2 minutes estimated reading time
Dave Chaum’s PrivaTegrity – an idea to to try and balance between state actors demand for internet sovereignty and the defacto end of citizen privacy. Whilst also addressing the need to deal with emotive causes such as terrorism, paedophile rings and organised crime got a lot of attention from Wired magazine.
Backdoors are considered problematic by privacy advocates and seem to be a panacea for governments who all want unrestricted access.
The principle behind PrivaTegrity is that there would be a backdoor, but the back door could only be opened with a nine-part key. The parts would be distributed internationally to try and reduce the ability of a single state actor to force access.
However it has a number of flaws to it:
- It assumes that bad people will use a cryptographic system with a known backdoor. They won’t they will look elsewhere for the technology
- It has a known backdoor, there is no guarantee that it can’t be opened in a way that the developers hadn’t thought of
- Nine people will decide what’s evil
- If you’re a state actor or a coalition of state actors, you know that you have nine targets to go after in order to obtain access by hook-or-by-crook. It was only Edward Snowden who showed us how extraordinarily powerful companies where bent to the will of the US government. The UK government is about to grant itself extra-territorial legal powers to compel access. There is no reason why a form of extra-ordinary rendition couldn’t be used to compel access, rather like Sauron in The Lord of the Rings bending the ring bearers to his will. Think of it as Operation Neptune Spear meets a Dungeons & Dragon quest held at a black site. Even if the US wouldn’t consider it a viable option, who is to say that other countries with capability wouldn’t do it. That group of countries with sufficient capability would likely include: UK, Kingdom of Saudi Arabia, United Arab Emirates, People’s Republic of China, Russian Federation, France, India, Pakistan, Turkey, Israel. All that these countries would need is intent
More privacy related content here.