<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">(my earlier list replies seem to be
hung up in list moderation)<br>
<br>
On 04/05/14 21:16, Peter Gutmann wrote:<br>
</div>
<blockquote cite="mid:E1Wh1tS-0002Ct-Nm@login01.fos.auckland.ac.nz"
type="cite">
<pre wrap="">Stephan Neuhaus <a class="moz-txt-link-rfc2396E" href="mailto:stephan.neuhaus@tik.ee.ethz.ch"><stephan.neuhaus@tik.ee.ethz.ch></a> writes:
</pre>
<blockquote type="cite">
<pre wrap="">On 2014-05-03, 09:40, Peter Gutmann wrote:
</pre>
<blockquote type="cite">
<pre wrap="">You're looking in the mirror here and seeing people like yourself
making the decisions. They're not, they're IT managers. They're
doing the crypto in the cloud, with the keys in the cloud. After
all, the data's already there, so if you trust the cloud with your
data you can also trust it with your keys.
</pre>
</blockquote>
<pre wrap="">
Do you have evidence for that? You don't have to name it, just say "yes" if
you know of examples; I'll believe you, even though it does boggle the mind.
</pre>
</blockquote>
<pre wrap="">
It shouldn't really boggle the mind, the argument "if you trust the cloud with
your data you can also trust it with your keys" is one I've heard again and
again, it may sound strange to a security geek but to an IT manager it makes
perfect sense. They may be opposed (at least on principle) to putting
sensitive data in the cloud, but once the data is there, the keys follow
naturally. In any case it's not much different from having your data and keys
on a dedicated machine in a data centre, it's just a bit more... cloudy.</pre>
</blockquote>
<br>
Although it is true that once the data+keys leave your premises, law
enforcement could in theory isolate the machine in question and
extract keys from RAM, the big difference is really when the remote
machine falls under a foreign jurisdiction.<br>
<br>
In that case, a law like FISA allows the service provider to be
coerced into giving "all facilities and assistance" - in secret - to
access an unlimited number of non-US Persons' data (with a 702
order), with no 4th Amendment probable cause standard, for the <a
href="https://t.co/wwJ3UNY5s9">general pursuit of the foreign
policy interests of US (1801(2)b)</a> [slides 13-19]. So if the
service provider has means to access to the plaintext, that counts.
No need for copious quantities of Freon and mobile PSUs, just an
"ordinary" warrant-serving process - for an unlimited number of
accounts (or potentially global keyword searches).<br>
<br>
Altogether there are about 40 such discriminations categorically by
nationality in US FISA+PATRIOT (another 45 if "Freedom Act" passes)
and about 2 in Canadian, 10 Australian, 1 NZ, and 0 UK. There's one
in Germany (G10), which is an embarrassment because such
discrimination by nationality ought to be illegal under ECHR (and is
except that blemish). [Most people in Europe think it is odd (to say
the least) to think foreigners have a lesser human right to privacy
than citizens - it is part of equal human dignity - and it is part
of ECHR jurisprudence since 1950]<br>
<br>
So that makes a big difference when the threats/risk/consequences
are different for a foreign government looking at the data versus
the government of the territory where the data originates. Not only
can data sent to the US be surveilled for literally any purpose
(don't believe me, see the slides) without due process, and with no
rights at all compared to substantial if theoretical rights for US
Persons, the data can also be extracted by remote control from
another continent by an authorised-but-compelled Cloud operator
also. And since <a
href="http://www.theguardian.com/technology/2014/apr/29/us-court-microsoft-personal-data-emails-irish-server">this
judgement</a> last week (and probably before in secret and
unchallenged long before Snowden) for full range of criminal
offences, not just spying.<br>
<br>
Caspar<br>
<br>
<br>
</body>
</html>