"We kill people based on metadata." - former head of the National Security Agency Gen. Michael Hayden<p>“metadata absolutely tells you everything about somebody’s life. If you have enough metadata, you don’t really need content.” - NSA General Counsel Stewart Baker
OK, so we have another well written article explaining how attempts to demonize encryption and put it back in the bottle are misguided, and the spokespeople for the authoritarians and intelligence community are being disingenuous on cable TV.<p>But most of us already knew this. So what I'm asking is:<p>* Are these well reasoned words affecting/effecting policy?<p>* How will we know?
I think this article is great, but something did stand out for me.<p>I'm a huge supporter of universal end-to-end encryption, but Feinstein's point is making me feel some cognitive dissonance:<p>>"I think with a court order, with good justification, all of that can be prevented."<p>There <i>are</i> cases where I would want law enforcement to be able to read encrypted communications in an emergency situation, with a valid court order. If someone is being held hostage, for example. Of course I don't want intelligence agencies having this same access; just very specific requests during exigent circumstances, with judge approval. A real judge in a real court, not a secret FISA court.<p>But to do that you need some kind of key escrow already set up with the government, and if you have that, there's nothing stopping law enforcement and intelligent agencies from spying on what they want when they want.<p>Right now this isn't a huge problem since a lot of people still communicate in plaintext, or things that are encrypted but logged/intercepted by a central location (Skype). But eventually more and more things will move to end-to-end encryption.<p>What is the right way to handle this?
If the government forces the big American tech companies to adopt weaker encryption technologies, what's to stop terrorists from rolling their own communication app? Or new tech companies from deploying apps from countries where strong encryption is still legal? Would developers need to become familiar with government approved algorithms?<p>Separate from the debate on whether this is a good idea, I'd love to see a proposal for how a global encryption ban could actually be implemented.