Dave Chaum’s idea to to try and balance between state actors demand for internet sovereignty and the defacto end of citizen privacy, with the need to address emotive causes such as terrorism, paedophile rings and organised crime got a lot of attention from wired.
The principle behind PrivaTegrity is that there would be a backdoor, but the back door could only be opened with a nine-part key. The parts would be distributed internationally to try and reduce the ability of a single state actor to force access.
However it has a number of flaws to it:
- It assumes that bad people will use a cryptographic system with a known backdoor. They won’t they will look elsewhere for the technology
- It has a known backdoor, there is no guarantee that it can’t be opened in a way that the developers hadn’t thought of
- Nine people will decide what’s evil
- If you’re a state actor or a coalition of state actors, you know that you have nine targets to go after in order to obtain access by hook-or-by-crook. It was only Edward Snowden who showed us how extraordinarily powerful companies where bent to the will of the US government. The UK government is about to grant itself extra-territorial legal powers to compel access. There is no reason why a form of extra-ordinary rendition couldn’t be used to compel access, rather like Sauron in The Lord of the Rings bending the ring bearers to his will. Think of it as Operation Neptune Spear meets a Dungeons & Dragon quest held at a black site