TechHui

Hawaiʻi's Technology Community

What do you think about President Obama's proposal to wiretap the Internet?

Click here for Google News articles on the topic.

I think it's a recipe for disaster. Every app or web app would have to be coded or recoded to comply with government decryption protocols. Currently it seems that they are primarily concerned with communication related apps. But it wonder if they would require CRM apps like Salesforce to comply as well. Imagine what a world it would be when any government agent can access your Gmail or Skype calls without court order, but immediately by using an API call.

So how would they decrypt SSL traffic between server and browser?

Views: 49

Reply to This

Replies to This Discussion

This is the funniest thing I've ever heard of. It just.. wouldn't.. work

As far as how you would do it? Well you'd have to have an additional decryption key generated whenever a key is generated.. ever.. for everything.. and you'd have to securely communicate that to LEOs.. securely.. somehow.. oh and you'd have to store this along with conversations.. and have a way of linking the conversation (ciphertext) to the key.. and protect the decryption keys.. it would require a massive infrastructure to support and it would never work.. blah blah... It's completely ridiculous on an absurdly high number of technical levels and would obviously be more of a vulnerability than anything else even if partially implemented. This is ignoring the fact that.. people just won't implement it?

I mean you could go on about how this is a bad/unfeasible idea due to introducing insecurity, people not complying, how you would prove compliance, how it would only affect people that aren't doing anything bad (or terrorists/criminals that are stupid), etc.. how it would break things.. how it would be worthless since it would take decades for legacy systems that don't use it to migrate out.. how it would simply migrate savvy people to using other communication networks (I've seen pilots using homeless people as comm channels).. how anyone can defeat it with a cheap laptop running legacy/open source code even if they somehow migrated every net-connected computer on the planet to a nonexistent/impossible trusted computing solution.. etc.. but....

No, this just deserves ridicule. Outright mockery. Of the most scornful sort.
The utterly stupid thing is, if there is a way to decrypt it it's automatically less secure. Every method of communication ultimately is, but if you've got a universal key, even if it's one per communication method, it's instantly so insecure as to be laughable. It'll be a ridiculously short period of time until it's hacked, or leaked.

Reply to Discussion

RSS

Sponsors

web design, web development, localization

© 2024   Created by Daniel Leuck.   Powered by

Badges  |  Report an Issue  |  Terms of Service