A US court has ruled a teen is not allowed to use encryption. TechDirt reports:
“[The accused] shall not use a computer that contains any encryption, hacking, cracking, scanning, keystroke monitoring, security testing, steganography, Trojan or virus software.” […] As for the oddities in banning him from using computers with viruses, trojans or keystroke monitors, which he could potentially violate without even knowing it, the court changed the terms to say that he can’t knowingly use a computer with any of those things on it. Unfortunately, they still include “encryption” on the list. I find it troubling that the court is okay with demonizing encryption (and, to a lesser extent, “hacking” tools) when there are plenty of legitimate reasons to do so. Does that mean he can’t even encrypt his email?
On the question of encryption for email, it goes back to the phrase: “shall not use a computer that contains”. It seems to me he can have his email encrypted unknowingly (e.g. as part of a service). More to the point the court should have been more clear with their term “use”. They could have qualified it with terms like “inappropriate”, “malicious”, “harmful”, etc. but instead their terms seem overly broad in leaving it open to ANY and ALL forms of use.
The obvious example of how this fails is the password. There is unlikely to be any way for the accused to prevent his password from being encrypted on any computer he uses. It also makes little sense for the court to rule that he must store all his passwords in clear text, thus placing him at much greater risk of harm.
Another example is HTTPS. He will use encryption on his computer every time he is redirected to a secure page. A secure connection is out of his control. Like the harm point made above with passwords it also makes no sense for the court to order him to transmit everything in the clear, especially as this violates other laws that require services to encrypt his sensitive data.