[Cryptography] "The Moral Character of Cryptographic Work"
crypto at senderek.ie
Fri Dec 4 05:20:59 EST 2015
Phillip Rogaway's essay introduced here by Perry Metzger aims at changing
the mindset of current cryptography research (and practice).
I'd like to emphasize only three of the many excellent ideas from this essay:
First, the moral dimension of cryptography is not an accidental appendage,
it is a fundamental part, because cryptography can be used to empower people or
to take their freedom away. Phillip convincingly shows why mass-surveillance
is dangerous for society and its negative social effects on people will lead
"[...] our inability to effectively address mass surveillance constitutes
a failure of our field." (Abstract)
Secondly, to live up to the moral obligations of cryptography we need a
realistic threat model and act upon this threat model efficiently, not abstract.
"At this point, I think we would do well to put ourselves in the mindset of a
*real* adversary, not a notional one: the well-funded intelligence agency, the
profit-obsessed multinational, the drug cartel. You have an enormous budget.
You control lots of infrastructure. You have teams of attorneys more than
willing to interpret the law creatively. You have a huge portfolio of zero-days.
You have a mountain of self-righteous conviction. Your aim is to *Collect it All,
Exploit it All, Know it All*. What would frustrate you? What problems do you
*not* want a bunch of super-smart academics to solve?" (p. 41)
Is the answer really "How to repair the internet, how to fix protocol issues?"
Is it "How to restore trust in (to this point untrustworthy) online services?"
I don't think so, because people's dependence on a technical infrastructure they
don't understand nor control themselves is the building block of the insecurity
we face today. We shouldn't underestimate the frustration potential of a development
that would restore (or even start to enable) user's control over their digital lives.
Phillip Rogaway calls this "A cryptographic commons".
"We need to erect a much expanded commons on the Internet. We need to realize
popular services in a secure, distributed, and decentralized way, powered by
free software and free/open hardware. We need to build systems beyond the reach
of super-sized companies and spy agencies. Such services must be based on strong
cryptography. Emphasizing that prerequisite, wee need to expand our *cryptographic
commons*. (p. 41)
Popular services reflect real needs, something that has value for people who want
to improve their lives in their communities, it's not an abbreviation for mindless
entertainment. Phillip's own primary example is *secure messaging*, the need to
be able to communicate without fear.
Any solution would include a decentralized component, whose reliability and
trustworthiness is of paramount importance to prevent it from becoming the next
Wouldn't it be prudent to direct much more effort into developing, testing and promoting
such a crypto server under the user's own control?
"But for cryptography, much is lost when we become so inward-looking that almost
nobody is working on problems we *could* help with that address some basic human
need. Crypto-for-crypto starves crypto-for-privacy, leaving a hole, both technical
and ethical, in what we collectively do." (p. 24)
More information about the cryptography