W3C home > Mailing lists > Public > public-privacy@w3.org > January to March 2015

Re: DOJ asks Google to back off on https

From: John Erickson <olyerickson@gmail.com>
Date: Wed, 28 Jan 2015 14:43:46 -0500
Message-ID: <CAC1Gg8QVXmcvm0EBAf-NaLg1=UibRWEs5GuzXSD85LwDuhbD7w@mail.gmail.com>
To: Joe Hall <joe@cdt.org>
Cc: "Mike O'Neill" <michael.oneill@baycloud.com>, public-privacy@w3.org
Talk about ironic: None of us can read the story of DOJ complaining
about user encryption, because of Law360's use of encryption...

V'q funer zl gubhtugf ba gung ohg gurl ner rapelcgrq! ;)

On Wed, Jan 28, 2015 at 1:56 PM, Joe Hall <joe@cdt.org> wrote:
> I can't read it either but the focus of FBI/DOJ has been device
> encryption... if it is transport encryption (https, dtls, etc.)
> someone let me know!!! best, Joe
>
> On Wed, Jan 28, 2015 at 6:24 AM, Mike O'Neill
> <michael.oneill@baycloud.com> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> I haven't got a subscription but this appears relevant to our discussions. Has anyone got more information?
>>
>> http://www.lexisnexis.com/legalnewsroom/technology/b/newsheadlines/archive/2015/01/27/doj-atty-joins-call-for-google-to-back-off-data-encryption.aspx
>>
>> Mike
>>
>>
>>
>>> -----Original Message-----
>>> From: Mike O'Neill [mailto:michael.oneill@baycloud.com]
>>> Sent: 28 January 2015 09:12
>>> To: 'David Singer'
>>> Cc: 'Danny Weitzner'; 'Rigo Wenning'; public-privacy@w3.org
>>> Subject: RE: On the european response to Snowden
>>>
>>> *** gpg4o | Valid Signature from 7331532E2E5E6D89 Mike O'Neill
>>> <michael.oneill@btinternet.com> ***
>>>
>>> David, comments to your comments inline
>>>
>>> > -----Original Message-----
>>> > From: David Singer [mailto:singer@apple.com]
>>> > Sent: 27 January 2015 14:33
>>> > To: Mike O'Neill
>>> > Cc: Danny Weitzner; Rigo Wenning; public-privacy@w3.org
>>> > Subject: Re: On the european response to Snowden
>>> >
>>> > Thanks Mike, comments inline
>>> >
>>> > > 1) Signalling.
>>> > >   We saw a bit of this in the DNT discussions. How to create a signal
>>> > conveying a user's explicit agreement for something or their preferences for
>>> > something to one or more entities that may exist across multiple origins, in a
>>> > secure untamperable way. This may eventually be superseded by:
>>> >
>>> > A challenging problem.  These signals and preferences tend to be small, and
>>> > padding them and then signing them digitally would seem to be using a
>>> > sledgehammer to crack a walnut.  But maybe the walnut is growing in
>>> > importance.  Other ideas?
>>>
>>> I was meaning more the general problem of signalling between entities, i.e.
>>> between the UA acting for an individual and companies which control many
>>> domains/origins. There are several use-cases that came up in DNT and it
>>> requires authentication of identity which was also why it will be subsumed into
>>> point 2.
>>>
>>> >
>>> > > 2) Anonymity.
>>> > >   To ensure privacy we should be able to trawl the net anonymously, but
>>> > with some identity available through defined transactional processes. For
>>> > example we may allow a subset of our identity to be discovered by some
>>> parties
>>> > we know about and have reached agreement with. This might just be a broad
>>> > audience categorisation (male, geek, whatever) or it might be more specific
>>> > (MEP, a particular child's parent, member of a club). Visible identity changes
>>> with
>>> > circumstances i.e. I could anonymously apply for a loan or agree to pay for a
>>> > purchase but I would need to be accountable. My legal identity would have to
>>> be
>>> > discoverable in certain agreed circumstances. We may also agree, through
>>> > membership of a "rule of law" jurisdiction ,that our identity is discoverable by
>>> > law enforcement under agreed (by society) circumstances.
>>> > >
>>> > > This may go beyond HTTP, i.e. IPv6 anon. auto configuration everywhere or
>>> a
>>> > new internetworking layer, focus on stopping fingerprinting, and it is a big one.
>>> > It will need heavy guns.
>>> >
>>> > Online anonymity -- secrecy -- is hard, as you know. ToR is hardly an easy or
>>> > universal solution. I recently did the thought experiment "what if every router
>>> > was a NAT box?" -- this would mean that IP addresses would be useless as
>>> > proxies for identity -- and the answer is that anonymity would improve but
>>> > many other things (e.g. phone calls) would suffer. Again, ideas for this would
>>> be
>>> > good.
>>>
>>> I think there should be an out-of-band identity exchange, non-trackable i.e. does
>>> not use UUIDs but established below the tunnel. Maybe in the https handshake
>>> or in an internetwork layer.
>>> The identity exchange should be under the control of both parties, but also
>>> visible to third-parties in defined circumstances for instance when accountability
>>> or law enforcement is required.
>>>
>>> >
>>> > > 3) Encryption.
>>> > >
>>> > > There is talk about making end-to-end encryption illegal. While this may
>>> seem
>>> > silly and is probably a shot across the bows, https everywhere stirs the hornet's
>>> > nest. I think an answer involves some process whereby https is made more
>>> > secure (via certificate pinning etc.), available to anyone but that law
>>> > enforcement is given the means to determine identity through an
>>> internationally
>>> > agreed process i.e. along the lines of 2).
>>> > >
>>> > > I think any backdooring process will just end up helping the bad guys, so we
>>> > have full ETO encryption available but if the net can properly ensure privacy
>>> and
>>> > security only a minority will need it.
>>> >
>>> > So you envisage encryption that is end-to-end and backdoor free, but
>>> > nonetheless accessible to lawful intercept. Challenging in today's
>>> environment,
>>> > but maybe there is a solution.
>>>
>>> I was thinking more that the identity was visible to lawful intercept, not
>>> necessarily the encrypted content. But if privacy and security are guaranteed
>>> without encryption then there would be less need for it. I forgot to mention
>>> integrity, there should be a way to ensure integrity of the data (such as
>>> javascript) transmitted between mutually identified parties, without having to
>>> put everything through an encrypted tunnel.
>>>
>>> >
>>> > David Singer
>>> > Manager, Software Standards, Apple Inc.
>>> >
>>>
>>> Mike
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.13 (MingW32)
>> Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/
>> Charset: utf-8
>>
>> iQEcBAEBAgAGBQJUyMbdAAoJEHMxUy4uXm2JT/MIANU1HsCIzE0NvqYGBerIZOGm
>> ccTLlJ5JPs9FqRQ2rmhUVDZ0I8SbhbP0mSiHOMtMkXRJKr6HzTDWgQES4NcUOs2j
>> qvN5075sbyc/iySfEFqBRYM/nBtYBTMNZRc5Arv5VBCPaJVSfSxqSaEZ3HtD0hbW
>> L/2McPaw3ZAnEDAU1Dz0mFfdn0f40Gog0EqOFpTUIXC5QuuFiyDmJOKwE5IfOfoH
>> 4Ca9u4DHbyYAKn7H73wP3QfzLQUKNkgwPnH756RM3aGFhpHv/PRVAGhe7utRuPkP
>> r35134ey75dC+4aP9tNzDka5Vco+Nlk9TDfoGmPMCKr3UhHfu1P7GbWQajLC44o=
>> =C1+x
>> -----END PGP SIGNATURE-----
>>
>>
>
>
>
> --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org
> PGP: https://josephhall.org/gpg-key
> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>



-- 
John S. Erickson, Ph.D.
Director of Operations, The Rensselaer IDEA
Deputy Director, Web Science Research Center (RPI)
<http://tw.rpi.edu> <olyerickson@gmail.com>
Twitter & Skype: olyerickson
Received on Wednesday, 28 January 2015 19:44:14 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 28 January 2015 19:44:14 UTC