On 6/04/13 07:27 AM, Nico Williams wrote:
On Fri, Apr 5, 2013 at 9:17 PM, NgPS <n...@rulemaker.net> wrote:
In the movies and presumably in real life, bad guys have smart crooked
lawyers advising them. Surely the bad guys have the resources to set up
bunch of servers a la iMessage/Whatsapp, and write/deploy their own apps on
their mobile devices, running stripped-down custom ROMs, to communicate via
these servers, to avoid 3rd party MITM. Don't even need crooked developers,
just advertise on Hacker News and whole bunch of "hackers" will jump on it.
It'd be nice (for good guys certainly) to be able to open-code
everything that one needs, or otherwise review all of the source code
to the object code that one needs. In practice you cannot do this.
It's ETOOMUCH.
That's the best short description I've seen yet!
In the worst case scenario for the LEA there's still traffic analysis
and warrants/court orders/rubber hoses that they can resort to.
Crypto only helps the good guys w.r.t. bad guys and other governments
(and then only sometimes); crypto is just a polite way of saying "try
harder, get a warrant" to the LEA with jurisdiction over you (or your
devices). For LEA my guess is that the biggest problem isn't how to
get at evidence, but how to know who the bad guys are: in a sea of
traffic it's hard to tell when you don't even know what's needles and
what's hay, which must be why LEA tend to have such a dislike for good
guy crypto.
This bit:
We hope the NSA types haven't forgotten that good guys
need crypto, whether LEA like it or not.
I personally believe that the NSA's policy that the good guys don't need
good crypto is the underlying root to the problem. A goodly portion if
not all.
Internally to the NSA this is known as 'the equity issue' or so I've heard.
In economic terms, the NSA imposes a sort of tobin tax on crypto which
results in a stupidity drag on all security, thus making it easier for
all to avoid doing good work.
Otherwise, I can't answer the question -- why as a society are we so
good at internets, databases, apps, social networks, distribution of
institutions, algorithms, all the good CS stuff, but we can't get our
collective security act together?
iang
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography
