War on Crypto: EARN-IT Act - Sink the Clipper Chip

grarpamp grarpamp at gmail.com
Sun Mar 8 21:25:20 PDT 2020



Abelson, Harold; Anderson, Ross; Bellovin, Steven M.; Benaloh, Josh;
Blaze, Matt; Diffie, Whitfield; Gilmore, John; Green, Matthew; Landau,
Susan; Neumann, Peter G.; Rivest, Ronald L.; Schiller, Jeffrey I.;
Schneier, Bruce; Specter, Michael; Weitzner, Daniel J.
2015-07-06: Twenty years ago, law enforcement organizations lobbied to
require data and communication services to engineer their products to
guarantee law enforcement access to all data. After lengthy debate and
vigorous predictions of enforcement channels going dark, these
attempts to regulate the emerging Internet were abandoned. In the
intervening years, innovation on the Internet flourished, and law
enforcement agencies found new and more effective means of accessing
vastly larger quantities of data. Today we are again hearing calls for
regulation to mandate the provision of exceptional access mechanisms.
In this report, a group of computer scientists and security experts,
many of whom participated in a 1997 study of these same topics, has
convened to explore the likely effects of imposing extraordinary
access mandates. We have found that the damage that could be caused by
law enforcement exceptional access requirements would be even greater
today than it would have been 20 years ago. In the wake of the growing
economic and social cost of the fundamental insecurity of today's
Internet environment, any proposals that alter the security dynamics
online should be approached with caution. Exceptional access would
force Internet system developers to reverse forward secrecy design
practices that seek to minimize the impact on user privacy when
systems are breached. The complexity of today's Internet environment,
with millions of apps and globally connected services, means that new
law enforcement requirements are likely to introduce unanticipated,
hard to detect security flaws. Beyond these and other technical
vulnerabilities, the prospect of globally deployed exceptional access
systems raises difficult problems about how such an environment would
be governed and how to ensure that such systems would respect human
rights and the rule of law.

More information about the cypherpunks mailing list