How To Foil NSA Sabotage: Use a Dead Man’s Switch September 10, 2013
News

mspohr writes “Cory Doctorow has an interesting idea published in today’s Guardian on how to approach the problem of NSA ‘gag orders’ which prevent web sites, etc. from telling anyone that they have been compromised. His idea is to set up a ‘dead man’ switch where a site would publish a statement that ‘We have not been contacted by the government’ … until, of course, they were contacted and compromised. The statement would then disappear since it would no longer be true. He points out a few problems… Not making the statement could be considered a violation of disclosure… but, can the government force you to lie and state that you haven’t been contacted when you actually have?” Rsync.net has been doing this for years; rather than the statement disappearing in case of an NSL being issued, it simply would stop updating. Indeed, their canary text also points out the same possible flaws: “This scheme is not infallible. Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations. The news clip in the signed message serves to demonstrate that that update could not have been created prior to that date. It shows that a series of these updates were not created in advance and posted on this page.”… mspohr writes “Cory Doctorow has an interesting idea published in today’s Guardian on how to approach the problem of NSA ‘gag orders’ which prevent web sites, etc. from telling anyone that they have been compromised. His idea is to set up a ‘dead man’ switch where a site would publish a statement that ‘We have not been contacted by the government’ … until, of course, they were contacted and compromised. The statement would then disappear since it would no longer be true. He points out a few problems… Not making the statement could be considered a violation of disclosure… but, can the government force you to lie and state that you haven’t been contacted when you actually have?” Rsync.net has been doing this for years; rather than the statement disappearing in case of an NSL being issued, it simply would stop updating. Indeed, their canary text also points out the same possible flaws: “This scheme is not infallible. Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations. The news clip in the signed message serves to demonstrate that that update could not have been created prior to that date. It shows that a series of these updates were not created in advance and posted on this page.”

Read more of this story at Slashdot.






Read more http://rss.slashdot.org/~r/Slashdot/slashdot/~3/WTzy2nadJms/story01.htm