Could a better communication standard ensure better data privacy?
I'm no encryption expert. I'm sure there are AT LEAST a few dozen people here whose knowledge on this subject dwarfs mine. So, let's get those mental juices flowing. Maybe something already exists but isn't being used. If not, I'm hoping the mere suggestion of the idea sparks an idea that leads to greatness.
After thinking about what such an implementation might look like, the best I've come up with is a key that changes each time to be used for the next message. You send an message to a server. It's encrypted with a key that your client generated the last time it sent a message. The server can use that key (which it received with the previous message and stored) to decrypt that message. Included with your new message is a new key that will be used next time. This allows the server to store a bunch of messages for you, but it's only capable of decrypting one of them. To be able to view history, the keys would all be stored on your own computer.
Unfortunately, this brings us a step backwards in terms of usability. Suddenly you're back to the days of only having one client capable of reading your stuff. The other thought that crossed my mind was client-to-client communication.
Maybe there's a better way to accomplish the same end goal - give companies an excuse to tell the FBI/NSA "Sorry, but I couldn't give you that information, no matter how badly I want to".
What do you all think? Am I crazy or is there any validity to any of this?
4 comments
[ 2.4 ms ] story [ 23.1 ms ] threadSo they'll need to start offering encryption solutions as benefits that we know can't be accessed or even cracked by the NSA - OTR, ZRTP, PGP and so on.
I've been thinking a lot about whether a service could be created with encryption that prevents the holder of the data from reading it by offloading part of the key to the client. I think it could be done. Probably what would happen though is, as soon as it's implemented, the site would be treated in the same regard or worse than piratebay...