Re: <nettime> What should GCHQ do?

[William Waites <ww@styx.org>]

On Sun, 24 May 2015 22:09:00 -0400, "t byfield" <tbyfield@panix.com> said:

    > I'm skeptical about crypto absolutism because one of its first
    > effects would be, in effect, to *privatize* everything. 'Public'
    > would be reduced to whatever was cracked or leaked

As was pointed out to me on IRC, and I agree and tried to include this
point, the main problem is that most people cannot accurately
distinguish between public and private when it comes to
communication. The way the network treats their data often does not
match their intentions. 

Most often this happens in the direction of mistakenly making
something public that was intended to be private such a message
between you and your spouse. It can happen in the other direction
too, but the situation is not symmetric: you can publish things that
were once private but you cannot unpublish things. 

    > But I do think that the growing 'moral' push toward secure
    > communications is troubling, and that preserving 'insecure'
    > communications channels as a legitimate choice is vital.

Publishing something -- making it public -- is one thing. This message
is public. However the act of publishing, and the act of reading can
be private. In sending this message, some details about exactly where
and how and by whom it was sent are obscured. In my case it doesn't
really matter much. I even put my real name on it and anyone who wants
to find me can easily do so. But for some people -- the prototypical
example being journalists in a hostile place -- it matters very
much. By arranging for it to be difficult see, on the wire, what is
going on we help them because it means they do not stand out. That's
the moral argument.

Insecure channels generally are still opaque to most people. The only
ones who benefit from them are those in a privileged position to watch
what is happening on the wire. There is no practical difference to the
reader or author if a message is transmitted over a secure or an
insecure channel. It only matters to someone else who might be
watching.

Storage is a little different, but only a little. If you store your
information on a computer that you control then there is not much
benefit to encryption. Unless it is possible for someone else to come
to control it without your permission, and there are many ways that
this can happen. If you store your information on somebody else's
computer then you had better trust them and transitively anyone else
who is in a position to see their computer. Or you can ``trust the
math and the engineers''  as you put it.

But the thing is, you don't have to just trust the math. You can check
it for yourself. You can check the implementations by the
engineers. That's difficult and impractical for most people but it is
possible in principle. Maybe you have a friend that you trust who
tries to keep on top of these things. I am not a mathematician or a
cryptographer but I know some of them, and I find that in virtually
all cases I trust their *motivations*. They are human so there is a
gap between the theory and what is the case in the world, but we try
to narrow that gap. To me it seems better on average to place trust in
people who are in the business of clearly explaining things rather
than obfuscating and appealing to emotions in order to profit.

-w


#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mx.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime@kein.org