A few years back someone was writing software that did potentially illegal things, like more than 40 bits of crypto, which was illegal when distributed outside of the US (maybe still is).<p>Their response was:<p>"It's completely legal as distributed. Look at the header and you'll see:<p><pre><code> #define CRYPTO_LENGTH 40
</code></pre>
"
I used to view steganography as a viable mitigation strategy for the outlawing of encryption.<p>Over the years, I've come to consider steganography as inadequate as a means of mass communication, as the more people know about how to receive a stegonographic message the less effective it is at hiding the content.<p>Steganography is most useful in one-on-one communication where the means to read the message is exchanged in a secondary secure channel of communication. Sadly, this just does not scale well.<p>For this and other reasons, I've kind of become pessimistic about the security and privacy of communication using computers, and even more so towards such security and privacy being available to the masses.
> To make things worse, the Act proposes the creation of a hybrid bounty program, giving third-parties financial incentives to extract encrypted data following a request from U.S. agencies. In short, if the tech companies won’t build a backdoor, the U.S. government will pay hackers top dollar to use whatever means necessary to get the data for them.<p>Is that worse?
From a cynical perspective, this is a market opportunity for VPN services. As were Snowdon's leaks, which hugely expanded the VPN service industry.<p>And indeed, using VPN services (let alone nested VPN chains and Tor) largely obviates risks from these bills. Without cooperation from the VPN service, gathering sufficient information for a warrant is problematic.<p>But I wonder. Might the US regulate using VPN services, as authoritarian regimes already do?
Looking at the other comments in here, I have to say Americans still seem way too optimistic that the USA could not become a totalitarian state along the lines of Russia or China.
If government backdoors are really necessary, the government should be able to provide an explanation without using the words 'terrorism' or 'child pornography'.
These bills are self-defeating. I suffer no affections for narcotics dealers and human traffickers seeking anonymity, but I also suffer no affections for "Western" bankers fixing LIBOR and NSA tapping phones of our NATO "allies." As is, our USA "cloud" is already a Trojan Horse. At this point, Open Source and strong encryption are already prerequisites of any imaginable national sovereignty. If we can't "export" strong encryption, we'll just "export" strong encryption engineers.
Everyone should actually just go read the bill rather than just get news from a bunch of sources that stand to gain or lose from aspects of it.<p>A ton of these claims are unsubstantiated if you look in the latest versions. There is so much Fear slinging going on around the web it’s seriously just bizarre to me after actually reading the bill.