W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: DOJ asks Google to back off on https

From: Joe Hall <joe@cdt.org>
Date: Wed, 28 Jan 2015 13:56:30 -0500
Message-ID: <CABtrr-WeVj6CZ7KntkuGp7aNAf3_zH+YiLGXH8MVODHbFn1nzw@mail.gmail.com>
To: "Mike O'Neill" <michael.oneill@baycloud.com>
Cc: public-privacy@w3.org
I can't read it either but the focus of FBI/DOJ has been device
encryption... if it is transport encryption (https, dtls, etc.)
someone let me know!!! best, Joe

On Wed, Jan 28, 2015 at 6:24 AM, Mike O'Neill
<michael.oneill@baycloud.com> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I haven't got a subscription but this appears relevant to our discussions. Has anyone got more information?
>
> http://www.lexisnexis.com/legalnewsroom/technology/b/newsheadlines/archive/2015/01/27/doj-atty-joins-call-for-google-to-back-off-data-encryption.aspx
>
> Mike
>
>
>
>> -----Original Message-----
>> From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
>> Sent: 28 January 2015 09:12
>> To: 'David Singer'
>> Cc: 'Danny Weitzner'; 'Rigo Wenning'; public-privacy@w3.org
>> Subject: RE: On the european response to Snowden
>>
>> *** gpg4o | Valid Signature from 7331532E2E5E6D89 Mike O'Neill
>> <michael.oneill@btinternet.com> ***
>>
>> David, comments to your comments inline
>>
>> > -----Original Message-----
>> > From: David Singer [mailto:singer@apple.com]
>> > Sent: 27 January 2015 14:33
>> > To: Mike O'Neill
>> > Cc: Danny Weitzner; Rigo Wenning; public-privacy@w3.org
>> > Subject: Re: On the european response to Snowden
>> >
>> > Thanks Mike, comments inline
>> >
>> > > 1) Signalling.
>> > >   We saw a bit of this in the DNT discussions. How to create a signal
>> > conveying a user's explicit agreement for something or their preferences for
>> > something to one or more entities that may exist across multiple origins, in a
>> > secure untamperable way. This may eventually be superseded by:
>> >
>> > A challenging problem.  These signals and preferences tend to be small, and
>> > padding them and then signing them digitally would seem to be using a
>> > sledgehammer to crack a walnut.  But maybe the walnut is growing in
>> > importance.  Other ideas?
>>
>> I was meaning more the general problem of signalling between entities, i.e.
>> between the UA acting for an individual and companies which control many
>> domains/origins. There are several use-cases that came up in DNT and it
>> requires authentication of identity which was also why it will be subsumed into
>> point 2.
>>
>> >
>> > > 2) Anonymity.
>> > >   To ensure privacy we should be able to trawl the net anonymously, but
>> > with some identity available through defined transactional processes. For
>> > example we may allow a subset of our identity to be discovered by some
>> parties
>> > we know about and have reached agreement with. This might just be a broad
>> > audience categorisation (male, geek, whatever) or it might be more specific
>> > (MEP, a particular child's parent, member of a club). Visible identity changes
>> with
>> > circumstances i.e. I could anonymously apply for a loan or agree to pay for a
>> > purchase but I would need to be accountable. My legal identity would have to
>> be
>> > discoverable in certain agreed circumstances. We may also agree, through
>> > membership of a "rule of law" jurisdiction ,that our identity is discoverable by
>> > law enforcement under agreed (by society) circumstances.
>> > >
>> > > This may go beyond HTTP, i.e. IPv6 anon. auto configuration everywhere or
>> a
>> > new internetworking layer, focus on stopping fingerprinting, and it is a big one.
>> > It will need heavy guns.
>> >
>> > Online anonymity — secrecy — is hard, as you know. ToR is hardly an easy or
>> > universal solution. I recently did the thought experiment “what if every router
>> > was a NAT box?” — this would mean that IP addresses would be useless as
>> > proxies for identity — and the answer is that anonymity would improve but
>> > many other things (e.g. phone calls) would suffer. Again, ideas for this would
>> be
>> > good.
>>
>> I think there should be an out-of-band identity exchange, non-trackable i.e. does
>> not use UUIDs but established below the tunnel. Maybe in the https handshake
>> or in an internetwork layer.
>> The identity exchange should be under the control of both parties, but also
>> visible to third-parties in defined circumstances for instance when accountability
>> or law enforcement is required.
>>
>> >
>> > > 3) Encryption.
>> > >
>> > > There is talk about making end-to-end encryption illegal. While this may
>> seem
>> > silly and is probably a shot across the bows, https everywhere stirs the hornet's
>> > nest. I think an answer involves some process whereby https is made more
>> > secure (via certificate pinning etc.), available to anyone but that law
>> > enforcement is given the means to determine identity through an
>> internationally
>> > agreed process i.e. along the lines of 2).
>> > >
>> > > I think any backdooring process will just end up helping the bad guys, so we
>> > have full ETO encryption available but if the net can properly ensure privacy
>> and
>> > security only a minority will need it.
>> >
>> > So you envisage encryption that is end-to-end and backdoor free, but
>> > nonetheless accessible to lawful intercept. Challenging in today’s
>> environment,
>> > but maybe there is a solution.
>>
>> I was thinking more that the identity was visible to lawful intercept, not
>> necessarily the encrypted content. But if privacy and security are guaranteed
>> without encryption then there would be less need for it. I forgot to mention
>> integrity, there should be a way to ensure integrity of the data (such as
>> javascript) transmitted between mutually identified parties, without having to
>> put everything through an encrypted tunnel.
>>
>> >
>> > David Singer
>> > Manager, Software Standards, Apple Inc.
>> >
>>
>> Mike
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.13 (MingW32)
> Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/
> Charset: utf-8
>
> iQEcBAEBAgAGBQJUyMbdAAoJEHMxUy4uXm2JT/MIANU1HsCIzE0NvqYGBerIZOGm
> ccTLlJ5JPs9FqRQ2rmhUVDZ0I8SbhbP0mSiHOMtMkXRJKr6HzTDWgQES4NcUOs2j
> qvN5075sbyc/iySfEFqBRYM/nBtYBTMNZRc5Arv5VBCPaJVSfSxqSaEZ3HtD0hbW
> L/2McPaw3ZAnEDAU1Dz0mFfdn0f40Gog0EqOFpTUIXC5QuuFiyDmJOKwE5IfOfoH
> 4Ca9u4DHbyYAKn7H73wP3QfzLQUKNkgwPnH756RM3aGFhpHv/PRVAGhe7utRuPkP
> r35134ey75dC+4aP9tNzDka5Vco+Nlk9TDfoGmPMCKr3UhHfu1P7GbWQajLC44o=
> =C1+x
> -----END PGP SIGNATURE-----
>
>



-- 
Joseph Lorenzo Hall
Chief Technologist
Center for Democracy & Technology
1634 I ST NW STE 1100
Washington DC 20006-4011
(p) 202-407-8825
(f) 202-637-0968
joe@cdt.org
PGP: https://josephhall.org/gpg-key
fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
Received on Wednesday, 28 January 2015 18:57:19 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 28 January 2015 18:57:20 UTC