[Cryptography] Sadly predictable: Terrorism used as excuse to attack encryption
grarpamp at gmail.com
Tue Nov 17 14:42:10 PST 2015
On Tue, Nov 17, 2015 at 12:41 PM, Miroslav Kratochvil <exa.exa at gmail.com> wrote:
> I agree with you that there should not be restrictions on encryption.
> Still, the problem is elsewhere -- we simply should not encrypt _that_
> much. (also applies to your car analogy, btw).
> To explain: Common people with reasonable operating systems/browsers
> are now using bulk encryption on every single HTTP request they make,
> on every single disk block they have, making SPF handshake with each
> person they IM, etc.. Observe that only a really tiny amount of the
> data is actually confidental (login tokens, business data, ...). Think
> about what bulk encryption means for the consumption of computing
> power (RSA ain't free, I'd actually expect more than gigawatts). Think
> about what it means for law-enforcement agencies -- they can't even
> simply prove that given single user is _not_ a suspect to narrow their
> search. No wonder that a politician who was assigned the task to keep
> the society secure&thriving would actually hate any kind of
> encryption. And that is a problem, because the simplest thing he can
> do is a ban.
> I'd prefer something less drastic before the ban comes, like forcing
> the user/software selectively choose (by some smart API or a correctly
> designed UI) what to encrypt, leaving the rest (most) of data
> "ecologic" and "law-enforcement friendly".
> PS. In no way I suggest simply "turning SSL off", but there could be a
> way that just authenticates the data without doing encryption. Method
> for easily marking the "secret bits" of the stream would be cool as
> PS2. In no way I suggest surrendering all our information to orwellian
> big brother, but well, think of the good cops.
I'd wager that overall code and feature bloat is the far larger
consumer of electricity, especially since crypto in hardware.
Also note how if your personal electricity use has dropped but
your bill same or went up, doesn't matter what you use, they
tax you for what they want.
PKI like RSA has always been more costly than stream
like AES, so some auth and special marked stream overhead
isn't likely to save anything, because it's bloat.
Nothing says you can't log your own proof of innocence
Exhibitionists like you could even ship the footage in your
house daily to your good cops for their innocent entertainment.
Why not task yourself to keep yourself secure and thriving.
And have a good laugh about ISIS with the good cops should
they mistakenly knock once in a while about your crypto.
More information about the cypherpunks