Cryptography and governments.

I have heard and seen enough to accept as a given that the U.S. government dislikes cryptography in the hands of private citizens. The only real reasons I can find for this are that terrorists can use it to co-ordinate attacks under the government’s nose, and that people will eventually shift all their money into online, untaxable accounts overseas.
Now, there are enough one-time-pad codewords (a particular spam e-mail means Attack is On, etc.) that I don’t see this as a reason for coming down on crypto. So, are there any other good reasons for the government attempting to restrict it?

“Because they can”? :smiley:
You’re talking about encryption software, right?

Looks to me like things are actually loosening up. Or did I miss something?

Or are you just wishing to debate in the abstract: “Should government control encryption technology?”

I don’t believe it is either fair or accurate to say that the US Government doesn’t like cryptography in the hands of private citizens. Certainly, their are groups within the government that don’t like it, particularly the FBI, because it makes their jobs that much more difficult.

Certainly, “bad guys” can use cryptography just like good guys. Cryptography is just a tool. The fact that bad guys might use it doesn’t limit its usefulness to good guys.

I’ve never heard any arguments or concerns that cryptography is somehow an enabler allowing people shifting money to (untaxable) overseas accounts. Frankly, I don’t see why private citizens would need cryptography to do this.

I think the recent easing of regulations were simply acknowledgements that encryption is a kind of pandora’s box. Once the technology is published, there is no way the US can prevent bad guys from using it. It also acknowledges that the US isn’t the only place with smart mathematicians capables of devising new encryption algorithms. Under the previous export controls, US industry was at a competitive disadvantage to supply security solutions in international markets.

Your one-time pad comments about email reflect a lack of understanding of encryption (that’s OK, it is a highly technical and complicated topic). Your reference appears to reflect the concerns with a type of encryption called steganography. It is very easy to do, and difficult to detect. It allows “hidden messages” to be encoded into otherwise benign image or multimedia files (and other types as well - the bigger, the better).

Considering pratically every browser and PC operating system contains encryption capabilities, I don’t think you could argue that the US government has had much success in keeping encryption out of the hands of private citizens.

I don’t think the US has ever had a problem with encryption itself, merely encryption they can’t easily crack. Zimmerman was jailed for releasing source code to foreign nationals and if you check back, Scientific American was hassled fairly seriously over publishing the algorithms for public key crypto. Also, the US went through several iterations of the “key escrow” laws where law enforcement people could read your mail but business competitors probably couldn’t. So yes, I believe Robertliguori is correct, the gov dislikes serious crypto. It’s not just the US gov either. France previously outlawed effective crypto and the UK has or is conteplating laws requiring you to hand over the keys or go to jail.

In answer to the OP though, people can do a lot of things with strong crypto that governments don’t like. Criminals can lock up their records with good confidence that they’ll stay secret. Terrorists can indeed send detailed messages via standard email using strong crypto and be reasonably certain that the intended recipient is the only one able to read it. I suppose you could use strong crypto to access foreign bank accounts as well although I don’t see that being done very much. The OBL bunch was accused of using stego to send messages. This has little to do with actual crypto and more to do with concealing the fact that a message was sent at all.

On the plus side, ordinary citizens can also make good use of crypto. Normal bank records, a patient’s medical records, any kind of digital data can be locked up and kept that way. Also, from a civil liberties POV, why should anyone with technical expertise (ala Carnivore) be able to read a person’s private mail? Why shouldn’t it stay private?

Dissidents of various sorts also need to use crypto. Not terrorists, just normal people who feel strongly about something. It could be political plans, invitations to a demonstration, damn near anything that someone else objects to. Business strategies are a good example of something you might not want to trust to clear-text email. Also, signature verification is important, knowing that a message actually came from the guy who signed it is a valuable aspect of crypto.

DDG The government is not so much “loosening up” as recognizing that this is something they can’t really control. It is widely recognized that 64 bit encryption can be quickly broken if someone has access to the right software and a Cray to run it on. Minimum recommendations right now to keep something secret for the next decade are around 256-512 bit encryption using a peer-reviewed algorithm such as Twofish, Blowfish, Triple DES or the like. So, the government allowing the free sale of 64 bit encryption means very little. Robertliguori is right. There is a definate aspect of “Why are you using crypto if you have nothing to hide?” to the government’s attitude on strong crypto. In effect, the US and other governments don’t mind you having secrets, just not secrets from them.

Sorry for the rant, this is one of my hot buttons! S