|
||
|
15 June 2011
Crypto and Security/Privacy Balance
From: StealthMonger <StealthMonger[at]nym.mixmin.net>
Nico Williams <nico[at]cryptonector.com> writes: http://diable.upc.es/~marcos/pgp/pgpdoc1.txt [2] CACM 28(10), October 1985 http://www.chaum.com/articles/Security_Wthout_Identification.htm
From: Adam Back <adam[at]cypherspace.org> Well said StealthMonger, I suspect Nico is in the minority on this list with that type of view. I read Nico's later reply also. Short of banning crypto privacy and security rights stand a better chance of being balanced by more deployment of crypto. (In terms of warrantless wiretaps etc which seem to just keeping going and getting worse in many supposedly civilized western democracies.) There are still plenty of things government security people can usefully do towards security - spend the money on inflitration of groups who are real security threats. I would say privacy tech & crypto is essential to maintaining a good point on the security/privacy balance in a world where security policy encroachment has gone into overdrive. To retain electronic liberty, crypto is the answer. I dont think crypto can be realistically banned in western countries at this stage, the electronic part of security encroachment is mostly opportunistic hoovering up things that are not protected. There are multiple privacy properties - confidentiality of communication contents, privacy of association (cryptographic freedom of association) like pseudonymous email (protection against traffic analysis), cryptographic enforced member only discussion groups/chats. Then there are countries where crypto is officially or effectively already banned - there being caught with privacy tech on your laptop, cell phone etc would be dangerous. Crypto and other privacy techniques can counteract somewhat - with steganography, that though obviously its a tough threat model. See http://www.nytimes.com/2011/06/12/world/12internet.html?_r=1 Its also a kind of interesting conflict that western governments think of themselves, or try to portray themselves as moral forces of good and yet there are a few cases where this technology the US is helping fund really needs to be used in western democracies, including the US. The UK governments right to force key disclosure is an abomination, no civilized country should be going in that direction. Adam _______________________________________________
cryptography mailing
list
From: Nico Williams <nico[at]cryptonector.com> On Wed, Jun 15, 2011 at 3:22 AM, Adam Back <adam[at]cypherspace.org> wrote:
> Well said StealthMonger, I suspect Nico is in the minority on this list
with Don't misunderstand me: I think crypto has a place, and that place is mostly to protect us from other private citizens, from foreign powers, and from casual inspection by one's state (i.e., keeping the state and its minions honest). It's only when push comes to shove that crypto doesn't help. Long before push comes to shove you have to deal with the fact that your crypto is only a small part of the big picture: do you know if your peers are malicious? are your compute resources physically secure? are you certain of that? are they tamper resistant? are there unpatched, or worse, unknown-to-you vulnerabilities in your software (or worse, firmware, or worse, hardware) that others could exploit? is your key management secure? Security is oh so much more than just using AES, so much more than just using secure cryptographic protocols and algorithm suites. Crypto does not completely change the nature of security in the online world versus physical security in the off-line world -- there's analogies for most situations. Crypto alone is not a panacea. If you want to live in a free society you must do more than hide behind ciphers. You must participate in its politics to keep your society free. If it isn't already free, then you have a very big problem -- crypto can only be a small part of how you might address it. For example, if in order to free your society you conclude that you must change its culture openly, then crypto won't help you for you must speak publicly. Crypto will help you, to a point, if you're trying to organize a revolt, but don't be surprised when crypto fails to keep you safe in that case -- you'll likely need weapons and to be willing to use them. BTW, I'm surprised any of what I've said on this is remotely controversial. Nico -- _______________________________________________
cryptography mailing
list
|