As we debate "responsible encryption," here is a long scroll of pullquotes from the previous incarnations of CryptoWars. If you're concerned about this, donate to the EFF -- they've always been there, fighting this insanity back.
"Opposing Clipper is an odd pairing of civil liberties activists and corporations. The activists worry that the government could have too much access to private exchanges. Companies have chafed at export restrictions that stop them from using the best encryption technologies in products they sell abroad. … Companies would rather include many different encryption technologies in the products they sell and don't want to be locked into government-approved hardware. They also point out that their customers overseas are unlikely to want to use the Clipper lock knowing that the U.S. government holds the keys."
"Perhaps you think your E-mail is legitimate enough that encryption is unwarranted. If you really are a law-abiding citizen with nothing to hide, then why don't you always send your paper mail on postcards?" … Keane would not comment directly on the Zimmermann case, but said, "Everybody who has looked at these issues would agree that, A, no court has decided these issues, and B, that these are very tough issues. Sooner or later some tough decisions are going to have to be made."
One way the government has tried to address the widespread use of encryption is through stringent export regulations to control dissemination of such technologies. Those rules even apply to such garden-variety software as Norton Utilities, which offers encryption as part of its popular package of tools to help computer users manage their machines. The company sells two versions of the software: one for domestic use and an encryption-free version for international markets.
The government also has promoted the "Clipper Chip," a voluntary technology that would allow users to scramble their files and communications but still would be breakable by the government. Widespread opposition to the Clinton administration's initial proposal last year sent the government back to the drawing board to find a more workable solution.
"The problem is this: Individuals and businesses have a legitimate need to protect information from interlopers through the use of cryptography. But law enforcement officials fear that drug dealers and terrorists using cryptography will be able to thwart legally authorized surveillance and search warrants. National security officials are concerned that encrypted communications may frustrate intelligence collection against parties that might be building nuclear or biological weapons for use against the United States."
"Although the Government has a strong interest in preserving national security, its Export Administration Regulations on encryption ("EAR") do not further this interest, and, in fact, may undermine it. The EAR are designed to prevent the foreign availability and use of "strong" (i.e., greater than 40-bit key length) encryption. Notwithstanding the existence of the EAR, however, strong encryption products already are used and widely available outside the United States. Thus, the EAR do little, if anything, to prevent foreign intelligence and law enforcement targets from obtaining and using strong encryption capabilities in their efforts to deny U.S. access to their communications. On this basis alone, the Government's attempt to justify the EAR as a direct and material means of preventing a threat to national security must fail."
"Moreover, even if strong encryption were not already available to foreign entities, the Government's effort to prevent such availability through the use of the EAR is significantly undermined by the print exception to the EAR.(1) Nothing in the EAR prohibits a printed version of the encryption source code from export and, once abroad, conversion into electronic source code either manually or by automated means. As the District Court opinion (ER 544-78) described it, the print exception "undermines the stated purpose of the regulations." Id. at 568."
-- RSA Amicus Brief in the Berstein case, https://cr.yp.to/export/1997/1110-conboy.html#Security
"Similarly, the fight over encryption on the Internet will continue. The government fears that allowing the unregulated use of message-scrambling technology would give criminals and terrorists a cloak to hide their digital activities. So FBI Director Louis Freeh has called for requirements that all encryption used in the United States have a back door so that law enforcement can unscramble the messages, and is pushing for telecommunications networks to be designed with built-in wiretapping capability. In recent congressional testimony, Freeh termed those who oppose encryption controls as representatives of "narrow interests.""
“Mossad. Bomb. Davidian. MI5. LCOS
If the hunch of a loose-knit group of cyber-activists is correct, the above words will trip the keyword recognition filter on a global spy system partly managed by the US National Security Agency… Privacy activists have used the words in their signature files for years as a running schtick, but on 21 October, a group of activists orginating on the "hacktivist" mailing list hope to to trip up Echelon on a much wider scale.
"What is [Echelon] good for?" asked Linda Thompson, a constitutional rights attorney and chairman of the American Justice Federation. "If you want to say we can catch criminals with it, it is insane that anyone should be able to snoop on anyone's conversations…Criminals ought to be caught after they commit a crime -- but police are not here to invade all our privacy to catch that two percent [of criminal communications]," she said.”
"It took four months, a grim debate, and thousands of mailing list messages, but the group that sets Internet standards has decided not to support wiretapping… "This is outrageous," wrote Ed Stone. "A third party taps a communication in secret, but the selection is NOT targeted to a SPECIFIC person, so it is not 'wiretapping.' This is simply incredible!"
2014, note - 2 years before the San Bernadino case
"Comey also posed as a question “whether companies not subject currently to Calea should be required to build lawful intercept capabilities for law enforcement”, something he contended would not “expand” FBI authorities”. Calea is a 1994 surveillance law mandating that law enforcement and intelligence agencies have access to telecommunications data, which Comey described as archaic in the face of technological innovation. … Comey, frequently referring to “bad guys” using encryption, argued access to the cloud is insufficient. “Uploading to the cloud doesn’t include all the stored data on the bad guy’s phone,” he said. “It’s the people who are most worried what’s on the device who will be most likely to avoid the cloud.”"
"Under questioning Comey admitted that even if the US did pass laws allowing law enforcement access to encrypted information, there were still plenty of tools produced outside of the US that would be untappable, saying "we'd have a heck of a time trying to do that." Comey declined to say if selling borked crypto would put American companies at a disadvantage when trying to sell overseas. "
Oh you dear sweet summer child...
"If history repeats itself first as tragedy and then as farce, what does the FBI have in store next for its encryption war with Apple? … Yet forgive us if this “conversation” now seems more like a Jim Comey monologue. The debate might start to be productive if the FBI Director would stop trying to use the courts as an ad hoc policy tool and promised not to bring any more cases like the one in Brooklyn. Meanwhile, the White House has taken the profile-in-courage stand of refusing to endorse or oppose any encryption bill that Congress may propose. If the Obama team won’t start adjusting to the technological realities of strong and legal encryption, they could at least exercise some adult supervision at Main Justice.
-- http://www.wsj.com/articles/the-encryption-farce-1461624399 / https://archive.is/CYpbc
""Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety," Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy today (transcript). "Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries." ... "We know from experience that the largest companies have the resources to do what is necessary to promote cybersecurity while protecting public safety. A major hardware provider, for example, reportedly maintains private keys that it can use to sign software updates for each of its devices. That would present a huge potential security problem, if those keys were to leak. But they do not leak, because the company knows how to protect what is important. Companies can protect their ability to respond to lawful court orders with equal diligence." "
"The Justice Department signaled Tuesday it intends to take a more aggressive posture in seeking access to encrypted information from technology companies, setting the stage for another round of clashes in the tug of war between privacy and public safety. … “Warrant-proof encryption is not just a law enforcement problem,” Mr. Rosenstein said at a conference at the U.S. Naval Academy. “The public bears the cost. When our investigations of violent criminal organizations come to a halt because we cannot access a phone, even with a court order, lives may be lost.
" “Technology companies almost certainly will not develop responsible encryption if left to their own devices,” Mr. Rosenstein said. “Competition will fuel a mind-set that leads them to produce products that are more and more impregnable. That will give criminals and terrorists more opportunities to cause harm with impunity.””
-- https://www.wsj.com/articles/justice-department-to-be-more-aggressive-i… / http://archive.is/i1jNu
"Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety. Encrypted communications that cannot be intercepted and locked devices that cannot be opened are law-free zones that permit criminals and terrorists to operate without detection by police and without accountability by judges and juries."
"When encryption is designed with no means of lawful access, it allows terrorists, drug dealers, child molesters, fraudsters, and other criminals to hide incriminating evidence. Mass-market products and services incorporating warrant-proof encryption are now the norm. Many instant-messaging services employ default encryption designs that offer police no way to read them, even if an impartial judge issues a court order. The makers of smart phones previously kept the ability to access some data on phones, when ordered by a court to do so. Now they engineer away even that capability."
"We refer to this problem as “Going Dark” – the threat to public safety that occurs when service providers, device manufacturers, and application developers deprive law enforcement and national security investigators of crucial investigative tools. " […]
". Responsible encryption can involve effective, secure encryption that allows access only with judicial authorization. Such encryption already exists. Examples include the central management of security keys and operating system updates; the scanning of content, like your e-mails, for advertising purposes; the simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop." […]
"Responsible encryption can protect privacy and promote security without forfeiting access for legitimate law enforcement needs supported by judicial approval."
"One of the most profoundly disruptive developments occurring in the cyber security arena today is the headlong rush by a set of parties to ubiquitously implement extreme End-to-End (e2e) encryption […] The generally understood objective by its zealous leaders is to cause everyone except the end parties of the communications services to "go dark""
"Responsible commercial and intergovernmental industry technical venues have for decades adopted appropriate forms of Transport, Network, and Application Layer Security — rejecting extreme e2e encryption capabilities"
"There is flatly no "right" to unfettered personal encrypted communication on publicly available infrastructures and services."
-- Future talking points to watch for, via http://www.circleid.com/posts/20171024_legal_controls_on_extreme_end_to…
I will continue updating this file as I have no hope we'll see the end of this "debate" anytime soon. Additional historic quotes welcomed!