[Cryptography] Gilmore response to NSA mathematician's "make rules for NSA" appeal

[John Kelsey]

On Sep 18, 2013, at 3:27 PM, Kent Borg <kentborg at borg.org> wrote:

> You foreigners actually have a really big vote here.  All those US internet companies want your business, and as you get no protections, in the current scheme, not even lip-service, you should look for alternatives.  As you do, this puts pressure on the US internet companies, and they have the economic clout to put pressure on Feinstein and Polosi and all the others.

This does not go far enough.  The US government is not the only one inclined to steal information which it can reach, either because the information goes over wires the government can listen in on, or because the companies handling the data can be compelled or convinced to hand it over.  Right now, we're seeing leaks that confirm the serious efforts of one government to do this stuff, but it is absolutely silly to think the US is the only one doing it.  

The right way to address this is to eliminate the need to trust almost anyone with your data.  If Google[1] has all your cleartext documents and emails, they can be compelled to turn them over, or they can decide to look at them for business reasons, or they can be infiltrated by employees or contractors who look at those emails and documents.  You are trusting a lot of people, and trusting a company to possibly behave against its economic interests and legal obligations, to safeguard your privacy.  If they have encrypted data only, you don't have to trust them.  

It needs to be in their business interest to convince you that they *can't* betray you in most ways.  

> -kb


--John

[1] I'm not picking on Google in particular--any US company may be compelled to turn over data they have.  I imagine the same is true of any German or Korean or Brazilian company, but I don't know the laws in those places.