Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Cryptography super-group creates unbreakable encryption

Gregory Maxwell greg at
Thu Feb 7 09:42:42 PST 2013

On Thu, Feb 7, 2013 at 9:12 AM, Christopher Soghoian <chris at> wrote:
> My area of research is the intersection of law, policy and technology. As
> such, I am most interested in companies' surveillance policies, their
> commitment to transparency, and their stated willingness to tell the
> government to GTFO if they come and ask for backdoors. On this front, Silent
> Circle is extremely interesting, probably more so than any other Internet
> company.

You may think these are your preferences, but what you're saying makes
it clear that your preferences are actually subtly different.

If someone says "we won't put in 'lawful surveillance' backdoors" but
doesn't back that up with independent auditing (which can come in the
form of access to source code) and you find that acceptable then what
you have is a preference for _claiming_ that there are no back doors,
and not a preference for being open about what the policy is (the real
policy is in the software, which the public has not observed) or a
preference for there being no back doors. Considering the long history
of mistakes and outright lies in security software— this is simply how
it is.

Doubly so when you consider that lying about a backdoor or being
mistaken about severe security holes is unlikely to carry consequence
more negative than being open to begin with.  If there were a surety
bond commensurate with the loss of life that could result from
mistakes and dishonesty here and there were independent auditing...
plus many of a number of other things then perhaps you could say that
you cared about transparency, policy, and backdoors.

> For many people on this list, source code is their #1 priority. That is
> fine. However, it is not my priority. I am more concerned with surveillance
> policy, because that is what I study and where I think I can be most
> effective in applying pressure.

You're erroneously concluding that people who disagree with you have
"source code [as] their #1 priority"— rather, I think it would be more
fair in the context of security software to characterize the position
has facts as #1 priority instead of warm and fuzzy hyperbole. Source
code access is simply the least expensive and most direct way to start
getting any real confidence that claims match reality.

Following the argument that something is not necessarily better than
nothing— we'd be better off if people who weren't interested in
producing trustworthy software we're pressed into making fuzzy
sounding fanciful claims.  If all you can be effective at doing is
improving the art of marketing (potential) snake oil, then perhaps you
need to reevaluate what you're working on.

More information about the liberationtech mailing list