[liberationtech] Secure Cloud Computing: Virtualizing the FreedomBox

Caspar Bowden (lists) lists at casparbowden.net
Thu Apr 24 10:54:48 PDT 2014 

On 24/04/14 19:08, Zooko Wilcox-OHearn wrote:
> ..On Tue, Apr 22, 2014 at 12:17 PM, Caspar Bowden (lists) 
> <lists at casparbowden.net> wrote:
>> It's a storage solution, and therefore not what actually Cloud is about in a
>> business/industry sense, who want Cloud compute power to crunch usefully on
>> encrypted data.
> I think you're on the right track here, Caspar. People need a lot more
> than just "self-storage in the cloud". There are two dimensions that
> they need more:
>
> 1. sharing; Sharing is a lot different from self-storage. Most cloud
> storage crypto *cements* the self-storage nature into place, by adding
> an encryption key, held by the user, that cannot be safely divulged to
> any other user. Tahoe-LAFS is very different in this way, it doesn't
> impede sharing. (As Tom Ritter alluded above, sharing is easy in
> LAFS.)
>
> 2. computation; People do need storage, but they get a lot more value
> from apps. Most cloud storage crypto cements into place the "no apps
> allowed, just data storage" nature, but LAFS is at least potentially
> better:
>
>     a. You can share your data with a remote server. Suppose you have a
> collection of data stored in LAFS. It could potentially be a large
> dataset, it could be heterogeneous in its schemas and storage formats
> (i.e., it isn't all in one tidy SQL db, but spread out in multiple
> formats and files). You started storing it in LAFS years ago, and have
> been incrementally adding to it and maintaining it ever since (i.e.,
> you didn't plan ahead for what's about to happen). Now you decide that
> one particular subset of it, e.g. one particular SQL db, or one
> particular folder full of docs, or something, needs to be shared with
> a remote server so that the server can do something fancy with it. It
> is easy for you to send that particular server access to that
> particular folder full of docs, without divulging any of your other
> data to that server and without divulging *anything* to anyone else
> other than that server.
>
>     b. LAFS can be integrated with client-side Javascript, so that all
> of the storage is encrypted and in-the-cloud, and all of computation
> is performed in Javascript on the end-point device (i.e. in the
> browser). I think things like this are the future.

These are great features, unavailable in other designs.

I just wanted to emphasize three points:

  * there is an awful lot of hogwash talked (not in connection with
    TAHOE BTW) that somehow "encryption" can take care of
    confidentiality in the Cloud. This is not true, in the sense of
    a-Holy-Grail-of-FHE discussed above in thread. It is literally a
    case of policy-makers hearing blah-Cloud-blah-blah-Encryption-Audit
    - that sounds OK. Many policymakers seem (still) not to (want to)
    understand that. There is no technical means to deny a government
    access to Cloud data, if laws have been passed to do that, and that
    Cloud provider's service involves computing with the data (rather
    than raw storage of data encrypted by the user)

  * A lot of stuff can be done with P2P architectures or on the user's
    device, but calculations which require close-coupling between
    intermediate results in a parallelized algorithm, can't be done P2P.
    But perhaps more importantly, the business model of commercial Cloud
    services from Google, Microsoft, etc. are to fill datacentres with
    conventional software applications that have been virtualized. This
    is precisely the kind of "Cloud" which encryption can't protect. It
    is the unique selling point of Cloud computing - "elasticity" of
    computing power. Any data from the rest of the world sent to US
    jurisdiction is buck naked before laws like FISA 702 (and policies)
    like EO12333, which only protect rights of citizens of those
    countries (US citizens and legal residents), and those not very well.

  * contrary to what seems prevalently reported this discriminatory
    aspect of US law is not the norm throughout the world. In fact, I
    have only been able to discover a handful of refs in Canadian,
    Australian and NZ law. Germany has 1. UK none. Indeed, it is a
    principle of the European Convention of Human Rights prohibits
    discrimination by nationality in this way, even for national
    security laws, period (except that German thing - it's complicated -
    ask me).

Caspar


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20140424/be17ccfb/attachment.html>

More information about the liberationtech mailing list