
Eran Tromer's Attack on Ray Ozzie's CLEAR Protocol - sohkamyung
https://www.cs.columbia.edu/~smb/blog/2018-05/2018-05-02.html
======
joe_the_user
By the article's description, CLEAR is a "trusted computing" approach - law
enforcement can control things about the phone that the user cannot.

Aside from the particular attack described, such systems are both inherently
undesirable and unlikely to stop serious criminals while decreasing the
security of the casual user.

see: [https://www.gnu.org/philosophy/can-you-
trust.en.html](https://www.gnu.org/philosophy/can-you-trust.en.html)

~~~
dcow
If two people are allowed to talk privately in person, and if that right
extends to the digital realm, then strong encryption is a must. In a world
with CLEAR people would just send ephemeral messages. Unless we fundamentally
assert an individual's right to privacy we'll just end up in a crypto arms
race.

------
dcow
What about CLEAR makes it novel beyond the blown fuse (which doesn't actually
impact the threat model anyway)? AFAICT it's literally just single key escrow
where the vendor is the escrow service... why is it getting so much attention?

~~~
Arnt
Doesn't seem novel to me either.

RFC 1925 point 11 applies.

------
chacham15
While the situation described here has measures that can be taken to prevent,
the entire system is trivially compromised by the fact that the consumer
controls the software. All a bad actor needs to foil this entire schema is to
unlock the phone and program it so that whenever it is asked for a device
unlock request, it will simply factory reset the hard drive (or even more
covertly, reimage it to a different drive). With this approach, the criminal
reveals nothing and law-abiding citizens are open to multiple undiscovered
attack vectors.

~~~
abcd_f
This is covered in the article:

 _Another problem is that CLEAR phones must resist "jailbreaking", i.e., must
not let phone owners modify the operating system or firmware on their own
phones. This is because CLEAR critically relies on users not being able to
tamper with their phones' unlocking functionality, and this functionality
would surely be implemented in software, as part of the operating system or
firmware, due to its sheer complexity (e.g., it includes the "device unlock
request" screen, QR code recognition, crytographic verification of unlock
codes, and transmission of data dumps). In practice, it is well-nigh
impossible to prevent jailbreaking in complex consumer devices, and even for
state-of-the-art locked-down platforms such as Apple's iOS, jailbreak methods
are typically discovered and widely circulated soon after every operating
system update._

