Advertisement
Promo

Security threats Toolkit

Story: Government to force handover of encryption keys

  • Previous comment

Posted by: Anonymous (Friday 19 May 2006, 10:33 PM)

  • Reply

Hmm... and what, exactly, does this "order to seize" actually do to protect people from terrorism? Does it prevent terrorists from cloning citizens' phones and using them to communicate with other terrorists? Or criminals for that matter?

Does this actually safeguard ANYONE?

What prevents people from just generating thousands upon thousands of keys? Perhaps millions of keys?

Officer: I need to access your protected data... please give me your key.

Individual: Sure. Here is a hard drive filled with all of the keys I use. Not sure which goes where, but here are my keys. (300GB hard drive with over a hundred million keys)

Imagine that data is encrypted 1-3 times by each key(100-300 million times encrypted) and even one key is wrong/missing? What then? How long would it take to access the data?

Worse... what prevents criminals and terrorists from deliberately generating such overly encrypted data with mind numbingly large numbers of keys? Just downright bog down the workflow of data decryption.

This kind of "blind reasoning" or "panic reasoning" is hurtful to the local economy and over time, erodes faith in the governing body's ability to think rationally and plan for the country's safety.

This kind of thing will discourage businesses from:
- travelling there
- setting up shop there
- accepting customers from there or who travel there

Imagine the headache when even 1% of your customer base requests a new key to be generated because their existing one got seized and they no longer feel their information is safe?

What if this happened on a daily basis?

The other question is whether the police officers are qualified to handle the keys themselves? Are they trained and certified as people who are capable of handling encrypted keys?

If I was a company, I would immediately move my business out of that region. It is a legal liability to me and my customers to have personal keys revealed.

So does this give the police the power to take peoples' passwords to online accounts as well? To corporate accounts? In the event "terrorist" or "criminal" data is stored there?

Do the people making these laws even think about the consequences!?

  • Previous comment

  • Reply to this comment
  • Return to story
  • Report this as offensive


Full Talkback thread

Sentry Posts Blog

Authentication risks all too human

Risks to successful online banking identification and authentication using smartcards involve a mixture of human and technological factors, according to the European Network and Information... More

1 comment

Opera censors Chinese content

Opera has updated the Chinese version of its mobile browser to stop users accessing restricted content. Opera Mini was updated on Friday from an international to a Chinese version,... More

2 comments

Symantec website breached

Security company Symantec has said that one of its websites was successfully breached. Romanian security researcher 'Unu' posted details of the breach in a blog post on Monday. Unu... More

Post a comment


Skip Sub Navigation Links to CNET Brand Links

Help

Become part of the ZDNet community.

Newsletters