Analog Hole
Posted: Tue Aug 06, 2013 4:03 am
I think the idea of using cryptography to prove innocence is interesting. I also think it cannot work even if the cryptography and software is perfect.
For the same reason that no "Digital Rights Managment" ( DRM ) ( https://en.wikipedia.org/wiki/Digital_rights_management ) scheme can work. The "Analog Hole" ( https://en.wikipedia.org/wiki/Analog_hole ) insures that no matter how sound the encryption that videos, music and even the content of video games, which can have encryption embedded into them, must exist on the end users' device unencrypted at some point. Since the end user has physical access he ultimately controls the hardware. It only takes one end user to figure how to defeat a system for everything to spin out of the cryptographers control. Please see Sony XCP ( http://www.itproportal.com/2005/11/21/d ... icky-tape/ ) which cost millions and can be defeated by the users choice of scotch tape or permanent marker. Please see how Ubisoft's Assassin's Creed 2 always on DRM was defeated in 24 hours ( http://www.ps3news.com/PC-Tech/ubisofts ... -in-a-day/ ).
I will admit that these don't seem obviously related to secure identification and surveillance. It has to do with where the data is generated. Ultimately all information must be created and consumed outside of cryptographers domain. How is the information outside the encrypted system validated. Ultimately it will come down to a question of trust: "does the end user trust a data source?", not "will a court trust this source?" and certainly not "as an elected official will my constituents trust this source?".
I can lie to this system I can say that with confidence even though it does not exist yet. Even if devices must signed and certified before they talk can to it I will still be able to lie to it. I can damage the device, change its software, run it in debug mode to feed it my data or even replace parts with parts that will do my bidding. Me, personally, I can do and have done these things to electronics. A head of state will have access to millions of people at least as smart as me. Who would trust his devices?
This would become another opt-in security system where legitimate users get screwed, just like music and video game DRM. If I want a game for free no DRM can stop me. If I want to feed false data to a system on my equipment nothing can stop me. The people who choose not to educate themselves will trust that what it says is the only way, they are the ones who are blocked by DRM from copying their own songs and movies, they are the ones who will believe the technology cannot be defeated.
It is very hard to fix a social issue with technology. This is the wrong social issue and the wrong technology.
PS: Something I completely ignored is how difficult it is to get the populous to trust something that is trustworthy. Encrypting web traffic with TLS 1.2 works to the point where you can expect to keep the NSA out, but some people believe the silliest things about it. Some believe the NSA inserted backdoors, some think the keys are stored on a centralized server others don't even know to look for a little lock icon in their browser. What kind of misconceptions will people have about this system?
For the same reason that no "Digital Rights Managment" ( DRM ) ( https://en.wikipedia.org/wiki/Digital_rights_management ) scheme can work. The "Analog Hole" ( https://en.wikipedia.org/wiki/Analog_hole ) insures that no matter how sound the encryption that videos, music and even the content of video games, which can have encryption embedded into them, must exist on the end users' device unencrypted at some point. Since the end user has physical access he ultimately controls the hardware. It only takes one end user to figure how to defeat a system for everything to spin out of the cryptographers control. Please see Sony XCP ( http://www.itproportal.com/2005/11/21/d ... icky-tape/ ) which cost millions and can be defeated by the users choice of scotch tape or permanent marker. Please see how Ubisoft's Assassin's Creed 2 always on DRM was defeated in 24 hours ( http://www.ps3news.com/PC-Tech/ubisofts ... -in-a-day/ ).
I will admit that these don't seem obviously related to secure identification and surveillance. It has to do with where the data is generated. Ultimately all information must be created and consumed outside of cryptographers domain. How is the information outside the encrypted system validated. Ultimately it will come down to a question of trust: "does the end user trust a data source?", not "will a court trust this source?" and certainly not "as an elected official will my constituents trust this source?".
I can lie to this system I can say that with confidence even though it does not exist yet. Even if devices must signed and certified before they talk can to it I will still be able to lie to it. I can damage the device, change its software, run it in debug mode to feed it my data or even replace parts with parts that will do my bidding. Me, personally, I can do and have done these things to electronics. A head of state will have access to millions of people at least as smart as me. Who would trust his devices?
This would become another opt-in security system where legitimate users get screwed, just like music and video game DRM. If I want a game for free no DRM can stop me. If I want to feed false data to a system on my equipment nothing can stop me. The people who choose not to educate themselves will trust that what it says is the only way, they are the ones who are blocked by DRM from copying their own songs and movies, they are the ones who will believe the technology cannot be defeated.
It is very hard to fix a social issue with technology. This is the wrong social issue and the wrong technology.
PS: Something I completely ignored is how difficult it is to get the populous to trust something that is trustworthy. Encrypting web traffic with TLS 1.2 works to the point where you can expect to keep the NSA out, but some people believe the silliest things about it. Some believe the NSA inserted backdoors, some think the keys are stored on a centralized server others don't even know to look for a little lock icon in their browser. What kind of misconceptions will people have about this system?