BBCR4 on Crypto-wars today at 13:30
Caspar Bowden (lists)
lists at casparbowden.net
Fri Mar 21 07:10:15 GMT 2014
On 03/20/14 22:46, Peter Fairbrother wrote:
> On 18/03/14 10:25, Caspar Bowden (lists) wrote:
>> On 03/17/14 15:52, Peter Fairbrother wrote:
>>> "The Levinson case goes to the heart of a fundamental clash between
>>> two opposing sides - there are those who want our electronic
>>> communications to be entirely private, so that absolutely no-one apart
>>> from the recipient can know what's benig said. Set against them are
>>> those who think the State should be able to get access, for instance
>>> when it says it's investigating crime or protecting national security.
>>> I think that's it in a nutshell - and on that basis, with the demands
>>> for keys in RIPA we lost the crypto wars in the UK.
>> The trouble is that states the problem without the context of the UK
>> being in forefront to neutralize civilian crypto last 20 years, and the
>> drawbacks and hinterland of every policy option
> I disagree - and I think it really is quite simple. The state should
> not have any right to know what's being said.
> No "it's okay with a warrant". No "we need to do it for xyz reason".
> Now that is not saying that the state can't try - just that it has no
> right to succeed.
Agreed. But states will try, and 1 state in particular has utterly
different legal standards for its own citizens...
>>> BTW, why do you think the Darkmail effort is doomed? I kinda agree,
>>> but I'd like to know what you think.
>> I don't know what they are doing, but shouldn't trust crypto against
>> decryption powers unless trust platform+binary+source+keymat resilient
>> to those powers
> I'd go with trust platform to start, the rest can come in time.
>> Confidentiality is orthogonal to what an email service provider can
>> provide (but a special network service might provide anonymity)
> I think it can do both - in fact I know it can, and how to do it, but
> whether it gets adopted is another matter.
But FISA 702 in particular can force arbitrary service provider
"co-operation" (as per Hushmail case, but that was actually Canada -
anyone get to the bottom of that?)
So anything you depend on the email service provider to do for your
confidentiality can be subverted by law
> eg, what happens if someone sends you an unencrypted email on your
> encrypted service?
Would be nice to have an autoresponder which bounced mail without right
More information about the ukcrypto