The best part of the “going dark” debate is that we have to pretend sophisticated attacks by nation-states and criminals are some kind of Gibsonian sci-fi fantasy. It’s 2019. Theres a multi-billion dollar industry around attacking phone security systems.https://www.fastcompany.com/90307864/u-s-fund-sells-israeli-hacking-firm-nso-group-amid-spy-mystery …
-
-
it sounds like you don't get a choice about the latter though, so you may as well just say "no" to both

-
Right, it's just a thought experiment. It will never happen, but if the USG committed to only using a lawful key escrow system, it might move the 0day market as billions of dollars fall out of it. Maybe that would have some benefits, but the economics seem complicated.

- 21 more replies
New conversation -
-
-
I missed this, and that makes me sad because I love this question. Some folks in our field once tried to make a “trade”: support for law enforcement hacking in exchange for no backdoors. The “result” was that law enforcement eagerly adopted hacking, and asked for backdoors.
-
You're not really playing along with the experiment though, isn't that like saying Maxwell's Demon can't violate thermodynamics, because demons don't exist!

- 1 more reply
New conversation -
-
-
Right, but everyone can already do all those things with 0day. I'm asking if we could choose one of the other, which is better? I agree our only realistic options are one or both, but if that wasn't the case.
- 17 more replies
New conversation -
-
-
I would ban state-sponsored key escrow and accept 0-day. Criminals do far less systematic damage than authoritarian states do. It’s also possible to defend against 0-day. Nothing can be done to prevent abuse of key escrow, and no way to see it being used.
-
Interesting, but not sure I understand the "no way to see it" point, presumably it would require a legal paper trail and audited access (the same way the signing keys are stored in an HSM today, for example).
- 6 more replies
New conversation -
-
-
Because of Law #3 (If a bad guy has unrestricted physical access to your computer, it’s not your computer anymore) and the imperfection of humanity I think zero days will always exist.
-
Sure, but for the purposes of discussion, which is preferable? LE use 0day right now, where they would probably prefer warrants, right? I think you're saying that with a key escrow system, 0day will still exist, so we've made things worse? (I promise I'm not making a point)
- 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.