Government Backed Public Keys

Mon 19 August 2013

Ted Dziuba:

I already have federally-issued documentation of my citizenship, my US Passport. There ought to be a way to get my PGP key signed by the government, so I can sign my messages as an American citizen, having the government be the trusted authority on that matter.

This is interesting because it doesn’t compromise my privacy. My private key is still private, but the government, through a verification process similar to the passport process, has declared they trust me to be an American citizen.

This could be added as a signal for NSA collection systems, since the NSA ought to trust its own key-signing authority, it can be absolutely sure that an encrypted communication it intercepts is from an American citizen, and thus discard it.

I like this idea, with the emphasis on it being an opt-in service. Obviously one issue is that it would make it even easier to track WHO we are communicating to. However, since the NSA already does this easily, preventing them from doing so has to be accomplished by regulation and oversight, not by technological safeguards.