Security quote of the week
Posted May 1, 2019 8:12 UTC (Wed)
by raof (subscriber, #57409)
[Link] (8 responses)
There's a weird bubble in tech about cryptography. There's some sort of strain of libertarianism in the zeitgeist eating otherwise sensible people's brains.Security quote of the week
Posted May 1, 2019 13:00 UTC (Wed)
by foom (subscriber, #14868)
[Link]
Maybe the ones that claim you as a citizen? (How would Google/Apple/Microsoft know if a government is telling the truth about that?) The ones in which your device is physically located at the moment? The ones whose published laws you may have verifiably broken by posting comments on a discussion website? Or, just the USA government, no matter who the user is, because that's where Google/Apple/Microsoft HQ is? Or maybe, all governments that G/A/M have any corporate presence in?
Posted May 1, 2019 18:02 UTC (Wed)
by karkhaz (subscriber, #99844)
[Link] (6 responses)
No, I think you're missing the point about why people don't want government-installed backdoors.
> "Agents of the government are allowed to access your stuff when specifically authorised by the legal system" is a pretty much mandatory component of any functioning society
Even if you believe the government should have access, the argument is that doing so gives everybody else access too. You cannot weaken encryption only for the government but still expect it to work against everybody else.
> There's plenty to be concerned about in the scope and targets of such authorisations in practice, but I think in principle this is an important power for society to have
Forget "in practice", let's imagine the ideal situation where the government used their backdoor only for whatever reason you think would be reasonable, and never abuse their powers. Even then, people make mistakes. It only takes one mistake to leak the backdoor key. If the consequences of making a mistake are as catastrophic as what would happen if the government's master key is leaked, then it must not be possible for that mistake to happen---which is only possible when no such key exists.
And even if you believe that your government is both trustworthy and infallible (which is an indefensibly naiive position IMHO), I don't suppose you hold the same view of every other government, who themselves have an interest in getting that key.
> The alternative is to trust Google* but not your government, which is… certainly a thing you could do.
I don't think this is totally unreasonable. Disclaimer, I work at AWS and have interned at Google twice. As far as I can tell, big companies do a much better job at security than the government does. No idea why, perhaps because they pay (a lot) more for top talent. Who you trust really depends on what you're trying to protect against. If you don't want Google/Amazon to read your stuff (again, this is reasonable), then don't send them your plaintext, but you can certainly encrypt locally before sending your data. If the government has a backdoor to your system, then you don't have that option.
So to go back to your false dichotomy, having a non-backdoored system means that you are able to trust neither Google nor the government. My general assumption is that any data about me that the government has generated or seen (my passport number, medical records, etc) is or will be public information, or at least on sale to the highest bidder. That's already bad enough; I don't also want the government to have access to my communications and other personal data. And I genuinely think that can do a better job than they can at keeping the data safe, possibly because I'm more competent, but certainly because my data (alone) is less of a less juicy target than the data of everybody that the government has access to.
Posted May 2, 2019 5:57 UTC (Thu)
by raof (subscriber, #57409)
[Link] (5 responses)
Yes, but this argument is wrong. Or, rather, applies only to a specific type of access, where you provide access by allowing the decryption of in-transit data.
But that's a stupid place to provide such access! Everyone knows that the endpoints are always the weak points of any secure system, and Google controls one end-point: my Pixel phone. It is entirely within Google's current capabilities to send my phone (and *only* my phone) an update that records the passphrase I use to unlock the FDE. Even if I were paranoid, there's basically no way I could detect or prevent this.
Likewise, it is either possible now, or easily implementable, for Signal to send my phone (and *only* my phone) an update that sends a copy of the messages encrypted with a known key to a wiretap server. *However*, in this case, paranoia *can* save me - because I can see the source code of Signal *and* Signal is reproducibly built, I can audit the code and verify that the binary I install is the same as the code I've audited. (Of course, in reality, this is the "a bunch of people on the internet" version of "I've" ☺).
Unless Google intervenes, of course! On an untrustworthy OS, no operation can be trusted.
(This is what I mean by “libertarianism eating people's brains” - they take the most unreasonable way of servicing the request and then indignantly pronounce that it's unreasonable, rather than wondering whether there *is* a reasonable way of servicing the request)
> If you don't want Google/Amazon to read your stuff (again, this is reasonable), then don't send them your plaintext, but you can certainly encrypt locally before sending your data. If the government has a backdoor to your system, then you don't have that option.
> So to go back to your false dichotomy, having a non-backdoored system means that you are able to trust neither Google nor the government.
But I need to trust Google that I don't have a backdoored phone. Google - by necessity - has the master key to my Pixel. That master key means that I have to *trust* that Google hasn't backdoored my phone, and if it *has* there's nothing I can do to prevent Google from reading my stuff.
Google *can* read all the stuff on my Pixel without my knowledge, even if I go to absurd lengths to prevent it. I trust that it doesn't, but it can. I don't particularly object to the government requiring that Google does this on its behalf - given an appropriate legal framework, judicial review, and so on. It doesn't meaningfully reduce security, because it's the security status quo.
Signal, on the other hand, *can't*, at least not in a way that would be relatively easily detectable. I *would* object to the government requiring that Signal change its practises so that it can undetectably read my stuff, as this is a step back from the status quo.
Posted May 2, 2019 22:48 UTC (Thu)
by Wol (subscriber, #4433)
[Link] (4 responses)
WHICH government? Given the USA's belief that it rules the world ...
And no, I do NOT live that side of the pond, and DO NOT want the US government anywhere near my phone, or anything else of mine, either!
Cheers,
Posted May 6, 2019 2:34 UTC (Mon)
by raof (subscriber, #57409)
[Link] (2 responses)
Ideally, the government of which the target is a citizen. So, the Australian government for me, the UK (or whatever) government for you. Ideally not repressive regimes, but to some extent they're not concerned with this anyway; a repressive regime can simple mandate you install an app, or require that you give up your password on pain of imprisonment (or worse).
> And no, I do NOT live that side of the pond, and DO NOT want the US government anywhere near my phone, or anything else of mine, either!
Then you'd be better served with visible-source reproducible builds! You're *currently* trusting that the US government doesn't already have such an arrangement.
Let me say that again: my *preferred* outcome is that *neither* Google, nor a government, is capable of undetectably bugging my phone. Going from zero actors who can do that to one is a big deal; going from one to two is much less so.
I'll also note that we've switched from “It's technically impossible” to “I'd prefer governments not to have that capability”; that's a perfectly sensible argument to have. I'm happy to have a “we *should* not allow warrants for law enforcement to access phones” discussion. It's the “we *cannot* provide access to phones" argument that I think is dishonest.
Posted May 6, 2019 9:23 UTC (Mon)
by mpr22 (subscriber, #60784)
[Link]
Some individuals are citizens of zero countries. (This is not supposed to happen, but it does.)
Some individuals are citizens of two countries at once. Of these, some would very much like to only be a citizen of the country in which they have been naturalized, but the laws of the country of their birth make no (safely usable) provision for the renunciation of citizenship.
Posted May 6, 2019 13:16 UTC (Mon)
by karkhaz (subscriber, #99844)
[Link]
Your comment seems to imply that you don't consider the UK to be such a repressive regime. I'd like to introduce you to our good friend RIPA, which is precisely a law that mandates turning over your password on pain of imprisonment. I had my doubts about this law when it was passed, but it's already paid for itself after it was used to make journalists reveal their sources without any oversight, amongst many other creative uses that you can read about in the sprawling "Controversy" section in the below article.
https://en.wikipedia.org/wiki/Regulation_of_Investigatory...
> Let me say that again: my *preferred* outcome is that *neither* Google, nor a government, is capable of undetectably bugging my phone. Going from zero actors who can do that to one is a big deal; going from one to two is much less so.
I see, this makes sense. I don't share that view, though, because it's not just going from one to two: what the government can do with my personal information, and what Google can, is not equivalent. Google can't arrest me, prevent me from leaving the country, seize my financial assets, etc.
Posted May 6, 2019 22:46 UTC (Mon)
by nix (subscriber, #2304)
[Link]
Your privacy is principally preserved by the fact that the US and UK intelligence services don't give a damn about you. (Or me.)
Security quote of the week
Security quote of the week
Security quote of the week
Security quote of the week
Wol
Security quote of the week
Security quote of the week
Security quote of the week
Security quote of the week
And no, I do NOT live that side of the pond, and DO NOT want the US government anywhere near my phone, or anything else of mine, either!
Your government (and mine) is a member of the Five Eyes intelligence-sharing alliance (indeed, the only member other than the USA that has its name in the name of the alliance). Good luck keeping the US government out of anything it wants regarding your private affairs that the UK intelligence services has (or can) acquire. It asks the UK, the UK rolls over: if it's your private business, it is almost certainly not so secret that it cannot be shared with the USA. (The converse is not as true: the US does not roll over anywhere near as easily when the UK asks.)