Steve Gibson and Leo Laporte did a great podcast this week regarding the Obama administration’s proposed crypto-backdoor legislation. This is same issue Schneier discussed in his post from last week. Here are my takeaways.

  • The technology for strong encryption already exists. It’s math. Bad guys will still use it. Backdoor mandates will only hurt law abiding citizens.
  • If this passes as requested by law enforcement, secure peer-to-peer communication would become illegal and the systems that support it subject to redesign. This includes corporate VPNs, Skype, and a host of other communication services.
  • Backdoors would only serve to open security holes that hackers can step through to cause problems for honest people.

Wired and the EFF also did pieces on the story that are worth reading. I can’t see this making it far in the legislature, but stranger things have happened.

Update 10/6/10: Reread the NY Times article that started this whole conversation. The final FBI quote is so misguided that I had to comment.

“No one should be promising their customers that they will thumb their nose at a U.S. court order,” Ms. Caproni said. “They can promise strong encryption. They just need to figure out how they can provide us plain text.”

The whole point of encryption is that no one but the two authenticated parties can decrypt the data. If companies can decrypt their client’s data then by definition the product is not providing strong encryption. I understand the FBI’s dilemma, but they really need to rethink their position. CPAs should watch this issue unfold as it has the potential to dramatically change the IT landscape.