[cryptography] crypto & security/privacy balance (Re: Digital cash in the news...)

Nico Williams nico at cryptonector.com
Wed Jun 15 05:05:54 EDT 2011


On Wed, Jun 15, 2011 at 3:22 AM, Adam Back <adam at cypherspace.org> wrote:
> Well said StealthMonger, I suspect Nico is in the minority on this list with
> that type of view.
>
> I read Nico's later reply also.  Short of banning crypto privacy and
> security rights stand a better chance of being balanced by more deployment
> of crypto.  (In terms of warrantless wiretaps etc which seem to just keeping
> going and getting worse in many supposedly civilized western democracies.)
> There are still plenty of things government security people can usefully do
> towards security - spend the money on inflitration of groups who are real
> security threats.

Don't misunderstand me: I think crypto has a place, and that place is
mostly to protect us from other private citizens, from foreign powers,
and from casual inspection by one's state (i.e., keeping the state and
its minions honest).  It's only when push comes to shove that crypto
doesn't help.

Long before push comes to shove you have to deal with the fact that
your crypto is only a small part of the big picture: do you know if
your peers are malicious? are your compute resources physically
secure? are you certain of that? are they tamper resistant? are there
unpatched, or worse, unknown-to-you vulnerabilities in your software
(or worse, firmware, or worse, hardware) that others could exploit? is
your key management secure?

Security is oh so much more than just using AES, so much more than
just using secure cryptographic protocols and algorithm suites.
Crypto does not completely change the nature of security in the online
world versus physical security in the off-line world -- there's
analogies for most situations.  Crypto alone is not a panacea.

If you want to live in a free society you must do more than hide
behind ciphers.  You must participate in its politics to keep your
society free.  If it isn't already free, then you have a very big
problem -- crypto can only be a small part of how you might address
it.

For example, if in order to free your society you conclude that you
must change its culture openly, then crypto won't help you for you
must speak publicly.  Crypto will help you, to a point, if you're
trying to organize a revolt, but don't be surprised when crypto fails
to keep you safe in that case -- you'll likely need weapons and to be
willing to use them.

BTW, I'm surprised any of what I've said on this is remotely controversial.

Nico
--



More information about the cryptography mailing list