[Cryptography] Justice Dept. Revives Push to Mandate a Way to Unlock Phones

[metzdowd at bikkel.org]

On Mon, Mar 26, 2018 at 10:00:10PM -0700, Christian Huitema wrote:
> 
> On 3/26/2018 9:09 PM, Nico Williams wrote:
> 
> > That is exceedingly hard to do, if not impossible other than by
> > "dropping off the grid".  Everything we do leaks enormous amounts of
> > metadata.  Metadata is all law enforcement really needs (if only they
> > understood this).  All of your messaging and web browsing, really, all
> > of your online activity, and most of your off-line activity (through
> > electronic payments) -- all of this leaks all the metadata needed to
> > know where to apply the rubber hose.  Unless you're willing to dispense
> > with all the amenities of modern life (few are), you leak metadata.
> I am actually very interested in practical ways to reduce metadata
> leakage. At the lower layers, the big ticket items are the MAC
> addresses, which we know how to randomize, the IP addresses, which
> hopefully vary over time, the DNS names, for which we start seeing
> encrypted transports, and the SNI in TLS, which is a very tough nut to
> crack. There are other potential leaks in DHCP and systems like MDNS,
> which can be plugged. I would be happy to complete my list with your
> suggestions.
> 
> Of course, even if we did plug the obvious leaks at the lower layer,
> there are other issues. The graph of connections leaks user social
> networks, unless we find something like Tor for the masses. And then
> there is the massive data collection done by Google and Facebook in
> particular, and the advertisement industry in general...
 
I'm trying to segment data + and it's applications as much as possible.