[Cryptography] One third IT managers think homomorphic is already here

Caspar Bowden (lists) lists at casparbowden.net
Sun May 4 16:07:56 EDT 2014


(my earlier list replies seem to be hung up in list moderation)

On 04/05/14 21:16, Peter Gutmann wrote:
> Stephan Neuhaus <stephan.neuhaus at tik.ee.ethz.ch> writes:
>> On 2014-05-03, 09:40, Peter Gutmann wrote:
>>> You're looking in the mirror here and seeing people like yourself
>>> making the decisions.  They're not, they're IT managers.  They're
>>> doing the crypto in the cloud, with the keys in the cloud.  After
>>> all, the data's already there, so if you trust the cloud with your
>>> data you can also trust it with your keys.
>> Do you have evidence for that?  You don't have to name it, just say "yes" if
>> you know of examples; I'll believe you, even though it does boggle the mind.
> It shouldn't really boggle the mind, the argument "if you trust the cloud with
> your data you can also trust it with your keys" is one I've heard again and
> again, it may sound strange to a security geek but to an IT manager it makes
> perfect sense.  They may be opposed (at least on principle) to putting
> sensitive data in the cloud, but once the data is there, the keys follow
> naturally.  In any case it's not much different from having your data and keys
> on a dedicated machine in a data centre, it's just a bit more... cloudy.

Although it is true that once the data+keys leave your premises, law 
enforcement could in theory isolate the machine in question and extract 
keys from RAM, the big difference is really when the remote machine 
falls under a foreign jurisdiction.

In that case, a law like FISA allows the service provider to be coerced 
into giving "all facilities and assistance" - in secret - to access an 
unlimited number of non-US Persons' data (with a 702 order), with no 4th 
Amendment probable cause standard, for the general pursuit of the 
foreign policy interests of US (1801(2)b) <https://t.co/wwJ3UNY5s9> 
[slides 13-19]. So if the service provider has means to access to the 
plaintext, that counts. No need for copious quantities of Freon and 
mobile PSUs, just an "ordinary" warrant-serving process - for an 
unlimited number of accounts (or potentially global keyword searches).

Altogether there are about 40 such discriminations categorically by 
nationality in US FISA+PATRIOT (another 45 if "Freedom Act" passes) and 
about 2 in Canadian, 10 Australian, 1 NZ, and 0 UK. There's one in 
Germany (G10), which is an embarrassment because such discrimination by 
nationality ought to be illegal under ECHR (and is except that blemish). 
[Most people in Europe think it is odd (to say the least) to think 
foreigners have a lesser human right to privacy than citizens - it is 
part of equal human dignity - and it is part of ECHR jurisprudence since 
1950]

So that makes a big difference when the threats/risk/consequences are 
different for a foreign government looking at the data versus the 
government of the territory where the data originates. Not only can data 
sent to the US be surveilled for literally any purpose (don't believe 
me, see the slides) without due process, and with no rights at all 
compared to substantial if theoretical rights for US Persons, the data 
can also be extracted by remote control from another continent by an 
authorised-but-compelled Cloud operator also. And since this judgement 
<http://www.theguardian.com/technology/2014/apr/29/us-court-microsoft-personal-data-emails-irish-server> 
last week (and probably before in secret and unchallenged long before 
Snowden) for full range of criminal offences, not just spying.

Caspar


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140504/1a0a4114/attachment.html>


More information about the cryptography mailing list