Who is David Chaum, and what is the crypto-war he started all about?
Listen, it matters.
Chaum is a pioneer encryption expert, described in Wired as the “father of online anonymity.” Steven Levy, editor of internet techmag Backchannel and author of Crypto (2001), calls Chaum “one of the fiercest advocates of privacy I’ve ever met, as well as someone exceedingly skeptical of government encroachment.”
At Backchannel, Chaum explains why our communications are not nearly as anonymous as we think. Much of his account will interest only the specialist, but here is the skinny:
If surveillance agencies can get hold of “metadata” or “traffic analysis,” that is, who you are communicating with, the size of the file, when sent, etc., they probably already know a great deal about you. They can archive your posts for later search as needed.
He argues that, for restoring privacy,
There is only one practical and effective way that I know of. Messages from users must be padded to be uniform in size and combined into relatively large “batches,” then shuffled by some trustworthy means, with the resulting items of the randomly ordered output batch then distributed to their respective destinations. (Technically, decryption needs to be included in the shuffling.) Shortcuts to this provide a honeypot trap for the unwary. For instance, any system that has varied message sizes, like web pages, no matter the choice of computers that messages are routed through, is transparent to traffic analysis with the full take; systems where the timing of messages is not hidden by large batches are similarly ineffective.
Put simply, if it is impossible to find out who we are communicating with, when, and at what length, we may be just as anonymous on the internet as strangers chatting, unrecorded, in a checkout lineup.
So what’s the problem with his idea? UK’s Business Insider explains,
Simply put, the crypto war is all about encryption technology and whether it should be breakable. As more and more big tech companies incorporate encryption into their products that can’t be broken by anyone without the correct password or key, law enforcement officials have been up in arms, worried that vital evidence is “going dark.”
But, technologists and privacy activists counter, this is better than the alternative — backdoors for law enforcement access that would inevitably be discovered and abused by malicious actors.
Chaum’s proposed Privategrity system would use nine special servers in nine different countries to encrypt users’ data. The theory is, the system would almost always prevent mass government surveillance but would allow government access to combat terrorism or child sex abuse. In other words, all nine servers together could decrypt the data.
As the resulting furore on Twitter highlighted, the problem is that terrorists and child sex abusers, aware of this fact, might be inclined to give the system a miss.
In any event, why are we to assume that nine different governments would not agree to spy on people who are not dangerous but are unpopular with those governments’ constituencies—for example, religious sects that are a minority in many countries. They might well be more of a soft target than they are today.
Plus, the “malicious actors” noted above could be working within the justice system itself. Already, there are significant problems with the inappropriate use of data. Often it seems quite innocent, even virtuous: A police officer wants to know if her daughter’s deeply unsettling boyfriend has a criminal record… another officer wants to help a police widow find a respectable tenant… But, of course, it never ends there.
Chaum told Fortune that his idea, whatever its risks, is better than what we have now anyway:
“Today, social media is absolutely insecure and is openly being manipulated and pressured by government,” he added, citing a recent summit between United States security honchos and Silicon Valley tech companies in support of the allegation. “It’s irresponsible and misleading to focus on the specific security aspects of this system without contrasting them with the only known alternative.”
This issue is going to become much more important in years to come, and the best thing, for now, would be to keep an eye on it.
See also: Is our e-mail private? No. What protects most of us is that our words are lost among the trillions.
How much can the internet reveal about us? Instant Checkmate offers very sensitive data, from masses of government databases for a fee.
and
Let’s start asking politicians about Internet privacy before they take ground we can’t get back
Denyse O’Leary is a Canadian journalist, author, and blogger.
