[Cryptography] "we need to protect [our dox] by at least encrypting them"
agr at me.com
Fri Nov 11 13:32:26 EST 2016
> On Nov 10, 2016, at 6:00 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> [Reordered as there are two topics.]
[Thanks, I’ll address the second in the election security thread.]
> On 11/10/16 at 6:59 AM, agr at me.com (Arnold Reinhold) wrote:
> On Nov 9, 2016, at 8:38 AM, Ian G <iang at iang.org <mailto:iang at iang.org>> wrote:
>>> 1. Hillary's use of private server was an attempt to deal with one threat, although what that was was
>> never clear to me. But it opened her up to another threat - hacking. At a simplistic level, I think the answer is clear - don't do that. At deeper level, we should be delivering systems that don't lead the users to taking such drastic steps, and then making their situation worse.
>> The threat the private server was an attempt to deal with was employees who have access to her emails leaking them to political opponents. The security officers you suggest she should have gone to are likely part of the threat, not the solution. Hacking was a risk, but we know that the State Department unclassified email system was hacked, while there in apparently no evidence her servers were. Of course a more secure approach would be preferable.
> Hillary's concern about the State Department employees seems quite rational to me. A technical solution to the problem is to build email servers where the admins can't read the emails. Encryption seems to be a logical tool to use. Such a solution would probably protect against outsiders as well.
She would still need trusted devices (e.g. office, mobile, home) that can hold her decryption key and retrieve and read the encrypted mail. There also needs to be a device or process that receives her unclassified emails, much of which are plain text, encrypts them for archiving in the department email database and makes them available to her trusted devices. Even knowledge of which emails are read when has potential value to political opponents, so a dedicated device with physical security controlled by her trusted aides is preferable to a virtual machine in some department or GSA server farm. When all is said and done, it seems to me that in meeting these requirements what you create is hardly distinguishable from a private email server.
More information about the cryptography