[Cryptography] Usage models (was Re: In the face of "cooperative" end-points, PFS doesn't help)

[Jerry Leichter]

On Sep 8, 2013, at 11:41 PM, james hughes wrote:
>>> In summary, it would appear that the most viable solution is to make
>> I don't see how it's possible to make any real progress within the existing cloud model, so I'm with you 100% here.  (I've said the same earlier.)
> Could cloud computing be a red herring? Banks and phone companies all give up personal information to governments (Verizon?) and have been doing this long before and long after cloud computing was a fad....
It's a matter of context.  For data I'm deliberately sharing with some company - sure, cloud is fine.  As I mentioned elsewhere, if the NSA wants to spend huge resources to break in to my purchasing transactions with Amazon, I may care as a citizen that they are wasting their money - but as a personal matter, it's not all that much of a big deal, as that information is already being gathered, aggregated, bought, and sold on a mass basis.  If they want to know about my buying habits and financial transactions, Axciom can sell them all they need for a couple of bucks.

On the other hand, I don't want them recording my chats or email or phone conversations.  It's *that* stuff that is "out in the cloud" these days, and as long as it remains out there in a form that someone other than I and those I'm communicating with can decrypt, it's subject to attacks - attacks so pervasive that I don't see how you could ever built a system (technical or legal) to protect against them.  The only way to win is not to play.

                                                        -- Jerry