Senate Given The Go-Ahead To Use Encrypted Messaging App Signal
Certain senators have repeatedly pushed for encryption bans or encryption backdoors, sacrificing personal security for national security in a move that will definitively result in less of both. Former FBI Director James Comey's incessant beating of his "Going Dark" drum didn't help. Several legislators always managed to get sucked in by his narrative of thousands of unsearched phones presumably being tied to thousands of unsolved crimes and free-roaming criminals.
It will be interesting if the anti-encryption narratives advanced by Sens. Feinstein and Burr (in particular -- although others equally sympathetic) continue now that senators can officially begin using an encrypted messaging system for their own communications.
Without any fanfare, the Senate Sergeant at Arms recently told Senate staffers that Signal, widely considered by security researchers and experts to be the most secure encrypted messaging app, has been approved for use.
The news was revealed in a letter Tuesday by Sen. Ron Wyden (D-OR), a staunch privacy and encryption advocate, who recognized the effort to allow the encrypted messaging app as one of many "important defensive cybersecurity" measures introduced in the chamber.
ZDNet has learned the policy change went into effect in March.
If this isn't the end of CryptoWar 2.0, then it's at least a significant ceasefire. Senators are going to find it very hard to argue against encrypted communications when they're allowed to use encrypted messaging apps. It's not that legislators are above hypocrisy. It's just that they usually allow a certain amount of time to pass before they commence openly-hypocritical activity.
This doesn't mean the rest of the government is allowed to use encrypted chat apps for official communications. Federal agencies fall under a different set of rules -- ones that provide for more comprehensive retention of communications under FOIA law. Congressional communications, however, generally can't be FOIA'ed. It usually takes a backdoor search at federal agencies to cut these loose. So, members of Congress using an encrypted chat app with self-destructing messages may seem like the perfect way to avoid transparency, but it's the law itself that provides most of the opacity.
If encryption's good for the Senate, it's good for the public. There's no other way to spin this. Even Trump's pro-law enforcement enthusiasm is unlikely to be enough to sell Congress on encryption backdoors. With this power in the palm of their hands, they're more apt to see the benefits of leaving encryption un-fucked with.
It's all a show, no matter which perspective you have on it.
For what it's worth, here is my vision of a secure world:
Pretty much every processor now has a SIMD unit, even tiny little processors on cheap phones and such.
These SIMD units can encrypt and protect data INSIDE the CPU (before it travels anywhere) and only write ENCRYPTED DATA and ECC to memory. Then, this encrypted and protected data chunk can travel wherever it likes. It can be used, abused, corrupted, whatever. However, in the future, when you need it again, you retrieve whatever you get, decrypt it, validate it, and use it, knowing it is correct data with a verifiable measure of certainty.
Encryption for everyone, everywhere, all the time, for almost no cost. Well programmed, these SIMD units, inside the CPU, burn almost no resources, because they are so inherently parallel and optimized to do just this.
A protected world.
Amen. :)
Say, for example, that GWiz and I whipped up a kernel driver for Linux that essentially encrypted and protected both the DRAM memory system and the external storage, all the time, with no reasonable performance impact. That is, you would gain the benefits of ECC memory and Erasure Coded RAID using standard memory and standard storage on everything from cell phones to servers.
The question is: Do you think there is some type of hybrid Open Source + Pay for Something mode that could work in this market segment? For example, offering weaker encryption or protection for free systems, and stronger encryption and protection for pay for systems? Or something like that?
I really am interested in your opinion, and could well consider lunch with you in the future.
