[Cryptography] eliminating manufacturer's ability to backdoor users

Sun Feb 21 10:10:39 EST 2016

Yesterday I was thinking about ways to prevent the All Writs Act from being
used to force a manufacturer to plant spyware on a targeted device that is
being actively used by a targeted user.  Note this is different than the
current Apple situation: the current situation asks Apple to hack a device
that is not being used.  My concern is with the government or a court
forcing a manufacturer to use an auto-update or software distribution
mechanism to plant spyware on a targeted device.

Some people might question why anyone would want to do this, but some
obvious examples are to prevent a government from abusing its power by
targeting political dissidents or otherwise violating human rights.

I came up with two potential ways to prevent this:

1. The open source model, which if properly implemented can help users
audit the software being installed on their device.

2. Requiring software to be signed by an organization that resides entirely
within a legal jurisdiction that does not allow secret government-ordered
spyware while providing the signing organization with a way to audit the
contents of the software.

I have a third potential method:

3. Distribute updates completely anonymously: the device would not connect
to the manufacturer's website and identify itself either by transmitting an
id or connecting from a monitored ip address or connecting in a way that an
identification tag can be inserted into the stream by a proxy device.
Instead, the device would connect completely anonymously.  One method would
be to allow signed updates to be distributed to mirrors all over the world,
and allow users to pick their mirrors.  Another or additional step would be
to allow users to connect and download updates from the mirrors using tor.
In order for this to work however, the update software and the software
that is installed would have to be forbidden from accessing any identifying
information on the device, otherwise, the government might be able to force
the manufacturer to deliver a spyware payload to all devices but only
install or activate the spyware if the device matches an identity check;
essentially, this would be a backdoor on all devices that the government
could force to be activated on only targeted devices.

I'm thinking that a combination of 1 (open source) with the first part of 3
(anonymous distribution) would be most effective.

Anyone else have ideas?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160221/c2ec6d24/attachment.html>