How is it that the government that tells us that they need a back door into encryption because the tool that we use to safeguard our privacy can also be used by "bad guys" for evil purposes, completely forgets this argument when it comes to guns? "Yeah, bad guys use guns for bad things but there's nothing we can do." The right to bear arms (interpretation up to debate) and the right to privacy are both supposedly guaranteed in the constitution (amendments 2 and 4).
Good question. Any time folk ask me about email privacy I use what happened to Lavabit as a primer on well, many subtopics as to email security and encryption.
To top it off, if you do develop a new encryption your government may hound you for these backdoors. Need an example? Pretty Good Privacy's author was hounded for years after he released Pretty Good Privacy as shareware.
So let's get to what may be at the root of this issue. How about?
Cryptography programs are classified as munitions under federal law and may not be exported.
Don't you just love it when they try to suppress something that it is impossible to suppress? When digital protection was first subverted they tried to suppress it. The algorithm then appeared on t-shirts. You can pass a law to try to prevent code from being exported but good luck trying to enforce it. There is just no way to keep a lid on that sort of thing. And when the code is public and available for audit it becomes obvious whether or not a back door has been added.
If I use Lavabit as an example, it appears that the current USA government is successfully suppressing secure email in the USA. You have to be elsewhere to avoid US interference in your secure email company. And then that's not true either. Since your system might rely on the internet the US Dept. Of Commerce still exerts control.
To get secure again in the USA you may have to stay under the radar and not tell anyone your underlying comms are encrypted.
Truthfully I am ashamed of the treatment of the folk I mentioned in this thread.
I don't see how the government can suppress encrypted email. There are just so many ways to get around it. So what if companies like LavaBit are prevented from operating. They can't be stopped from operating from another country. Also, there is nothing to stop me from encrypting a message and attaching it to an email. Another method is BitSync. I can connect any number of computers in a private bittorrent group and share an encryption key. Files in the shared folders are synced to all computers in the group. Again, peer-to-peer communication and the data in the shared files does not get stored on any servers in the cloud. There are just too many ways to get information from one place to another securely.
If I am concerned that an encryption scheme has a back door I can still send files securely. If I take an encrypted file and bit slice it, sending all of the even bits in one file and the odd bits in another (more complex bit slicing schemes would only increase security) I imagine that without having both files and knowing how to recombine them, no brute-force decryption would be able to recover the original message.
The genie is out of the bottle.
But that kind of gets away from my original question. Here's another "how is it"
How is it that the government can claim that it is protecting the liberties that ISIS and Al Quaeda supposedly hate us for by passing laws that strip us of those liberties. Seems pretty Orwellian to me. Sort of like when Cliven Bundy claimed that blacks had more freedom under slavery.
Forgive me for two back-to-back political "how is it" questions but after non-stop pre-election coverage from the US, politics is much on my mind. US politics is just so much more interesting/entertaining now that we have tossed Stephen Harper out of the PMs chair here in Canada.
I'm sorry, I thought this the how is it was about the back door to encryption. It's been over a decade since I was in a legal meeting about this area. Since the USA deemed Crytography to be munitions the only way we could sell the product was to do what the US GOV dictated.
But the USA exterts other forces on crypto even if you are out of the USA. I wrote the USA has not entirely released control of DNS root servers but didn't supply any link about that tactic.
-> As to the bit slicing, it suffers from the fact that the bits still arrive at some computer through the same interface. I hope someone will broach this subject on its own but imagine if you didn't get all your bits from the internet. Slice it up and use other data paths to the final destination. At a very high level, parts arrive from the internet, other parts via text messages and maybe some more via steganography.
By mandating the back door, crypto in the wild has proliferated.
In parting the most onerous government I had to deal with was Germany. Their telecom laws were from, well, WW2 days. That was in the 90's and even working for a very large company at the time, Germany's telecom laws were unbelievable when we read them. They've softened over time but in the 90's there were large fines for illegal importation of computer modems.
Oh, Canada? I lived in Vancouver from 1993 to 2000. Amazing years for the web. Still go back there when I can.
Actually I thought it could be a thread for more than just my "how is it" questions.
Back to bit slicing. What if I email a portion of a file then leave the other portion(s) , for example, in a draft folder of another online email account. There is no way to link the two accounts. Or perhaps have an algorithm for recombining slices known only to the sender and receiver. There are ways to defeat any brute force decryption. Except on TV where the nerd can always deduce the password.
Bit slicing is a good start but the discussions I had called it as possibly broken because usually the pieces of the puzzle are picked up at one time over the same pipe. To break that think about using another pipe such as text messages or a picture over MMS and steganography. Now that is something that would be beautiful to behold.
This has roots way back to Roman times with flag signals that not all the flags could be seen by the enemy. If you ship the message entirely over the internet, well, you can see it can be decoded as they have it all. Break it across other carriers and they don't have the full message.