The Golden Key story on Hacker News  reminded me about my old write-up posted after Lavabit situation. I’m pro-privacy. I know an aggressive government in a police state with a mix of non-active and supporting citizens might lead to mandatory, lawful intercept added to our designs. I also noted the Lavabit judge asked Levison for an alternative to the pen register which he didn’t have on hand. So, as a defensive measure, I tried to design a high-assurance solution to the problem using only things which have already existed in highly-robust form. Revised that old write-up for more clarity on my position and proposal.
Note: I had to do the revision in a hurry as I have some errands to run. Do tell if you see any probable revision errors or just things that are unclear. As I noted, it leaves out some detail to be read by a wider audience.
It doesn’t matter wether such a system is possible to construct, because the only way it has any value is to deeply and constantly inspect everybody’s turing machines all the time to make sure they’re only running approved software. If that were possible, big brother wouldn’t have the problem they have.
It might not be politically feasible, but it is technically possible.
The other value it has is consumer or enterprise whitelisting like a bunch of similar solutions. There’s also R&D in applying such techniques to cloud hosts so third parties can trust them more. Far as this topic, the Patriot Act already gave them mass surveillance and per Core Secrets some way to “compel” local providers to “SIGINT-enable” their products. Who knows what that means. I assume U.S. is already backdooring a lot of things with Apple being an outlier. The mass surveillance is already happening. Far as technical components, the trusted computing push got advertised remote access into the x86 systems with mobile adding secretive stuff with stuff like trustzone. And, unlike the days of the Crypto Wars, the next battle will happen in a world where most people put all their info and activity into surveillance engines. Who knows what the result will be.
So, I decided to design something at a concept level. It can double as a solution for enterprise appliances or servers to only run what they’re supposed to with administrative or monitoring functionality not being an unnecessary attack surface. Hopefully, we never need it but it’s technically feasible outside hardware attacks.