[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Cryptography] Justice Dept. Revives Push to Mandate a Way to Unlock Phones

On Tue, Mar 27, 2018 at 03:49:10AM +1000, jamesd AT echeque.com wrote:
> On 3/26/2018 1:22 PM, Nico Williams wrote:
> >There is no crypto that beats rubber hose cryptanalysis.  This extends
> >to all technology.
> Stego beats rubber hose.

It does not.  If you're found to have steganographic software then it's
a reasonable inference that you are *using* it, and it's all downhill
from there.

This debate comes up periodically on this list.  Let's not retread.

Law enforcement types don't care that you think you're being clever.
Neither do judges.  Neither do legislators.  These are political
problems, not technical.  There are no technical solutions to political
problems -- the state is armed with more guns and law enforcement and
soldiers than you could ever hope to counter in anything other than the
most widespread popular revolt.

Everyone in this field ought to know all of this by now.

If you object to the CLOUD Act or anything like it, you have to
participate in the political process.  Perhaps, if you're a brilliant
lawyer or have a brilliant lawyer, and if the Supreme Court is amenable,
and if you have time and money to spend on it, you might prevail in
court, but I doubt this.  The same goes for just about every western
country (though often it's worse elsewhere than the U.S. for lack of a
Bill of Rights).

> Minimize use of cleartext headers so that they will not know where to apply
> the rubber hose.

That is exceedingly hard to do, if not impossible other than by
"dropping off the grid".  Everything we do leaks enormous amounts of
metadata.  Metadata is all law enforcement really needs (if only they
understood this).  All of your messaging and web browsing, really, all
of your online activity, and most of your off-line activity (through
electronic payments) -- all of this leaks all the metadata needed to
know where to apply the rubber hose.  Unless you're willing to dispense
with all the amenities of modern life (few are), you leak metadata.

The cryptography mailing list
cryptography AT metzdowd.com