| I agree about the security of a centralized vault being a key weakness, but the article omits a few key aspects of Ozzie's proposal:[0] * A court order is required. It's not up to the tech vendor. * Physical control of the device is required. No remote exploits. * Access is enabled only to one device at a time. No mass hacking. The point of security is to increase the cost to the 'attacker' (here we'll use that word even for legitimate government purposes); there's no perfect security; law enforcement can access data on iPhones already. Also, attackers focus on the weakest (i.e., least expensive) link and there's limited value in increasing the cost beyond the 2nd weakest link.[1] Except for the centralization of key storage and two other issues (see below), Ozzie's proposal might increase the cost to the level of law enforcement's alternative, acquiring a hacking tool. In fact, I've been thinking of something similar (court order, physical access required, notification to user) and might even have posted it to HN at some point. Using hacking tools is much worse than Ozzie's process: There's no court (or at least it's not as enforceable, because there's no tech company checking for a warrant), no tech company, the user doesn't necessarily know their data has been accessed, remote exploits are possible, and so is mass hacking. Also remember that private citizens can still encrypt their data at the file level using other tools, though of course most will not. Here are weaknesses I see: A) The use of other means of accessing devices would have to be outlawed, or law enforcement will continue to use hacking tools and citizens gain nothing. B) Solve the centralization problem. Probably, the keys shouldn't be in the hands of the tech giants and should be distributed widely. EDIT: Perhaps require two unrelated parties for access? C) If these new access tools are built into mobile devices, what happens in countries where people's rights have been taken away? The courts are often ineffective. I suppose the fact that the phones get bricked at least informs the user, and the authorities can use hacking tools anyway, so perhaps nothing is lost. ____________ [0] https://www.wired.com/story/crypto-war-clear-encryption/ [1] If I increase the cost of exploit A to $100,000 and exploit B costs $50,000, attackers will use B. If I increase the cost of A even further, to $200,000, it won't provide much more security - the attackers still will use B. |