[Cryptography] FTC sues for crappy crypto
Sean Lynch
seanl at literati.org
Thu Jan 7 19:26:32 EST 2016
On Thu, Jan 7, 2016 at 8:13 AM Henry Baker <hbaker1 at pipeline.com> wrote:
> FYI --
>
> "If a company promises strong encryption, it should deliver it."
>
> I'm not holding my breath waiting to see if the FTC will sue when a
> company is given a National Security Letter (NSL).
>
> http://www.theregister.co.uk/2016/01/06/ftc_crackdown_on_crap_encryption/
>
> At last -- Feds crack down on crummy encryption … starting with your
> dentist
>
> Uncle Sam finally gets his teeth into terrible technology
>
> 6 Jan 2016 at 20:58, Shaun Nichols
>
> The US Federal Trade Commission (FTC) has struck a $250,000 settlement
> package in its case accusing a medical software developer of lying about
> its data encryption capabilities.
>
It's interesting to me that the complaint here isn't that they were
providing crappy crypto or that dentists were exposing their patients'
private data, but that they *lied* about their crypto. That's fraud, to be
sure. But it seems unlikely to me that, had they marketed it as "data
camouflage" and not encryption, it would have made any difference to the
dentists, particularly since there seems to be no actual law saying that
the data need to be encrypted. So the FTC isn't actually protecting anyone
here, just making sure their own people stay employed.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160108/5954d111/attachment.html>
More information about the cryptography
mailing list