I'm going to start naming a few major government security breaches:
+ TSA keys
+ OPM (all of it)
+ NSA's hacking tools
Were these incredible skilled sidechannel attacks? Movie esque infiltrations?
+ TSA accidentally published the keys
+ OPM was a master password from a contractor who was bribed for about the cost of an ipad
+ NSA hacking tools was.. an email trojan? A CD walked?
Do you really trust these people with anything?
Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
This isn't politics, this is history. This is not the first time, nor the last time we've seen these moves. We know 5 eyes have had major incidents of internal abuse because we have their own documentation on it - and we have their own documentation that they decided to do nothing about it.
It requires external oversight for any organization to truly follow compliance, otherwise the incentives to cheat the system are overbearing. If they won't take us at our word, why would we take them at theirs?
> Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
My point isn't about how much you trust Microsoft, but that Microsoft has keys, which are more easily stolen and in many regards more valuable than the scheme I gave.
> TSA keys
Not remotely comparable. These were never designed to be secure in the sense we're talking here.
> OPM (all of it)
> NSA's hacking tools
Hence the scheme I gave, which isn't vulnerable in the same way.
Basically all your arguments have been proved false in a short amount of time. Agencies could not name a single case where mass surveillance helped. And don't kid yourself, if you have a master key to encryption, it is mass surveillance you try to implement and it will be used as such.
We had security agencies that had the info but didn't act in case of Vienna. Encryption wasn't the issue here, this is an incontinent case of saving face at best, a deliberate attack against civil rights at worst.
> These were never designed to be secure in the sense we're talking here
Encryption today is a protection against access for a limited amount of time. It is an intrinsic rule about every encryption algorithm. It is fundamental property and widely known.
+ TSA keys
+ OPM (all of it)
+ NSA's hacking tools
Were these incredible skilled sidechannel attacks? Movie esque infiltrations?
+ TSA accidentally published the keys
+ OPM was a master password from a contractor who was bribed for about the cost of an ipad
+ NSA hacking tools was.. an email trojan? A CD walked?
Do you really trust these people with anything?
Putting a backdoor into encryption is less secure than a random Microsoft employee backdooring me. At least I know it's Microsoft who will be doing the backdoor...
This isn't politics, this is history. This is not the first time, nor the last time we've seen these moves. We know 5 eyes have had major incidents of internal abuse because we have their own documentation on it - and we have their own documentation that they decided to do nothing about it.
It requires external oversight for any organization to truly follow compliance, otherwise the incentives to cheat the system are overbearing. If they won't take us at our word, why would we take them at theirs?