As a follow-up to my recent post on the debate in the US over new encryption restrictions, I thought a short addition might be relevant. This continues.
There was a recent Congressional hearing on the topic that featured mostly what you would expect. Police always want access to any possible source of evidence and the tech industry tries to explain that the risks associated with mandates to do so are excessive with grandstanding legislators sprinkled throughout. What I found interesting (and I use that word with some trepidation as it is still a multi-hour video of a Congressional hearing) is that there was rather less grandstanding and and less absolutism from some parties than I was expecting.
There is overwhelming consensus that these requirements [for exceptional access] are incompatible with good security engineering practice
Dr. Matthew Blaze
The challenge is that political people see everything as a political/policy issue, but this isn’t that kind of issue. I get particularly frustrated when I read ignorant ramblings like this that dismiss the overwhelming consensus of the people that actually understand what needs to be done as emotional, hysterical obstructionism. Contrary to what seems to be that author’s point, constructive dialogue and understanding values does nothing to change the technical risks of mandating exceptional access. Of course the opponents of Feinstein-Burr decry it as technologically illiterate, it is technologically illiterate.
This doesn’t quite rise to the level of that time the Indiana state legislature considered legislating a new value (or in fact multiple values) for the mathematical constant Pi, but it is in the same legislative domain.