|
Data Havens
John Q. Public
OSAll Staff
How much would you pay for totally acceptable risk when your data is concerned? There is no such thing as total security, and as such, the best possible thing is acceptable risk. How much is it worth? Remember what this data is, itīs medical records, secret communications, business plans, tax documents, anything you want to keep private. These days we have somewhat strong encryption to protect this data.
Strong encryption may or may not become moot as government choosees to enable the next generation of wiretapping. When phones came out, the authorities had the ability (theoretically with a court order) to listen in on phone calls. When encryption for phone conversations became available key escrow was deemed mandatory. It seems that with data communications becoming more and more common the same policy of key escrow is only a limited time away. The solution?
An offshore data haven. The concept of a data haven is relatively simple: information is stored offshore (probably in some small, island nation) with super-strong encryption and high-speed links to other countries. The concept has been raised many times before, perhaps most notably in Cryptonomicon. There are many challenges to the execution of a data haven, but itīs clear the time has come.
An FBI computer crime agent told OSAll recently that "[the FBI] is already lobbying the powers that be to get key escrow enforced." This agent, on fear of losing his job, refused to be identified. He does add, however, that the FBI is "very concerned" about the proliferation of encryption.
Currently itīs illegal to export strong cryptography outside of the United States, besides a recent court ruling [the infamous Snuffle case] to the contrary. As such, any algorithms not already smuggled out of the country would have to be developed outside the United States. This, however, is hardly the major hurdle. All data traffic going to and from the data haven would have to be encrypted. The problem?
That data would have to be decrypted in the United States -- and key escrow laws could still be enforced. Solutions have been proposed but most are unlikely to work unless major loopholes are built into any potential escrow legislation.
The export of cryptography for the sake of offshore mirroring is already happening. Many people have broken the law (myself included) to upload crypto programs to offshore computers so that anyone could download them. This is the first step in creating a data haven -- in this case to get around US law. The time has come to create a data haven not only for software, but for personal information.
Related Links:
Cryptonomicon (OSAll Network Store)
OSAll BBSystem |
