End to end encryption should be the default, but it’s not. So, I find it interesting to look for the drivers that might change that. What will create strong enough demand that it will become unacceptable to ever allow any data to move thru public networks in the clear?
Fear of identity theft is one such driver. A significant portion of the public lives in fear that their identity is at risk because we regularly hear reports of data that has gone missing in transit. Public fear raises the temperature; but it is a very diffuse driver.
Recently the US congress has been rushing to pass a bill that might create another driver. Unlike the fear of the general public this bill should scare all of us who move bits around. Who are these intermediaries? Well of course it’s the telecommunication companies and the internet service providers. But, it also all of us who kindly let random visitors use our internet connections. So if you ever let a visitor to your house use your Wifi you are at risk. The stick in the bill is a huge fine; 150 thousand dollars for the first offense, and 300 thousand dollars for the second offense.
The kindest way to describe this bill is that if you witness a crime and then you fail to report it you maybe fined. For example say you glance at your logs and you see some suspicious behavior. The bill requires that you report that suspicious behavior. It’s slightly more specific, having a focus on child porn, but it’s also extremely weak on exactly what amounts to suspicious.
My point is not to point out what a obnoxious law this is, but rather to point out how this creates demand for better encryption. I want a toggle I can throw on my wireless access points that says “Pass no data in the clear.” Since with such a toggle I can then assert there is zero chance I even had the opportunity to observe the crime.
I think that’s neat. A driver for a better safer default that targets the intermediaries. Since I think they are the folks likely to be able to change the default I think this law offers up an interesting class of moves in the game we are playing. It leads me to a more general question. What can we do to create incentives for intermediaries to drive the defaults toward safer settings?