New Software To Balance Privacy and Security?

An anonymous reader writes "Claiming to provide both security and privacy, researchers at UCLA say they have developed a system to monitor suspicious online communication that discards communications from law-abiding citizens before they ever reach the intelligence community." From the article: "The truly revolutionary facet of the technology is that it is a new and powerful example of a piece of code that has been mathematically proven to be impossible to reverse-engineer. In other words, it can't be analyzed to figure out its components, construction and inner workings, or reveal what information it's collecting and what information it's discarding -- it won't give up its secrets. It can't be manipulated or turned against the user."

Re:Mathematical proof of code is a tough business

[Ckwop]

I'd like to see the demonstration. Until such time, I call bollocks and I refuse to believe an "impossible to reverse-engineer" piece of code ever exists.

I second your bullshit and raise! The problem with proofs such as this is that they assume broad axioms that in reality might not be true in the hardware. For example, they may well have proved the theorem if they assume all operations of a certain set take the same length but in reality they might not. The processor might take a ten billionth of a second longer to do one operation than it does another, or it might release more heat when it does one operation than it does when it performs another, or it might release a certain magnetic field when it does one operation and not another.

Side-channel attacks, as these are called, are often totally devastating. There was one attack where simply heating the computer up can cause a system to get owned. If the proof is correct, it's certainly interesting but practically we're a long way from getting to this gold standard.

Simon