And (c) the yawning gulf between a) and b)
13 Likes
There is this thing where āthe governmentā is the opposite of āprivateā in this sense.
there is not government held private key. Thatās like a private tax.
Itās like socialism starting from the wrong way around and skipping the parts involving the people.
6 Likes
Snowden & Manning, among others who have leaked programatic info for ethical purposes. Luckily these people exist to show us poor citizens the light of how the govt has been abusing trust we granted them in the past.
There needs to be two factors applied when considering government access to private data.
a. A means for technology to let the govt be the only entity that can read your data.
b. Trust in the institutions to use that data responsibly.
I donāt believe in āAā. Its a never ending arms race and the consumer base should choose a product that best protects them.
I believe the President has not considered B at all. A lot of his statements made are done in a tone he used when campaigning for his position, i.e. trying to just imply ātrust meā. Yet here we are with hundreds of examples where multiple levels of federal departments are misusing the data they obtain, not only domestically but internationally as well.
Please give me a means to trust these departments MORE (Iām not looking for absolutes here) and Iād consider playing the game. Until then, Iāll encrypt and protect myself from them.
10 Likes
Slightly OT but one of my supervisors at U once gave a series of lectures on the radio, as a result of which he got so much response he filled a filing cabinet drawer with it, for future research purposes. It was indexed as āgreen inkā (conspiracy theorists), ānuttersā (completely mad) and, if I remember rightly, a section which might one day deserve psychiatric research. Howeverā¦
It was noticeable with some of the letters he got that they began quite sensibly and made observations that were less odd than you might hear in a saloon bar (think older white males in business), but would then suddenly veer off in a complete tangent to something which was obviously a fixed idea that was totally out of touch with reality. It was as if they thought they were being clever by getting the interest of the reader by apparently paying attention to what he had been saying, and then when they thought he was hooked, apply the sucker punch to get their obsession over.
Not that I am saying @Kenneth_Mitchell is one of these people, just that his post for some reason took me back over the years and reminded me of our discussion on the subject.
12 Likes
No - what is to prevent law enforcementās key from being stolen, leaked, shared, or mishandled.
5 Likes
Unless you can come up with math that keeps the second key private, then I think you are denying the math.
8 Likes
I agree that we shouldnāt be very optimistic such a thing would go well in reality, but in theory if the government took concerns like this really really seriously, couldnāt they develop a protocol that ensured the risk of foreign powers (or hackers) obtaining the secret key would be just as low as the risk of foreign powers obtaining our nuclear codes? Presumably there are rules in place which ensure the nuclear codes arenāt in some database that is remotely accessible by a large number of government employees.
If the carrot doesnāt work, there are people who would use the stick. āMr. NSA person with access to the key, it would be a shame if something were to happen to your son or daughter while theyāre in their Spanish class third period with Mr. Smith at X Middle School. There are too many school shootings these days, arenāt there? We could provide some guards to ensure nothing happens there if you do us a favor ā¦ā
3 Likes
What prevents law enforcementās key from being compromised is the same thing that prevents the US governmentās diplomatic cables from being leaked.
7 Likes
Iām not much for vanishingly implausible hypotheticals. Iām going to say that this would almost certainly be treated more like the documents with extensive interviews and personal information on every single person with a security clearance which were recently hacked by the Chinese.
As a base rule of thumb, Iām would suggest that anyone who seriously suggests this as an option until the government has gone ~10 years without a major data breach is a fool or is being disingenuous.
6 Likes
Thatās a redundant tautology.
Ah, I see we have a Ted Cruz fan in the house.
4 Likes
Thatās nonsensical because law enforcement is not private. Itās part of the government which is the public sector. So it wouldnāt be secure at all.
The real issue that isnāt being discussed much is the concept that almost everyone is or should be using the exact same crypto algorithm (or one of a few). This is a serious problem in the same way that everyone using Windows made it such a high-value target for malware and everyone having Flash installed in their browsers made it into little more than a repository of zero-day exploits and vulnerabilities that could sometimes play videos as a side-effect (if your computer wasnāt too crippled by all the malware).
What we really need are thousands of variant crypto algorithms, combined with steganography and codes. We need enough permutations and combinations such that breaching any one of them (via master key or otherwise) would give little return for the effort. If we all standardize on one single system, no matter how good it is, then the return on effort will be so immense that it is guaranteed to be worth the cost to someone to breach it. Therefore, even if it is the most secure system possible, it is guaranteed to be insecure.
6 Likes
Um. No. Really, no. Weāve been this standardized for a while, and nobody has broken public key encryption. Thereās a reason for that. The reason is math. While itās not inconceivable that someone could find a way to factor large primes in polynomial time without a quantum computer, that kind of advancement is not the kind of thing you can force by just having a lot of people wanting it badly enough.
5 Likes
AFAIK the ānuclear codesā donāt work like that. There isnāt a server somewhere with the password āpasswordā and when you log in, you get a menu of possible target/warhead combinations. āDo you want to turn on one-click nuclear destruction? Sign up now for Prime nuclear delivery and for just $1 billion per month you can have your target destroyed within 20 minutes of clicking the āAttackā button.ā
There is a chain of command with relatively few hardened endpoints, rather than an open Internet with billions of them.
5 Likes
Which is exactly why imagining a system that treats the āsecret keyā like nuclear codes doesnāt work. Nuclear codes arenāt available for law enforcement agencies across the nation to use whenever a judge signs off on a warrant, which is what they want from the magical pony encryption system.
4 Likes
The āNexusā books more or less explored such a concept, and who should have access, etc
4 Likes
I think it may be a timely and fascistic definition of governement that user used there, one which would be indistinguishable from the public sector - at least in the profitable bits. That lines up with one of the tenets of Mussoliniās fascism - military citizenship. No line between public and private.
Weāre all at war with terrorists, right? Thatās what this is about, riiiiiight?
1 Like
10 Likes
ā¦past my door and past my gate
but sure wonāt pass my .38
(just kidding- Iām opposed to any wasting of our limited heavy metal resources on politicians.)
1 Like
