Decentralized systems can protect data from both government and cyber criminals
Apple, Google and WhatsApp did what they could by standing up for privacy and opposing to the latest compliance requests of the FBI. Apple CEO Tim Cook has gone as far as a law abiding citizen can go with his statement. The problem is the extent of how much a business can fight back against the government. The government request highlights the single biggest fundamental flaw in the ecosystem and application architecture of iPhone: the closed ecosystem is run by a corporation and businesses by definition are subject to subpoenas and government pressure.
There is no workaround to compliance and eventually businesses will have to surrender the privacy/security of the software to the government. It is naivety to assume the government won’t be able to force businesses to collaborate. If it comes down to it, new laws and legislation will be adopted to press businesses to build back doors and incorporate master encryption keys into their applications. Businesses are registered legal entities and as such they do not have human rights. Unlike citizens, businesses can’t claim that their human rights are violated by the government because there is no such thing as human rights of a corporation.
One possible solution Streembit offers is to exclude the corporations and proprietary software from the ecosystem by implementing a community driven decentralized, P2P overlay network.This gives individuals full control over the software, infrastructure and data to individuals. After all, individuals can’t be forced to surrender their encryption passphrase.
On a technical note, open source systems should implement better key protection functions than iPhone does. The iPhone key protection is based on a 4-digit passcode and allows the breaking of the security in maximum 10,000 iterations using a brute force attack. Using 256-bit symmetric keys, the data is safe regardless of whether the attack is initiated by the super computers of NSA or the zombie computer cluster of cyber criminals. Brute-force attacks against 256-bit symmetric keys would be unfeasible until computers are built from something other than matter and occupy something other than space This is explained here and here. Therefore, we just need better key protection functions than the 4-digit passcode of iPhone.
The Streembit passcode (that protects the user’s PPKI key pair) is relatively complex. Even the weakest Streembit passcode requires the following number of iterations with a brute force attack: 262×10×33×954×8!/4!≈3.05×1016. This means 3,050,000,000,000 (3.05 trillion) times more iterations than the 104 iterations are required to break the iPhone security.
Please note, this is related to the protection of the PPKI key pair. To protect real time communication, Streembit implements even more strong security by using a randomly generated 256-bit AES session key, which is never saved on the device and it is exchanged between peers with a randomly generated ECDH key pair. This means that real time communication, which is the main functionality of Streembit, is secure even from the brute force attacks of NSA super computers as well as from large zombie computer clusters of cyber criminals.
Check out the other open source projects I have contributed. You can contact me at [email protected] if you have any questions or comments.