Truth in Advertising (Or why we need Crypto Licenses)

Imagine someone came to you, and sold you a car they promised would drive you wherever you wanted. They told you that it could talk to other cars so that driving would be automatically reported to SquareFace and MyPints. (Not as dangerous as it sounds: after all a car that can drive itself is perfect for suburban pub crawls). However, you ask if there is a way to turn off this feature. "Of course" says the salesman. "Just flip this switch and no one can track you". So you buy the car, drive off, with the switch flipped in the position where no one can track you. But it turns out that the people in charge of implementing this feature were barely trained in the relevant details of how to make it work out, and flipping the switch does nothing. Of course, this is is because you asked for snow tires and the car has a rather strange design. I imagine you would be rather pissed, and then probably file a nasty letter asking for them to provide the funds to ensure that their stupidity be fixed. Yet, when a software company loudly proclaims that it cannot read your files, and then in the small print and documentation for a feature they also widely advertised, it turns out this is not true if you use the relevant feature. I imagine you would be rather pissed. This is exactly what SpiderOak is doing. Their new mobile client does all decryption of your files server-side. Their loud proclamations of protecting your privacy are so much hogwash: they decided to make their development a priority over your privacy. What's more, some basic failures in security exist in their user authentication protocol. Crypton is not fairing much better: they promise to fix the issues in the next release, while carrying out some rather incompetent development in public. Contrast with the behavior of Colin Percival and his Tarsnap service. Tarsnap clients are open source, and he explains the entire process by which you send encrypted data and store it. Dr. Percival has a design that is conservative, easy to analyse, and can be audited by anyone. We should demand that critical vendors follow suit in cryptographic products. Given the consequences of bad cryptography, I propose that anyone writing a product that uses cryptography be required to hire a licensed cryptographer who will sign a sworn proclamation that the design and implementation is in accordance with good practice, and that it has been designed with a reasonable threat model in mind. This may be the only way to prevent bad cryptographers from killing more people then they already have. This licensing would have prevented TLS 1.0. It would have spared the world the horror that is WEP. It would also shut down endless numbers of fly-by-night snake oil salesmen.