On 12/6/18, Bill Cox <waywardgeek@gmail.com> wrote:
As for responsible encryption policies, I believe:
1) It is possible, but _hard_ and _expensive_ to build it securely. 2) No one wants to be in a position where a mass murderer has encrypted data that cannot be revealed to law enforcement. 3) Governments will always over-reach and go for mass-surveylence that violates everyone's privacy.
I wont go into tech details, but if Bitcoin can protect billions in online value, there are systems that can unlock back-doors without too many failures to make the system a bad idea. Check out what Oasis Labs is up to, for some good ideas (that remain to be proven). The problem is that while the public wants tech companies to help law enforcement in extreme cases, no one wants to simply let governments around the world spy on absolutely everything we do.
IMO, the only acceptable solutions to this problem will require distributed trust (like Bitcoin), such that users' devices can participate in decisions on how their data is used, distributed widely enough that no single entity can unilaterally decrypt a user's data Data policies will need to be automated, like smart-contracts on something better than the total-crap Ethereum VM. When a backdoor is used (or used too often), it should make the news, because a bunch of different interested folks would notice the transaction(s) on the blockchain. Secret mass surveylence should be impossible, as a key requirement for the system design. Publicly visible mass surveylence should be prohibited by the smart contracts, and the public should hold governments accountable for overreach.
If the public can monitor the access policy and frequencey of use of these backdoors, then the tech companies will have a way out of the ethical delema law enforcement always tries to put them in: secretly snooping on users for the government (like we saw with Yahoo).
Anyway, I feel very strongly that folks out there should start thinking along these lines. We'll have to cooperate to make it happen.
Please tell us when you develop or find such a distributed backdoored cryptosystem that you feel is strong enough to protect *your own secrets* from access by others... all the salacious messages pics and videos of that BDSM affair you had, all the edits you've made to your resume, the source and fact of your last weed order because the PTSD from your stint as a secret CIA torturer has you about to lose it, all the crap you nicked, your bank accounts, your speech and politik, that weird thing you do with the stuffed groundhog, your kids, your health, etc. Or the fact that you're a complete nothing with nothing to say if that's the case. You'd have a better chance of eliminating Government Surveillance through Anarchism than you would finding such a cryptosystem.
the only acceptable solutions to this problem
Stalemate status quo is an acceptable solution, no change to implement backdoors needed... People have been using codes since thousands of years, as relatively strong and without backdoors in their day back then, as they are now today, and society has done just fine all along. If you want distributed for yourself, use secret sharing system. Trying to develop and force that upon others will just come back upon you and you know it. Strong crypto is a tool, not the problem. Melting down the tool isn't going to help. It just reverts you to former centuries. Backdoors are stupid. Get over it.
the public should hold governments accountable for overreach.
Never in the history of all Governments past has that ever worked, therefore any apparent working today is extremely likely to fail. Kings will Govern and Force their backdoors in your backdoor until you depose them. Next time that happens, do the one thing that hasn't been tried in history... don't prop them up in the first place. The change in thinking needed to do that will likely eliminate most of the extant problems you seek to "fix" with backdoors.
moderators
Lol, bcc'd.