[tor-project] Human rights and encryption op-ed in Foreign Policy

Thu Sep 15 06:58:04 UTC 2016

Greetings,

Responding inline;

> There is no guarantee that a golden key will work, given the facility in which rogue hackers from all over the world can develop their own encryption tools. In February, a study by the Berkman Klein Center for Internet & Society at Harvard University focused on some 865 encryption products from 55 countries, two-thirds of which were built outside of the United States. Of these, roughly two-thirds are commercial and the others are open source, even though some of the free products are only libraries that contain building blocks rather than whole encryption systems. Given the resources available to ill-intentioned hackers, it would therefore be impossible to stop them from building strong encryption applications of their own.

Might there be other valid definitions of a "golden key"?
In my view a golden key is obviously an operating system software
update signing key and it is guaranteed to work.

http://arstechnica.com/security/2016/02/most-software-already-has-a-golden-key-backdoor-its-called-auto-update/

> Instead, building encryption software with a golden key for government access would gravely compromise security for law-abiding citizens around the world, as it would encourage criminals and terrorists to build their own illegal software to frustrate the authorities and leave those without the technological skills—most of the world—more vulnerable to attack.

Are you saying that cutting edge security software necessarily gets
developed by criminals and terrorists?  In that argument lie slippery
slopes. I can tell you certainly many computer security researchers
have been accused of criminal activity but let's not perpetuate that
stereotype.

Again my point above regarding for example Debian's package signing
keys, they weren't intended to be a "golden key" but it turns out they
are.  Yes crypto is used but we need cryptographic group signature
schemes to protect against key compromise.

> Journalists in the United States are also using strong cryptography, such as an innovative program called SecureDrop, which enables whistleblowers to share information with media organizations securely and anonymously. This is especially important for whistleblowers with information on malfeasance by officials in local, state, or federal government. As in foreign countries, protecting free media requires security against government snooping.

Actually SecureDrop doesn't have any end-to-end crypto unless the
source encrypts the document with the journalist's PGP key.  I know
that SecureDrop uses Tor onion services which does provide end-to-end
transport crypto but that's not the same as application level end to
end crypto. In the worst case scenario if the SecureDrop server were
hacked the attacker could read these documents that were submitted
without PGP encryption.

In Ka-Ping Yee's most excellent paper "User Interaction Design for
Secure Systems" ( http://zesty.ca/pubs/icics-2002-uidss.pdf ) he
describes various principles and properties that secure software
systems should have and one of them is called the Principle of the
Path of Least Resistance which can be summarized as "the natural way
should be the secure way". This means that the user is going to do the
easiest thing therefore if there is an extra action that need be taken
for additional security then this will be neglected.

sincerely,
david
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-project/attachments/20160915/1a6518f8/attachment.sig>