<html>
<head>
<meta name="generator" content="Windows Mail 17.5.9600.20911">
<style data-externalstyle="true"><!--
p.MsoListParagraph, li.MsoListParagraph, div.MsoListParagraph {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
}
p.MsoNormal, li.MsoNormal, div.MsoNormal {
margin:0in;
margin-bottom:.0001pt;
}
p.MsoListParagraphCxSpFirst, li.MsoListParagraphCxSpFirst, div.MsoListParagraphCxSpFirst,
p.MsoListParagraphCxSpMiddle, li.MsoListParagraphCxSpMiddle, div.MsoListParagraphCxSpMiddle,
p.MsoListParagraphCxSpLast, li.MsoListParagraphCxSpLast, div.MsoListParagraphCxSpLast {
margin-top:0in;
margin-right:0in;
margin-bottom:0in;
margin-left:.5in;
margin-bottom:.0001pt;
line-height:115%;
}
--></style></head>
<body dir="ltr">
<div data-externalstyle="false" dir="ltr" style="font-family: 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif';font-size:12pt;"><div>Hi All, </div><div><br></div><div>Does the FTC really need to mandate what it believes to be strong crypto which I personally think would be an impossible task and much like a cat chasing it tale; or should the FTC merely describe the characteristics of “strong” crypto. </div><div><br></div><div>Then again what does “strong” actually mean. It is a comparative term which will change over time.<br></div><div data-signatureblock="true"><div><br></div><div>Dr. Adrian McCullagh <br>Ph.D. LL.B.(Hons) B. App. Sc. (Computing)<br>ODMOB Lawyers <br>Mobile 0401 646 486<br>Skype. Admac57<br>E: ajmccullagh57@gmail.com<br>E: amccullagh@live.com <br>The contents of this email are confidential between the sender and the intended recipient. If you are not the intended recipient then no rights are granted to you because of this error and as such you are requested to promptly inform the sender of the error and to promptly destroy all copies of the email in your power, possession or control. The sender reserves all rights concerning this email and its contents including any privilege, copyright and confidentiality associated with this email. Even though an email signature block has been appended to this email, and notwithstanding the Electronic Transactions Act (Qld) or the Electronic Transactions Act (Cth), the signature block does not exhibit the senders intention to be bound by an offer previously sent by the intended recipient, unless the email in its body specifically indicated that the sender hereby accepts such an offer previously sent by the intended recipient.</div><div><br></div></div><div style="padding-top: 5px; border-top-color: rgb(229, 229, 229); border-top-width: 1px; border-top-style: solid;"><div><font face=" 'Calibri', 'Segoe UI', 'Meiryo', 'Microsoft YaHei UI', 'Microsoft JhengHei UI', 'Malgun Gothic', 'sans-serif'" style='line-height: 15pt; letter-spacing: 0.02em; font-family: "Calibri", "Segoe UI", "Meiryo", "Microsoft YaHei UI", "Microsoft JhengHei UI", "Malgun Gothic", "sans-serif"; font-size: 12pt;'><b>From:</b> <a href="mailto:leichter@lrw.com" target="_parent">Jerry Leichter</a><br><b>Sent:</b> Saturday, 9 January 2016 3:31 AM<br><b>To:</b> <a href="mailto:seanl@literati.org" target="_parent">Sean Lynch</a><br><b>Cc:</b> <a href="mailto:cryptography@metzdowd.com" target="_parent">Cryptography Mailing List</a>, <a href="mailto:hbaker1@pipeline.com" target="_parent">Henry Baker</a></font></div></div><div><br></div><div dir=""><div><blockquote style="margin-top: 0px; margin-bottom: 0px;"><div><div dir="ltr"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: rgb(204, 204, 204); border-left-width: 1px; border-left-style: solid;"><br></blockquote></div></div></div></blockquote></div><div><br></div><div><br></div><div>I'm not anti-regulation myself - I think there are many things that *need* to be regulated. But regulation should be targeted where it's appropriate - and it should be the minimum regulation needed to accomplish some important policy goal. Demanding that the FTC define "strong cryptography" and then mandate, on its own, which applications require it, strikes me as a good way to generate tons of new regulations that will do more harm than good.</div><div><br></div><div>Keep in mind, too, that any regulation has to be quite explicit - to cite the kind of thing that drives people nuts, you can't write a regulation that says "fire extinguishers must be at a height that most people can get at" because no one will be able to objectively test if someone is in violation; so instead you end up with a mandate that says "fire extinguishers must be hung 60 inches above the ground" and you end up fining people who hang them at 61 inches. Also, once a regulation is in place, it becomes almost impossible to change it because of the costs. That's a disaster in a field moving as rapidly as cryptography has been.</div><div><br></div><div><div> -- Jerry</div></div><div><br></div></div></div>
</body>
</html>