[cryptography] ICIJ's project - comment on cryptography & tools

Nico Williams nico at cryptonector.com
Sat Apr 6 00:27:46 EDT 2013


On Fri, Apr 5, 2013 at 9:17 PM, NgPS <ngps at rulemaker.net> wrote:
> In the movies and presumably in real life, bad guys have smart crooked
> lawyers advising them. Surely the bad guys have the resources to set up
> bunch of servers a la iMessage/Whatsapp, and write/deploy their own apps on
> their mobile devices, running stripped-down custom ROMs, to communicate via
> these servers, to avoid 3rd party MITM. Don't even need crooked developers,
> just advertise on Hacker News and whole bunch of "hackers" will jump on it.

It'd be nice (for good guys certainly) to be able to open-code
everything that one needs, or otherwise review all of the source code
to the object code that one needs.  In practice you cannot do this.
It's ETOOMUCH.

In the worst case scenario for the LEA there's still traffic analysis
and warrants/court orders/rubber hoses that they can resort to.

Crypto only helps the good guys w.r.t. bad guys and other governments
(and then only sometimes); crypto is just a polite way of saying "try
harder, get a warrant" to the LEA with jurisdiction over you (or your
devices).  For LEA my guess is that the biggest problem isn't how to
get at evidence, but how to know who the bad guys are: in a sea of
traffic it's hard to tell when you don't even know what's needles and
what's hay, which must be why LEA tend to have such a dislike for good
guy crypto.  We hope the NSA types haven't forgotten that good guys
need crypto, whether LEA like it or not.

Nico
--


More information about the cryptography mailing list