Re: DOJ asks Google to back off on https from Nicholas Doty on 2015-01-28 (public-privacy@w3.org from January to March 2015)

From: Nicholas Doty <npdoty@ischool.berkeley.edu>
Date: Wed, 28 Jan 2015 14:20:57 -0800
To: Joe Hall <joe@cdt.org>
Cc: Mike O'Neill <michael.oneill@baycloud.com>, "public-privacy (W3C mailing list)" <public-privacy@w3.org>
Message-Id: <DB39B3C6-B884-4FB1-9C14-5D2D094D551F@ischool.berkeley.edu>
The article provides an account of Assistant Attorney General Leslie Caldwell’s remarks at State of the Net, including a “zone of lawfulness” (I think that’s sic, intended to be “zone of lawlessness”). I’m not aware of any details of the proposal, and it doesn’t seem clear whether the intention is preventing encryption of storage or encryption in transit.

http://stateofthenet2015.sched.org/event/a3ad4721a9802b089955eecb258a8600 <http://stateofthenet2015.sched.org/event/a3ad4721a9802b089955eecb258a8600>
http://www.law360.com/articles/615091 <http://www.law360.com/articles/615091>


> On Jan 28, 2015, at 10:56 AM, Joe Hall <joe@cdt.org> wrote:
> 
> I can't read it either but the focus of FBI/DOJ has been device
> encryption... if it is transport encryption (https, dtls, etc.)
> someone let me know!!! best, Joe
> 
> On Wed, Jan 28, 2015 at 6:24 AM, Mike O'Neill
> <michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com>> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>> 
>> I haven't got a subscription but this appears relevant to our discussions. Has anyone got more information?
>> 
>> http://www.lexisnexis.com/legalnewsroom/technology/b/newsheadlines/archive/2015/01/27/doj-atty-joins-call-for-google-to-back-off-data-encryption.aspx <http://www.lexisnexis.com/legalnewsroom/technology/b/newsheadlines/archive/2015/01/27/doj-atty-joins-call-for-google-to-back-off-data-encryption.aspx>
>> 
>> Mike
>> 
>> 
>> 
>>> -----Original Message-----
>>> From: Mike O'Neill [mailto:michael.oneill@baycloud.com <mailto:michael.oneill@baycloud.com>]
>>> Sent: 28 January 2015 09:12
>>> To: 'David Singer'
>>> Cc: 'Danny Weitzner'; 'Rigo Wenning'; public-privacy@w3.org <mailto:public-privacy@w3.org>
>>> Subject: RE: On the european response to Snowden
>>> 
>>> *** gpg4o | Valid Signature from 7331532E2E5E6D89 Mike O'Neill
>>> <michael.oneill@btinternet.com <mailto:michael.oneill@btinternet.com>> ***
>>> 
>>> David, comments to your comments inline
>>> 
>>>> -----Original Message-----
>>>> From: David Singer [mailto:singer@apple.com]
>>>> Sent: 27 January 2015 14:33
>>>> To: Mike O'Neill
>>>> Cc: Danny Weitzner; Rigo Wenning; public-privacy@w3.org
>>>> Subject: Re: On the european response to Snowden
>>>> 
>>>> Thanks Mike, comments inline
>>>> 
>>>>> 1) Signalling.
>>>>>  We saw a bit of this in the DNT discussions. How to create a signal
>>>> conveying a user's explicit agreement for something or their preferences for
>>>> something to one or more entities that may exist across multiple origins, in a
>>>> secure untamperable way. This may eventually be superseded by:
>>>> 
>>>> A challenging problem.  These signals and preferences tend to be small, and
>>>> padding them and then signing them digitally would seem to be using a
>>>> sledgehammer to crack a walnut.  But maybe the walnut is growing in
>>>> importance.  Other ideas?
>>> 
>>> I was meaning more the general problem of signalling between entities, i.e.
>>> between the UA acting for an individual and companies which control many
>>> domains/origins. There are several use-cases that came up in DNT and it
>>> requires authentication of identity which was also why it will be subsumed into
>>> point 2.
>>> 
>>>> 
>>>>> 2) Anonymity.
>>>>>  To ensure privacy we should be able to trawl the net anonymously, but
>>>> with some identity available through defined transactional processes. For
>>>> example we may allow a subset of our identity to be discovered by some
>>> parties
>>>> we know about and have reached agreement with. This might just be a broad
>>>> audience categorisation (male, geek, whatever) or it might be more specific
>>>> (MEP, a particular child's parent, member of a club). Visible identity changes
>>> with
>>>> circumstances i.e. I could anonymously apply for a loan or agree to pay for a
>>>> purchase but I would need to be accountable. My legal identity would have to
>>> be
>>>> discoverable in certain agreed circumstances. We may also agree, through
>>>> membership of a "rule of law" jurisdiction ,that our identity is discoverable by
>>>> law enforcement under agreed (by society) circumstances.
>>>>> 
>>>>> This may go beyond HTTP, i.e. IPv6 anon. auto configuration everywhere or
>>> a
>>>> new internetworking layer, focus on stopping fingerprinting, and it is a big one.
>>>> It will need heavy guns.
>>>> 
>>>> Online anonymity — secrecy — is hard, as you know. ToR is hardly an easy or
>>>> universal solution. I recently did the thought experiment “what if every router
>>>> was a NAT box?” — this would mean that IP addresses would be useless as
>>>> proxies for identity — and the answer is that anonymity would improve but
>>>> many other things (e.g. phone calls) would suffer. Again, ideas for this would
>>> be
>>>> good.
>>> 
>>> I think there should be an out-of-band identity exchange, non-trackable i.e. does
>>> not use UUIDs but established below the tunnel. Maybe in the https handshake
>>> or in an internetwork layer.
>>> The identity exchange should be under the control of both parties, but also
>>> visible to third-parties in defined circumstances for instance when accountability
>>> or law enforcement is required.
>>> 
>>>> 
>>>>> 3) Encryption.
>>>>> 
>>>>> There is talk about making end-to-end encryption illegal. While this may
>>> seem
>>>> silly and is probably a shot across the bows, https everywhere stirs the hornet's
>>>> nest. I think an answer involves some process whereby https is made more
>>>> secure (via certificate pinning etc.), available to anyone but that law
>>>> enforcement is given the means to determine identity through an
>>> internationally
>>>> agreed process i.e. along the lines of 2).
>>>>> 
>>>>> I think any backdooring process will just end up helping the bad guys, so we
>>>> have full ETO encryption available but if the net can properly ensure privacy
>>> and
>>>> security only a minority will need it.
>>>> 
>>>> So you envisage encryption that is end-to-end and backdoor free, but
>>>> nonetheless accessible to lawful intercept. Challenging in today’s
>>> environment,
>>>> but maybe there is a solution.
>>> 
>>> I was thinking more that the identity was visible to lawful intercept, not
>>> necessarily the encrypted content. But if privacy and security are guaranteed
>>> without encryption then there would be less need for it. I forgot to mention
>>> integrity, there should be a way to ensure integrity of the data (such as
>>> javascript) transmitted between mutually identified parties, without having to
>>> put everything through an encrypted tunnel.
>>> 
>>>> 
>>>> David Singer
>>>> Manager, Software Standards, Apple Inc.
>>>> 
>>> 
>>> Mike
>> 
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.13 (MingW32)
>> Comment: Using gpg4o v3.4.19.5391 - http://www.gpg4o.com/ <http://www.gpg4o.com/>
>> Charset: utf-8
>> 
>> iQEcBAEBAgAGBQJUyMbdAAoJEHMxUy4uXm2JT/MIANU1HsCIzE0NvqYGBerIZOGm
>> ccTLlJ5JPs9FqRQ2rmhUVDZ0I8SbhbP0mSiHOMtMkXRJKr6HzTDWgQES4NcUOs2j
>> qvN5075sbyc/iySfEFqBRYM/nBtYBTMNZRc5Arv5VBCPaJVSfSxqSaEZ3HtD0hbW
>> L/2McPaw3ZAnEDAU1Dz0mFfdn0f40Gog0EqOFpTUIXC5QuuFiyDmJOKwE5IfOfoH
>> 4Ca9u4DHbyYAKn7H73wP3QfzLQUKNkgwPnH756RM3aGFhpHv/PRVAGhe7utRuPkP
>> r35134ey75dC+4aP9tNzDka5Vco+Nlk9TDfoGmPMCKr3UhHfu1P7GbWQajLC44o=
>> =C1+x
>> -----END PGP SIGNATURE-----
>> 
>> 
> 
> 
> 
> --
> Joseph Lorenzo Hall
> Chief Technologist
> Center for Democracy & Technology
> 1634 I ST NW STE 1100
> Washington DC 20006-4011
> (p) 202-407-8825
> (f) 202-637-0968
> joe@cdt.org <mailto:joe@cdt.org>
> PGP: https://josephhall.org/gpg-key <https://josephhall.org/gpg-key>
> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
Received on Wednesday, 28 January 2015 22:21:36 UTC