Even if you trust your nation state 100% having a backdoor means it has already fallen into the wrong hands. That's because 'nation state' is not synonymous with 'people running the nation state'.
Literally hosed. There's a funny jargon term "rubber hose cryptography" that's used to refer to the cryptanalysis method where you beat someone with a rubber hose until they give you the key. It's 100% effective against all forms of cryptography including even post-quantum algorithms.
You would be surprised that for a percent this would not work. Some even like it. Some have a deathwish and want to be a martyr. Some people blow themselves up to further a cause. Also put under heavy stress memories of keys cannot be recalled at times.
It's probably slightly less effective than threatening to kill family members but probably more than threat of jail time.
Either way you require someone alive and with mental awareness. The mind reading tools found in science fiction hasn't been developed yet.
It doesn't matter, something will be found that will coerce them into talking. Nobody is an island. Everyone has a breaking point, if it's not rubber hoses, it's socks full of rocks, or it's bottles of mineral water, or any number of methods. Don't think for a second that someone hasn't thought of a better way to get information out of somebody else.
Terrorists are generally highly altruistic, not psychopaths.
It’s a lot easier to blow yourself up(or to spread ideology which encourages it)for a cause that you believe is helping people, in particular _your_ people.
The terrorists that blow themselves up and that blow other people up are usually misguided brainwashed angry young men. It's nothing to do with ideology, everything to do with power. Or did you think blowing up schools full of girls is something people genuinely believe helps their people, to give just one example?
Ordinary people just want to be left alone. Old guys wishing for more power will use anything to get it, including sacrificing the younger generations.
No, it's something that a bunch of old guys with issues told them helps their people.
Beliefs stop when they are no longer about yourself but about how other people should live. Especially when those other people loudly protest that this is how you think they should be living. Killing them is just murder, not the spreading of ideas.
But hey, those human rights are just for decoration anyway.
The old men persuade the would-be suicide bomber that educating women will liberate and liberalize them, and that this is counter to the interests of those who prefer the traditional order of society. Are they even lying?
You're deeply mistaken if you think there aren't men who don't genuinely prefer the traditional order of women being subjugated by men.
1. Not everybody shares your values.
2. People who don't share your values are not necessarily brainwashed.
3. People may do things that are irrational under your system of values, but rational under their own.
And BTW, there is no a single fighting force in the world that doesn't have old men persuading young men to sign up and risk throwing away their lives. There's not a whole lot of difference between regular soldiers persuaded to participate in a forlorn hope or banzai charge attacking a defended position and a suicide bomber or kamikaze.
That's actually not true. It can do nothing about M of N cryptography. (That's when a key is broken up such that there are N parts, and at least M (less than N) are required to decrypt. It doesn't matter how many rubber hoses you have, one person can fully divulge or give access to their key and it's still safe.
I always giggle a little when really smart people forget thugs exist and do what they’re told. If that includes breaking the knees of M people to get what they’re after, then M pairs of knees are gonna get destroyed.
This isn’t hard to understand, but it’s easy to forget our civilization hangs by a thread more often than any of us care to admit.
I don't remember the provenance of the quip, but somewhere at a def con or a hope, I heard, "The point of cryptography is to force the government to torture you."
They're perfectly ok with that, and depending on where you live this may happen in more or less overt ways. If the government wants your information, they will get your information. Your very best outcome is to simply rot in detention until you cough up your keys.
Now that I think about it, I'm pretty sure it was a session about root zone security, and Adam Langley was in the room. I was thinking, damn, kinda sucks to be the guy that holds Google's private keys. They want someone's information, so they let you rot...
You know there are other ways to have a video and send it to people than YouTube, right? You can just email a link from dropbox or gdrive, or an attachment, or send a WhatsApp/Telegram/etc. message, send a letter with a USB drive, etc.
Bob, Jon, and Tom have pieces of the key. Bob and Jon are in the US and arrested over and commanded by a court to give up the key. Tom is the holdout. The US will issue an international arrest warrant, and now Tom can never safely fly again or the plane will be diverted to the nearest US friendly airport where they will be extradited. So, yea, "safe" is very situational here.
This probably works if each person has a cyanide+happy drug pill or a grenade and is willing to sacrifice themselves and the rubber-hoser(s). I think that requires a rare level of devotion. This process must also disable a simple and fragile signalling device to let the others know what's coming.
This would not work well, because you can’t do it in a secret manner. Overuse of the rubber hose cryptography will become known, and there will be public backlash.
Seems like the NSA is threatening everyone of arrest (=state-organized violence) if they don’t secretly give them keys, and Snowden revealed it, and there is no public backlash.
I mean in the end everything is people just like Logan Roy said in Succession. Cryptography or any software protections are the same. It's a great quote that is very true:
> "Oh, yes... The law? The law is people. And people is politics. And I can handle of people."
Addendum: if your threat model includes any nation state that has significant ties to the nation state that hosts your physical or transit infrastructure, you're hosed.
The US authorities can make the same orders that they made with LavaBit (i.e. ordering them to produce a backdoored build and replace yours with it), and they can make them secretly. Given that Signal by design requires you to use it with auto-update enabled (and, notably, goes to some effort to take down ways of using it without auto-update), and has no real verification of those auto-updated builds, I would consider it foolish to rely on the secrecy of Signal if your threat model includes the US authorities or anyone who might be able to call in a favour with them.
Signal started keeping sensitive user data in the cloud a while ago. All the information they brag about previously not being able to turn over because they don't collect it in the first place, well they collect it now. Name, photo, phone number, and worst of all a list of all your contacts is stored forever.
It's not stored very securely either. I wouldn't doubt that three letter agencies have an attack that lets them access the data, but even if they didn't they can just brute force a pin to get whatever they need.
