Bruce Schneier on the Myth of Consumer Security
canopic jug writes:
Bruce Schneier has written a short piece over at Lawfare in response to ongoing calls to weaken encryption. Unlike during the cold war there is no longer a distinction between consumer grade encryption and military encryption. This is because customized encryption is both more expensive and less secure, because it is unique, non-standard, and untested.
In his keynote address at the International Conference on Cybersecurity, Attorney General William Barr argued that companies should weaken encryption systems to gain access to consumer devices for criminal investigations. Barr repeated a common fallacy about a difference between military-grade encryption and consumer encryption: "After all, we are not talking about protecting the nation's nuclear launch codes. Nor are we necessarily talking about the customized encryption used by large business enterprises to protect their operations. We are talking about consumer products and services such as messaging, smart phones, e-mail, and voice and data applications."
The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials-heads of state, legislators, judges, military commanders and everyone else-worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.
Earlier on SN:
U.S. Attorney General William Barr Demands Backdoored Encryption (2019)
FBI: End-to-End Encryption Problem "Infects" Law Enforcement and Intelligence Community (2019)
The Crypto Warrior--Why Politicians Want a 'Back Door' into Your Devices-and Why it Will Never Work (2016)
Read more of this story at SoylentNews.