[Cryptography] October 28th is now National Cryptography Day

Phillip Hallam-Baker phill at hallambaker.com
Sun Nov 13 09:23:51 EST 2016 

On Sun, Nov 13, 2016 at 1:12 AM, Jerry Leichter <leichter at lrw.com> wrote:

> If Hilary had encrypted her email, she would almost certainly be president
> elect.
>
> If Hilary had encrypted her email, she would have been faced with a court
> ordering her to decrypt it.  Yes, there could have been a whole battle over
> whether the 5th Amendment prevents the government from forcing you to
> disclose your password.  The law on this is currently completely unsettled.
>

​The principal policy objection made against her private server was that it
might have been compromised by a foreign power and classified information
might have leaked. Encryption would have completely blocked that attack.



> But ... it would have made little *political* difference.  First of all,
> she actually turned over the relevant email, leaving out only what she
> claimed was "irrelevant" personal stuff.  I see no reason to believe she
> would not have decrypted this material if the demand was made.  And if she
> had refused, the political liabilities would have been enormous - way
> beyond any outcry about Trump not releasing his taxes.  The actual contents
> of the emails were, in fact, pretty mild as these things go.  Had she
> refused to decrypt them, people - certainly the Republicans, but even many
> who would otherwise sympathize with her - would have assumed there must be
> something in there to hide.
>

​Government emails have caused problems in every administration since the
first Clinton administration. And not just for the reasons known in public.

The EOP and much of the federal government was using a DEC all in one mail
system in 1993 which had been discontinued. So there was a shift to a new
system (Lotus Notes??). This was not a happy process. The new system didn't
archive stuff as it was meant to. If you remember, back in the day, there
was a fuss over Vice President Al Gore's lost emails after one of the mail
servers broke and it turned out there were no backups.

A large part of the Gore scandal involved allegations that emails involving
fund raising activities might have been sent over government computer
systems and thus break the Hatch act. So to avoid that problem, the
incoming Bush administration mostly used a mail server run by an RNC
contractor. Not only was it hideously insecure, the nationalities of the
administrators makes for interesting reading.

So the requirements are much broader than just 'encryption'. At a technical
level it is necessary to:

* Restrict ability to send to the govt. email addresses so that it isn't
necessary to keep the spam.

* Log all messages in a notarized linked log
​
​* Modify the Hatch act to permit limited use of electronic communications
for party purposes by elected officials​.

On the confidentiality side, I am already working on a system that uses
Proxy Re-Encryption to enforce access controls to SCI. This is
Mesh/Recrypt. Each security label maps to an encryption key. The
administrator holds the private key and splits out recryption/decryption
pairs​ to individual users/devices.

​I don't have much on Mesh/Recrypt on the site yet, but I pushed the rest
of the Mesh docs last night:

http://prismproof.org/​




> Cryptography isn't a magic bullet solving every social or political
> problem.  Hilary was at least partially defeated by a history of keeping
> things hidden and quiet - which ended up leading to much more trouble when
> they finally came out than they likely would have had she been more
> up-front to begin with.  This made her look untrustworthy:  No matter how
> many investigations might clear her of any wrong-doing, each likely
> revealed *something* new - leading to the suspicion that there was yet more
> to be found.  This is perception vs. reality, and a *perception* of
> dishonesty can only get worse if material is hidden - by cryptography or
> otherwise.
>
> Cryptography is a tool, and like any tool, it has to be used wisely and
> appropriately.
>                                                         -- Jerry
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20161113/52aafa15/attachment.html>

More information about the cryptography mailing list