[Cryptography] What if Responsible Encryption Back-Doors Were Possible?
Bill Cox
waywardgeek at gmail.com
Thu Dec 6 22:48:28 EST 2018
Re-posting, minus the bottom post cruft that isn't allowed by moderators,
yet is completely hidden by Gmail... This is a BOTTOM post, because
nothing follows it.
As for responsible encryption policies, I believe:
1) It is possible, but _hard_ and _expensive_ to build it securely.
2) No one wants to be in a position where a mass murderer has encrypted
data that cannot be revealed to law enforcement.
3) Governments will always over-reach and go for mass-surveylence that
violates everyone's privacy.
I wont go into tech details, but if Bitcoin can protect billions in online
value, there are systems that can unlock back-doors without too many
failures to make the system a bad idea. Check out what Oasis Labs is up
to, for some good ideas (that remain to be proven). The problem is that
while the public wants tech companies to help law enforcement in extreme
cases, no one wants to simply let governments around the world spy on
absolutely everything we do.
IMO, the only acceptable solutions to this problem will require distributed
trust (like Bitcoin), such that users' devices can participate in decisions
on how their data is used, distributed widely enough that no single entity
can unilaterally decrypt a user's data Data policies will need to be
automated, like smart-contracts on something better than the total-crap
Ethereum VM. When a backdoor is used (or used too often), it should make
the news, because a bunch of different interested folks would notice the
transaction(s) on the blockchain. Secret mass surveylence should be
impossible, as a key requirement for the system design. Publicly visible
mass surveylence should be prohibited by the smart contracts, and the
public should hold governments accountable for overreach.
If the public can monitor the access policy and frequencey of use of these
backdoors, then the tech companies will have a way out of the ethical
delema law enforcement always tries to put them in: secretly snooping on
users for the government (like we saw with Yahoo).
Anyway, I feel very strongly that folks out there should start thinking
along these lines. We'll have to cooperate to make it happen.
Bill
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20181206/301a60f1/attachment.html>
More information about the cryptography
mailing list