[Cryptography] Ad hoc "exceptional access" discussion at Crypto'15 ?
Michael Kjörling
michael at kjorling.se
Sun Jul 12 11:16:53 EDT 2015
On 11 Jul 2015 21:36 -0700, from hbaker1 at pipeline.com (Henry Baker):
> "Exceptional access" is the term used in the recent MIT "Keys under
> Doormats" report. One reason for a discussion session is to come up
> with better arguments to explain to non-tekkies what the issues are,
> and why the FBI should be careful what it wishes for.
There's always the possibility of just asking said non-tekkies:
- If the government can't keep their secrets safe (even ignoring
various insider attacks like Manning or Snowden, let alone that which
happens at the hands of disgruntled law enforcement officers or
curious medical practitioners; see e.g. the recent US _Office of
Personnel Management_ breach, or the illicit telephone wiretapping
mess in Greece a few years ago which AFAIK hasn't ever been attributed
to anyone),
- If the companies that make software designed to allow spying on
people can't maintain security (see e.g. the recent _Hacking Team_
episode),
- If large multinational corporations can't maintain security (see
e.g. the recent _Sony_ episode),
- _Then why_ should we trust any of those to, in addition to their own
secrets, keep _our_ secrets safe? Why should _I_ trust them to keep
_my_ secrets safe?
I obviously might not be able to do _better_ (and frankly, am unlikely
to be able to do significantly better) than any of the above, but at
least I'm not creating an _additional_ extreme-value-target treasure
trove which I then fail to adequately protect.
I sometimes compare data encryption to locking your house. (Most
people accept that, even though they aren't doing anything illicit in
their homes, they don't want strangers rummaging through their
belongings.) In that comparison, "exceptional access" would be a sort
of global master key that allows trivial unlocking of _any_ locked
door, in such a way that does not trigger any alarm system or anything
else similar that the home owner might have installed.
--
Michael Kjörling • https://michael.kjorling.se • michael at kjorling.se
OpenPGP B501AC6429EF4514 https://michael.kjorling.se/public-keys/pgp
“People who think they know everything really annoy
those of us who know we don’t.” (Bjarne Stroustrup)
More information about the cryptography
mailing list