Cothority is a new software project that uses “multi-party cryptographic signatures” to make it infinitely harder for governments to order companies to ship secret, targeted backdoors to their products as innocuous-looking software updates.
It’s a form of “software transparency,” whereby the existence of any given update becomes much harder to keep secret. Cothority would change the way companies like Apple sign their code – rather than requiring a single signature from Apple to validate code before a device was willing to install it, the Cothority system requires that Apple’s signature be accompanied by a quorum of signatures from third parties in multiple jurisdictions, attesting that they were asked by Apple to sign an update.
If there were, say, 8000 potential signatories, of whom 4000 were required to sign an update before a device trusted it, then a government that tried to pressure Apple into keeping the existence of a targeted backdoor secret would also have to get 4000 other people, organizations or companies to also keep a secret. If those entities leaked the fact that they were asked to sign an update that never appeared for most users, then it would be apparent that Apple had targeted an update to a small number of users – itself a strong indicator that they’d made a backdoor.
It’s a bit of game-theory. As I’ve written before, the point of this kind of thing is to keep governments from even trying to put secret pressure on tech companies, because the system is set up so that the secret immediately gets out. Economists call it a “Ulysses pact,” named for Ulysses’ tactic of lashing himself to the mast when his ship passed by the sirens, so their songs couldn’t lure him into jumping overboard – by (literally) tying his hands, he entered into a situation knowing that certain actions were off the table. This is used all the time in negotiating – for example, a union negotiator may say, “I’ll resign before I accept rollbacks on pensions.” The management rep can bluster all they want about rollbacks, but the negotiator can say, “Sorry, if it’s rollbacks or nothing, then I have to quit and you’ll have to wait until a new negotiator is chosen. I literally can’t sign a deal with rollbacks in it.”
Using Cothority means trading short bursts of inconvenience (having to muster a quorum every time you want to ship an update) off against the long-term, terrible pain of fighting a state-level actor who tries to use secret orders to force you to do something that, if it became public, could wound or even kill your business off.
Companies in general are pretty bad at making bets against long-term pain, and public companies (focused on quarterly earnings statements) are even worse. That fact is behind the climate crisis, pollution, bad labor practices, Dieselgate, and so many of our other heartaches. Nevertheless, the existence of a tool changes the facts on the ground: once tools like Cothority exist, then the decision not to use them becomes, in effect, a sign saying “We’re open for business when it comes to secret wiretap orders.”
Note that Cothority would do nothing in the current Apple v FBI mess. In that case, Apple is being ordered to publicly produce a signed update to help backdoor a device.
Over at MAKE, Mike Senese comments on this stock photo of a “Beautiful Woman Soldering.” It’s an unintentional “how many things are wrong in this picture?” puzzle.
What this is: Disappointing, infuriating, and a direct result of President Trump’s decision to withdraw President Obama’s previously issued guidance on transgender youth.
What this isn’t: The end of the road. The past few months have seen a historic growth in support for transgender protections at the highest level. Thousands of individuals and organizations have signed on to the amicus briefs—major medical associations, unions representing millions of teachers, national religious leaders, elected officials at the local, state, and federal level, and ordinary citizens concerned about the rights and dignity of their fellow human beings.
This decision does not void any existing Title IX legal protections for transgender students, and similar cases regarding the fundamental rights of transgender students in schools are pending throughout the circuit courts.
The momentum on this issue is clear, and it isn’t going to be readily reversed—at least not if we all continue to work for what’s right. We remain committed to standing with Gavin, to supporting the ACLU, and ultimately toward the passage of explicit, comprehensive nondiscrimination protections for all LGBTQ Americans. It’s more important now than ever before.
Sean Spicer – spokesman for the leakiest White House in history – summoned his staff to a surprise meeting where they were forced undergo a “phone check” where they unlocked their phones to prove they had “nothing to hide.”
Spicer then went on to lecture his staff that using privacy-oriented messaging apps like Signal and Confide “was a violation of the Presidential Records Act.”
Word is that Spicer is worried that his boss – whose trademark, after all, is to bark “you’re fired” – is growing impatient with the the shambolic nature of White House communications, and that this is why Trump staged his own, off-script, bizarre and ominous press-conference.
At the meeting, Spicer told his staff they’d be subjected to worse punishments if news of the meeting was leaked.
