[Cryptography] Hope Apple Fights This!

Natanael natanael.l at gmail.com
Thu Feb 25 19:44:13 EST 2016 

Den 25 feb 2016 23:39 skrev "Henry Baker" <hbaker1 at pipeline.com>:
> So let me understand: exactly *where* is my data?

In the context of retrieval and cryptography, I'd argue that every location
that holds (by itself indecipherable) data necessary to recover your
plaintext holds a share of the ciphertext, and every location that holds
access and deciphering capabilities (like a server that knows what
harddrives holds shares and what the decryption key is) effectively holds
the plaintext, or plaintext access capability.

For iCloud, Amazon (IIRC) holds ciphertext, Apple holds plaintext access.

For unkeyed solutions like Shamir's Secret Sharing Scheme, each share
remains ciphertext and the access capability may very well be a
non-technical one - the knowledge of where the shares are, perhaps only
stored in your head.

> If I have a file full of random numbers in country #1 and another file
full of random numbers in country #2 and another file full of random
numbers in country #3 and so on, so I guess my "data" is in *all* of the
countries.

Effectively yes. If it deliberately has been either generated or chosen to
make plaintext recovery possible, then part of the entropy of the original
is encoded there ("projected" or extracted, which one doesn't matter).

> But only I know the function that will transform the data stored in all
of these countries into a form that might actually be useful, so my "data"
is also in *none* of the countries.

They have ciphertext, you have access capability. In the legal context,
only access capability (and that enough ciphertext exists to make recovery
possible) matters when the court want to see the content. Like having a key
to a safety deposit box that they know documents of interest are stored in,
they'll demand it and go get the documents (or demand that you use the key
to get it for them).

Ciphertext location practically only matters if they order destruction of
documents (like in privacy invasion cases) and revoking raw access
capability (destroying all copies of the decryption key) isn't viable or
certain to succeed. (Of course it can also matter if there's contracts or
law demanding that nothing whatsoever leaves a certain border, but that's
more rare.)

> Now, there will also be hundreds/thousands/millions of files of random
numbers that belong to other people, but may also visible to the world at
large.
>
> I am free to incorporate (or not) those files into my computation.
(Assume that the files are readonly/appendonly for the time being; it makes
the system easier to contemplate.)

https://en.wikipedia.org/wiki/Rubberhose_(file_system)

> I have been thinking about a file system in which everyone's files are
actually *public*, so Microsoft, e.g., would simply respond to every
warrant with a browser manual and a "knock yourself out" email.
>
> Having all bits public may actually make the whole thing more private,
because everyone can take advantage of the randomness of everyone else's
encrypted data.

Purely practically, a public Tahoe-LAFS grid would work fine. There's one
on I2P you might want to look at. Not much free storage available as far as
I can tell, but whatever that's replicated across nodes will be equally
retrievable from either one of the clients holding access capability, it is
designed for distributed storage.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160226/7262ede1/attachment.html>

More information about the cryptography mailing list