[Cryptography] Justice Dept. Revives Push to Mandate a Way to Unlock Phones

[Christian Huitema]

On 3/26/2018 9:09 PM, Nico Williams wrote:

> That is exceedingly hard to do, if not impossible other than by
> "dropping off the grid".  Everything we do leaks enormous amounts of
> metadata.  Metadata is all law enforcement really needs (if only they
> understood this).  All of your messaging and web browsing, really, all
> of your online activity, and most of your off-line activity (through
> electronic payments) -- all of this leaks all the metadata needed to
> know where to apply the rubber hose.  Unless you're willing to dispense
> with all the amenities of modern life (few are), you leak metadata.
I am actually very interested in practical ways to reduce metadata
leakage. At the lower layers, the big ticket items are the MAC
addresses, which we know how to randomize, the IP addresses, which
hopefully vary over time, the DNS names, for which we start seeing
encrypted transports, and the SNI in TLS, which is a very tough nut to
crack. There are other potential leaks in DHCP and systems like MDNS,
which can be plugged. I would be happy to complete my list with your
suggestions.

Of course, even if we did plug the obvious leaks at the lower layer,
there are other issues. The graph of connections leaks user social
networks, unless we find something like Tor for the masses. And then
there is the massive data collection done by Google and Facebook in
particular, and the advertisement industry in general...

-- Christian Huitema