On 23/09/2013 3:45 PM, John Kelsey wrote: > It needs to be in their business interest to convince you that they *can't* > betray you in most ways. This is the most important element, and legislation that states you "cannot" share that information won't be enough, especially since the NSLs have guaranteed that it can be circumvented without any real effort.
If Google, or other similar businesses want to convince people to store data in the cloud, they need to set up methods where the data is encrypted or secured before it is even provided to them using keys which are not related or signed by a central authority key. This way, even if Google's entire system was proven to be insecure and riddled with leaks, the data would still be secure. You cannot share data that you can never have access to. Albeit, from a political perspective this could be Kryptonite since less savory types will be inclined to use your services if you can show effectively that the data stored on your services is inaccessible even under warrant. It will be hard to handle the public relations the first time anyone of the standard list of "think of the children!" group of criminals starts to use your services. -- Kelly John Rose Mississauga, ON Phone: +1 647 638-4104 Twitter: @kjrose Document contents are confidential between original recipients and sender.
_______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
