Right now the entire Federal law enforcement community is high-fiving themselves and buying contracts to do blockchain tracing, on the assumption that they’ve actually found a sustainable approach that works against ransomware.
And yes, there it is. They’re going after “the entire ecosystem”. This is gonna go really great.
I know this is a bit of a stereotype, but why is Russian crypto always so weird?
“We don’t use a normal random number generator, we use a gerbil connected to a hot cup of tea. Also use our ciphers where the S-Boxes are ‘random’ meaning they actually aren’t.”
Dear researchers: the hard part of problems like “traceability” is not the part where you build a mass surveillance system. Building mass surveillance systems is *easy*.
The hard part is building systems that don’t utterly shatter the security guarantees that the private system offered, and don’t have caveats like “obviously this can be abused, stopping that is future work.”
When I go out to see what our research community has been doing in this area, I expect them to understand what makes this research problem hard. Not to find slides like this one.
The post makes this point informally, but it really seems like there’s an impossibility result in this problem: it’s impossible to have privacy and traceability at the same time without some very specific requirements.
There’s this idea that you can have content sent among small groups where there’s privacy of who is forwarding what, but when a piece of content goes “viral” suddenly we can trace the content back to its originator.
This article about end-to-end encryption and authorities’ desire to perform real-time content scanning is very well written and I hope you’ll read it. It also makes me pretty angry.
For nearly a decade, technologists have been engaged in a good-faith debate with policymakers about the need for “exceptional access” — basically a way to bypass encryption when police get a warrant. 1/
This is a really hard problem. How do you build a system that can keep your data encrypted against hackers, but still allows (even local) police to decrypt it when they want. Some co-authors wrote about this. mitpress.mit.edu/blog/keys-unde… 2/
“New: In 2010, KPN commissioned a study into the behavior of Huawei in the mobile network. The findings were so serious that it was feared for the continued existence of KPN Mobiel if the conclusions were to be leaked”
I can’t access the reporting (paywall and in Dutch) or the actual report. But it sounds like Huawei retained admin access to eavesdrop on calls in the Dutch network, against explicit agreements.
I’ve seen this pattern of story, and I know that it will be hailed by some as “the smoking gun proof of malice” and others will point out that the Huawei code was just a smoking pile of sloppiness, and really: it doesn’t matter.