[Cryptography] End to End ideology is causing us to fail to meet real needs.

Sun Apr 10 16:25:15 EDT 2022

I was just watching this video on the use of E2E by law enforcement. Given
that I am working on the release of an infrastructure that makes use of E2E
much easier, it made me think about a few issues I would like to share here.

State Police Using Encryption Apps to Avoid FOIA? Ep. 7.278 - YouTube
<https://www.youtube.com/watch?v=hhNKfaJ9rzI&t=612>

First off, yes, I get the fact that Hoover, Freeh and Cheney all corruptly
abused their office for partisan political purposes. Putin is the Hitler of
the 21st century and if re-elected, Trump intends to bring Putinism to the
US. I have absolutely no intention of providing a hidden backdoor for
Lawful Access in the Mesh, not for the UK police and certainly not for any
foreign police force.

But I am also aware that if people are going to use ubiquitous encryption
of data at rest, we are going to have to have a completely solid key
recovery story

I am also aware that when people communicate at work, that communication
may constitute a 'work product' which may belong to their employer. These
requirements are not unique to government use but they are probably most
apparent in government and regulated environments.

Consider the case when I call up my broker to buy some shares but my broker
is killed by a falling piano as she goes to get her lunch. I don't just
want her replacement to have access to my conversations with his
unfortunate predecessor, I need him to have that access.

It is the same in government. FOIA isn't just about external
accountability, it is for internal accountability and continuity of
government as well.

It seems to me that we need to have a messaging infrastructure that meets
these needs. Law Enforcement absolutely should be using E2E encrypted
communications. But they should be using a system that provides for lawful
access for the purpose of meeting FOIA requests, etc.

Much has been written on the subject of 'but her emails'. My theory is that
HRC was using the private mail server because she believed it likely that
corrupt GSA employees were likely to selectively leak her emails. A
suspicion that was entirely justified by the Snowden and Manning leaks. So
any lawful/exceptional access capability has to be gated by strong
cryptographic protections with a bulletproof audit log.

Numerous scandals in which emails have allegedly been lost demonstrate the
need for a bulletproof audit trail for sending and receipt of messages.
Back when I was involved in the MIT Whitehouse project, I was told that
they had suffered a substantial loss of mail due to an archiving bug in the
'All in One' mail service that had been deployed. That surfaced six months
later as the 'Al Gore lost emails' flap.

So what we need for a government messaging scheme is:

1) End to End secured confidentiality

2) Notarized audit trail for inbound and outbound messages

3) Exceptional access to stored messages with comprehensive audit trail.

I don't think any of the messaging systems currently being offered meet
those needs. Which may create a gap in the market for the Mesh.

Current status of the Mesh is that it is ready for the alpha release. I am
just writing some documentation so that people can try it out. It does not
do messaging at present but it does provide a contacts catalog that makes
use of multiple messaging schemes easier.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20220410/48ec070f/attachment.htm>