There are some interesting ways around government crypto restrictions.
Ciphersaber [1] is designed so that you can <i>memorize</i> how to write a program to
implement it. Bruce Schneier proposed Solitaire, [2] which is designed to be
carried out with playing cards rather than on a computer. (Later, Paul Crowley
discovered some weaknesses [3] in Solitaire.) Diceware [4] is a method of
generating secure passphrases with (you guessed it) regular dice.<p>[1] <a href="http://ciphersaber.gurus.org/" rel="nofollow">http://ciphersaber.gurus.org/</a><p>[2] <a href="https://www.schneier.com/solitaire.html" rel="nofollow">https://www.schneier.com/solitaire.html</a><p>[3] <a href="http://www.ciphergoth.org/crypto/solitaire/" rel="nofollow">http://www.ciphergoth.org/crypto/solitaire/</a><p>[4] <a href="http://world.std.com/~reinhold/diceware.html" rel="nofollow">http://world.std.com/~reinhold/diceware.html</a>
Am I reading this GPO link wrong or did that not make it in? Section 2804 here actually eliminates an enforced key escrow, so I don't know.<p><a href="http://www.gpo.gov/fdsys/pkg/BILLS-106hr850rh/pdf/BILLS-106hr850rh.pdf" rel="nofollow">http://www.gpo.gov/fdsys/pkg/BILLS-106hr850rh/pdf/BILLS-106h...</a>
"(3) Encryption<p>A telecommunications carrier shall not be responsible for decrypting, or ensuring the government’s ability to decrypt, any communication encrypted by a subscriber or customer, unless the encryption was provided by the carrier and the carrier possesses the information necessary to decrypt the communication."<p><a href="http://www.law.cornell.edu/uscode/text/47/1002" rel="nofollow">http://www.law.cornell.edu/uscode/text/47/1002</a><p>"18 U.S. Code § 2703 - Required disclosure of customer communications or records<p>(a) Contents of Wire or Electronic Communications in Electronic Storage.— A governmental entity may require the disclosure by a provider of electronic communication service of the contents of a wire or electronic communication, that is in electronic storage in an electronic communications system for one hundred and eighty days or less, only pursuant to a warrant issued using the procedures described in the Federal Rules of Criminal Procedure (or, in the case of a State court, issued using State warrant procedures) by a court of competent jurisdiction. A governmental entity may require the disclosure by a provider of electronic communications services of the contents of a wire or electronic communication that has been in electronic storage in an electronic communications system for more than one hundred and eighty days by the means available under subsection (b) of this section.<p>(b) Contents of Wire or Electronic Communications in a Remote Computing Service.—<p>...<p>(c) Records Concerning Electronic Communication Service or Remote Computing Service.<p>..."<p><a href="http://www.law.cornell.edu/uscode/text/18/2703" rel="nofollow">http://www.law.cornell.edu/uscode/text/18/2703</a>
Could someone please post a comment or link on the state of constitutional protection for strong encryption?<p>I think I've read that the courts have ruled that dissemination and use of strong crypto algorithms is protected by the First Amendment, but I'm not sure of that.
Many are quick to jump and state that we should all have 100% privacy, and that governments should not look into our communications. At the same time we are asking for the government to protect us. Something like 9-11 happens and we blame our national security officials. Something like the Boston Marathon happens and we do the same.<p>At some point we have to choose: Natural Freedom or Societal Freedom, but we cannot have both.<p>I for one believe that we should TRULY consider recording every message we send/receive.<p>We should have a very high threshold for using these communications against people, and making sure they can only be used for matters of the people's security.