[Cryptography] Sadly predictable: Terrorism used as excuse to attack encryption

[Miroslav Kratochvil]

I agree with you that there should not be restrictions on encryption.
Still, the problem is elsewhere -- we simply should not encrypt _that_
much. (also applies to your car analogy, btw).

To explain: Common people with reasonable operating systems/browsers
are now using bulk encryption on every single HTTP request they make,
on every single disk block they have, making SPF handshake with each
person they IM, etc.. Observe that only a really tiny amount of the
data is actually confidental (login tokens, business data, ...). Think
about what bulk encryption means for the consumption of computing
power (RSA ain't free, I'd actually expect more than gigawatts). Think
about what it means for law-enforcement agencies -- they can't even
simply prove that given single user is _not_ a suspect to narrow their
search. No wonder that a politician who was assigned the task to keep
the society secure&thriving would actually hate any kind of
encryption. And that is a problem, because the simplest thing he can
do is a ban.

I'd prefer something less drastic before the ban comes, like forcing
the user/software selectively choose (by some smart API or a correctly
designed UI) what to encrypt, leaving the rest (most) of data
"ecologic" and "law-enforcement friendly".

-mk


PS. In no way I suggest simply "turning SSL off", but there could be a
way that just authenticates the data without doing encryption. Method
for easily marking the "secret bits" of the stream would be cool as
well.

PS2. In no way I suggest surrendering all our information to orwellian
big brother, but well, think of the good cops.