[Cryptography] FTC sues for crappy crypto

Adrian McCullagh amccullagh at live.com
Fri Jan 8 16:18:47 EST 2016 

Hi All,  


Does the FTC really need to mandate what it believes to be strong crypto which I personally think would be an impossible task and much like a cat chasing it tale; or should the FTC merely describe the characteristics of “strong” crypto.  


Then again what does “strong” actually mean.  It is a comparative term which will change over time.






Dr. Adrian McCullagh 
Ph.D. LL.B.(Hons) B. App. Sc. (Computing)
ODMOB Lawyers 
Mobile 0401 646 486
Skype.   Admac57
E: ajmccullagh57 at gmail.com
E: amccullagh at live.com 
The contents of this email are confidential between the sender and the intended recipient. If you are not the intended recipient then no rights are granted to you because of this error and as such you are requested to promptly inform the sender of the error and to promptly destroy all copies of the email in your power, possession or control. The sender reserves all rights concerning this email and its contents including any privilege, copyright and confidentiality associated with this email. Even though an email signature block has been appended to this email, and notwithstanding the Electronic Transactions Act (Qld) or the Electronic Transactions Act (Cth), the signature block does not exhibit the senders intention to be bound by an offer previously sent by the intended recipient, unless the email in its body specifically indicated that the sender hereby accepts such an offer previously sent by the intended recipient.





From: Jerry Leichter
Sent: ‎Saturday‎, ‎9‎ ‎January‎ ‎2016 ‎3‎:‎31‎ ‎AM
To: Sean Lynch
Cc: Cryptography Mailing List, Henry Baker















I'm not anti-regulation myself - I think there are many things that *need* to be regulated.  But regulation should be targeted where it's appropriate - and it should be the minimum regulation needed to accomplish some important policy goal.  Demanding that the FTC define "strong cryptography" and then mandate, on its own, which applications require it, strikes me as a good way to generate tons of new regulations that will do more harm than good.




Keep in mind, too, that any regulation has to be quite explicit - to cite the kind of thing that drives people nuts, you can't write a regulation that says "fire extinguishers must be at a height that most people can get at" because no one will be able to objectively test if someone is in violation; so instead you end up with a mandate that says "fire extinguishers must be hung 60 inches above the ground" and you end up fining people who hang them at 61 inches.  Also, once a regulation is in place, it becomes almost impossible to change it because of the costs.  That's a disaster in a field moving as rapidly as cryptography has been.





                                                        -- Jerry
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160108/dc60c212/attachment.html>
-------------- next part --------------
_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cryptography mailing list