,
18 tweets,
4 min read
Read on Twitter
Since I keep answering the same "but why don't you just..." questions about this topic, let me take a thread to explain why your "clever" ad-hoc border encryption solutions don't work and why we need better solutions in this space.
First a little prelude: In the real world sometimes people need to bring data from one jurisdiction to another, and often this rubs the powers-that-be the wrong way and they get some silly ideas about denying basic human rights.
The threat models are varied, but we generally approach real world cases with the following success criteria:
* Getting through unhindered
* Getting turned away at the border
* Forcing better civil norms (courts / warrants / lawyers etc.)
* Getting through unhindered
* Getting turned away at the border
* Forcing better civil norms (courts / warrants / lawyers etc.)
We also have to consider some external limitations:
* Not everywhere has the infrastructure necessary to upload large datasets to the cloud
* Most cloud providers are in not-great jurisdictions for some threat models.
* Lying to border authorities, even by omission, ends badly.
* Not everywhere has the infrastructure necessary to upload large datasets to the cloud
* Most cloud providers are in not-great jurisdictions for some threat models.
* Lying to border authorities, even by omission, ends badly.
Fact is, the majority of "but why don't you just..." solutions in this space either require lying, reliance on infrastructure that may be non-existent or jurisdictionally compromised, or fails openly.
By fails openly I mean that if you get dragged into a room and are forced to disclose exactly how you protected your data then you lose.
The Shatter Secrets approach is fail-closed, it's designed to trigger extra-jurisdictional oversight in the (likely) case you end up in a room
The Shatter Secrets approach is fail-closed, it's designed to trigger extra-jurisdictional oversight in the (likely) case you end up in a room
And "you" here is perhaps too broad, this solution was not designed to keep your vacation photos or text messages safe - the majority of your are low risk - it was designed with the priorties of journalists, activists and human rights defenders in mind.
It was designed under the explicit assumption that people will get pulled into a room, without a lawyer, and made to divulge every little detail - because sadly that is the state of your human rights at the border.
One issue we have when we approach funders with these technologies, is that they describe it as "high risk" - as if there was a lower-risk option available.
Carrying data across borders is risky, if you can avoid it you absolutely should - @OpenPriv is also working on anonymous communication tech that can facilitate that - but for many people, in many circumstances, flying with an encrypted harddrive is the only option.
So, given that we can't reduce the *risk* we look around and see how we can trying and *reduce the harm*.
Which is where the success criteria comes from, we reduce harm by using technology to force the powerful to deny entry or comply to stronger jurisdictional standards.
Which is where the success criteria comes from, we reduce harm by using technology to force the powerful to deny entry or comply to stronger jurisdictional standards.
We reduce harm by allowing the person at the center to be 110% truthful, upfront - they can provide their device unlocked to border guards and give them an entire tutorial on how Shatter Secrets works.
Shatter Secrets would change the dynamic from "X has refused to give us the key" to "X gave us a key and was completely compliant, but we need a warrant to access data from these N people and organizations"
That is a different dynamic.
That is a different dynamic.
Anyway, the short answer to "but why don't you just..." questions are @errorinn and co. actually studied this problem hard for years and it's not as simple or easy as you think it is and you should read & study more.
@errorinn If you are a funder and are thinking to yourself "this is a technology that should exist in the world!" - Good news it can! Send me an email: sarah@openprivacy.ca and we will make it happen.
More realistically, @OpenPriv relies on individual donors to fund projects because there simply isn't that much money available to protecting the rights of those marginalized by society.
Please support us: openprivacy.ca/donate to help make Shatter Secrets a reality.
Please support us: openprivacy.ca/donate to help make Shatter Secrets a reality.
Open Privacy is approaching our first birthday and we will be releasing some reports (and other goodies!) detailing our past year of action and our goals for the future over the next few weeks.
I forgot to mention something!
A significant part of the research around this was/is focused on the *usability* of approaches. Safely interacting with, and choosing parameters for, cryptographic protocols is not an accessible skill for many.
A significant part of the research around this was/is focused on the *usability* of approaches. Safely interacting with, and choosing parameters for, cryptographic protocols is not an accessible skill for many.
