - did an about-face and declared that she was no longer prepared to back government plans for restricting encryption until someone proved to her that there was a very good reason for it (this was reported in a number of US papers and publications which cover computer issues, so it was reasonably well known, eg "Denning unable to confirm FBI Assertions; alters her position" in the Mercury News, the largest silicon valley paper). Although the governments star technical witness was unable to find any evidence that their position was valid, the Computerworld article, by resorting to selective quoting and innuendo, paints a very different, and quite inaccurate, picture. (As a side-note, I find it amusing to read that the government policy relies on people handing over their encryption keys to them. Quite apart from the question of why anyone would trust the US government with their keys, there's also the small problem that no criminal will ever do this - that's why they're criminals after all. The only ones who'll ever get caught by this cunning plan are you and I). -- Snip -- (I'm assuming most readers will get the Baldrick/Blackadder reference in the last sentence :-).