← Back to context

Comment by otterley

9 days ago

The U.S. Government can’t decrypt data for which it does not possess the key (assuming the encryption used is good).

4 comments

otterley

Reply
littlestymaar  9 days ago

Well first of all neither you and I knows the decryption capabilities of the NSA, all we know is that they have hired more cryptologists than the rest of the world combined.

Also, it's much easier for an intelligence service to get the hand on a 1kB encryption key than on a PB of data: the former is much easier to exfiltrate without being noticed.

And then I don't know why you bring encryption here: pretty much none of the use-case for using a cloud allow for fully encrypted data. (The only one that does is storing encrypted backups on the cloud, but the issue here is that the operator didn't do backups in the first place…)

  • otterley  8 days ago

    1. More evidence suggests that NSA does not know how to decrypt state-of-the-art ciphers than suggests they do. If they did know, it's far less likely we'd have nation states trying to force Apple and others to provide backdoors for decryption of suspects' personal devices. (Also, as a general rule, I don't put too much stock in the notion that governments are far more competent than the private sector. They're made of people, they pay less than the private sector, and in general, if a government can barely sneeze without falling over, it's unlikely they can beat our best cryptologists at their own game.)

    2. The operative assumption in my statement is that the government does not possess the key. If they do possess it, all bets are off.

    3. This thread is about a hypothetical situation in which the Korean government did store backups with a U.S.-based cloud provider, and whether encryption of such backups would provide adequate protection against unwanted intrusion into the data held within.

    • littlestymaar  8 days ago

      > 2. The operative assumption in my statement is that the government does not possess the key. If they do possess it, all bets are off.

      All bets are off from the start. At some point the CIA managed to get their hands on the French nuclear keys

      > 3. This thread is about a hypothetical situation in which the Korean government did store backups with a U.S.-based cloud provider

      This thread is about using US cloud providers, that's it, you are just moving the goalpost.

dboreham  9 days ago

In theory. I'm very much happier to have my encrypted data also not be available to adversaries.