Hi, Standard Fallacy: if communications are encrypted they cannot be read/obtained.
There are two places where 'encrypted' communications are viewable, at the sender and receiver. Thus, the government (or anyone) can obtain the communications by invading the sending or receiving system if either a plain-text of the message(s) or the key and cipher text are still obtainable on the device. Metadata of the communication is often available in logs. The question is, under what circumstances should the government (or others) be able to do this? Recall that when people say 'encryption' what they usually mean is 'secure communication' and that means 3 things (CIA model): Confidentiality, Integrity and Authenticity. Sometimes only two of these properties are desired, and I suggest that we should be thinking about this. For example, a public forum wishes for integrity and authenticity but does not necessarily require confidentiality. No amount of digital 'secure communications' will prevent surveillance when an end-point device is compromised (e.g key logger). Additionally, current transport protocols include the addresses of the end-points and thus expose the metadata of these connections to all locations in the communications path, irrespective of 'secure communications'. Thus, anonymity is another consideration that is entailed in these discussions. -- Hugo Connery, Head of IT, DTU Environment, http://www.env.dtu.dk ________________________________________ From: perpass [[email protected]] on behalf of [email protected] [[email protected]] Sent: Friday, 27 March 2015 03:11 To: [email protected] Subject: Re: [perpass] https.CIO.gov Encryption everywhere all the time? No, thank you. Better said, and at effective length, by David Golumbia Opt-Out Citizenship: End-to-End Encryption and Constitutional Governance http://www.uncomputing.org/?p=272 --dan _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
