PrivaTegrity: the flawed model of distributed keys

Published: January 13, 2016 (Updated: February 11, 2023) in ethics | 倫理 | 윤리학, ideas | 想法 | 생각 | 考える, innovation | 革新 | 독창성 | 改変, legal | 合法的 | 법률학 | 法的, online | 線上 | 온라인으로 | オンライン, security | 保衛 | 정보 보안 | 情報セキュリティー, software | 軟件 | 소프트웨어 | ソフトウェア, technology | 技術 | 기술 | テクノロジー, telecoms | 電信 | 통신 | テレコム by renaissance chambara aka Ged Carroll.

2 minutes estimated reading time

Dave Chaum’s PrivaTegrity – an idea to to try and balance between state actors demand for internet sovereignty and the defacto end of citizen privacy. Whilst also addressing the need to deal with emotive causes such as terrorism, paedophile rings and organised crime got a lot of attention from Wired magazine.

Backdoors are considered problematic by privacy advocates and seem to be a panacea for governments who all want unrestricted access.

The principle behind PrivaTegrity is that there would be a backdoor, but the back door could only be opened with a nine-part key. The parts would be distributed internationally to try and reduce the ability of a single state actor to force access.

However it has a number of flaws to it:

It assumes that bad people will use a cryptographic system with a known backdoor. They won’t they will look elsewhere for the technology
It has a known backdoor, there is no guarantee that it can’t be opened in a way that the developers hadn’t thought of
Nine people will decide what’s evil
If you’re a state actor or a coalition of state actors, you know that you have nine targets to go after in order to obtain access by hook-or-by-crook. It was only Edward Snowden who showed us how extraordinarily powerful companies where bent to the will of the US government. The UK government is about to grant itself extra-territorial legal powers to compel access. There is no reason why a form of extra-ordinary rendition couldn’t be used to compel access, rather like Sauron in The Lord of the Rings bending the ring bearers to his will. Think of it as Operation Neptune Spear meets a Dungeons & Dragon quest held at a black site. Even if the US wouldn’t consider it a viable option, who is to say that other countries with capability wouldn’t do it. That group of countries with sufficient capability would likely include: UK, Kingdom of Saudi Arabia, United Arab Emirates, People’s Republic of China, Russian Federation, France, India, Pakistan, Turkey, Israel. All that these countries would need is intent

More information
The Father of Online Anonymity Has a Plan to End the Crypto War | WIRED
Privategrity