[liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox

[Zooko Wilcox-OHearn]

On Tue, Apr 22, 2014 at 11:47 AM, Caspar Bowden (lists)
<lists at casparbowden.net> wrote:
>
> TAHOE is also cool, but doesn't claim to provide confidentiality. A TAHOE
> service provider would have no choice but to round-up/backdoor the necessary
> keys under existing US (FISA/PATRIOT) or UK (RIPA Pt.3) legislation [or
> Indian IT Acts etc. etc.]

Oh, by the way, this part was incorrect. An example of a Tahoe-LAFS
service provider is my company, https://LeastAuthority.com.
LeastAuthority.com does not have any ability to acquire our
customers's keys, nor to backdoor our customers. I wouldn't be
surprised if we are the only cloud storage company in existence that
can defensibly make such a strong claim.

By the way, here's a rhetorical technique that I think is useful:

Change the hypothetical attacker, the one who who might compel a
service provider to betray its customers, from the government to the
mafia. What if a service provider has customers who are blogger
activists who are campaigning against Mexican drug cartels? What if an
infamously violent mafia organization, such as the Zetas Cartel,
contact the service provider and tell the provider that if they fail
to cooperate, that their family members will be tortured and murdered?

As far as the technical mechanisms go, these two stories have
approximately the same consequences. Whether the attacker is an
oppressive national government or a murderous mafia, the critical
technical questions have to do with what powers the service-provider
has which it can wield to deliver its hapless customers to the
attacker.

Anyway, when we designed the LeastAuthority.com architecture, we used
the "Zetas Vs. Bloggers" story as our guiding story. That's why the
result is (I suspect) stronger against that sort of threat than any
other comparable service.

Regards,

Zooko Wilcox-O'Hearn

Founder, CEO, and Customer Support Rep
https://LeastAuthority.com
Freedom matters.