via Slashdot

CowboyRobot writes “Poul-Henning Kamp argues that the ‘recent exposure of the dragnet-style surveillance of Internet traffic has provoked a number of responses that are variations of the general formula: “More encryption is the solution.” This is not the case. In fact, more encryption will probably only make the privacy crisis worse than it already is.’ His argument takes a few turns, but centers on a scenario that is a bit too easy to imagine: a government coercing software developers into disabling their encryption: ‘There are a whole host of things one could buy to weaken encryption. I would contact providers of popular cloud and “whatever-as-service” providers and make them an offer they couldn’t refuse: on all HTTPS connections out of the country, the symmetric key cannot be random; it must come from a dictionary of 100 million random-looking keys that I provide. The key from the other side? Slip that in there somewhere, and I can find it (encrypted in a Set-Cookie header?). In the long run, nobody is going to notice that the symmetric keys are not random — you would have to scrutinize the key material in many thousands of connections before you would even start to suspect something was wrong.'”

Share on Google+

Read more of this story at Slashdot.