Founding fathers had no way of knowing of the current state of affairs, technologically speaking.
Imagine billions of unbreakable safes containing secret messages to and from anyone globally, instantly transported to anywhere in the world.
Like, dude, anyone with the appropriate security clearance that is aware of the implications of the encryption status quo isn’t spending time posting here.
No, not true. Crypto isn’t perfect as is, and involves levels of security.
Two party crypto has two parties who could leak the data. Two party with exceptional access has three. Current crypto is susceptible to brute force via shor’s and quantum
The rest of the world absolutely does not agree with you. It’s just that a lot of people here live in a bubble.
It’s just a brainstorming idea. There would be a key as well - the idea would require both the key and substantial computational power for exceptional access
Brainstorming ideas are meant to be thrown out. Attacking the idea respectfully is fine. It’s to help inspire other ideas.
Of course there’s a trade off involved. But whether it’s two party encryption or three party encryption with exceptional access none is perfectly secure anyway. There is major conflation of political ideologies with hardline technical viewpoints going on
It’s a trade off. There’s no cognitive dissonance, just refusal to work towards better compromises. Lovely argument, though. Euphemistically it’s clear you’re very passionate about this issue. Maybe my hacker news throwaway should’ve been called cryptopassion
The government has a different idea of what constitutes “broken” in this case. Of course adding a third party introduces additional risks. Two parties versus three parties: All can access the clear info; neither scenario is without risk. The goal is to find a solution that minimizes the risks of providing exceptional access.
Again, simply arguing that “it can’t be done”, which is of course theoretically true if the goal is to have zero additional risk by introducing a third party, isn’t going to stop such systems from being deployed, it will simply reduce the quality of such solutions due to talent refusing to work on the problem.
An idea that comes to mind: third party can’t trivially decrypt the data (maybe it requires substantial computation to decrypt) thus reducing practicality of bulk decryption. Make the exceptional access truly exceptional.
I agree that having a trivial way for governments to access encrypted comms at scale is bad; I don’t agree that governments should be completely locked out, without exception, of all comms deployed at scale by mega tech corporations.
Let’s leave politics and assumptions about me out of it, please.
Same point: figure out a technological and procedural solution to the human attack vector. If “security professionals” all agree on ideology or theory that it’s not possible and thus refuse to help solve the problem, then exceptional access solutions generally will be worse off for it. It’s independent of whether they actually are deployed.
There’s no discussion of how to build exceptional access encryption that solves the weakening issue, just that it “can’t be done”.
The spirit of this initiative in 2019 is likely more about stopping strong encryption at scale, which is certain to be a frustrating black hole for LEO and the IC.
Perhaps HN would do well to ask how to solve the problem from a technical perspective, given the requirements. This includes both how to build a better mousetrap (one that doesn’t have a “backdoor” or significantly weakens the encryption mechanism), and how to solve concerns about abuse of exceptional access.