Eccentric entrepreneur Kim Dotcom claims to be building a "new private internet" safe from the prying eyes of surveillance communities, but experts say it's a "preposterous pipe dream."
MegaNet, expected to launch in 2016, is an encrypted — and allegedly wholly private — peer supported internet. When asked last month to prove whether his network was more than just an idea the mogul told Fairfax Media that it may be just his words now but that "the security community will appraise it and validate this service".
Unfortunately, the security community has now spoken and they're extremely sceptical.
"It's a pipe dream to think that you can fight the national security agencies at their own game," says Stephen Wilson, managing director of the Lockstep Group.
You can't control anarchy
Part of the reason MegaNet fails to live up to its promise of privacy is because the environment of the devices it runs on is inherently anarchic.
"The run time environment of the phones that Dot Com says will host his 'perfect' network is uncontrollable," Wilson told Fairfax.
"The best military grade encryption requires specially certified hardware security modules (which to be fair are becoming widespread in mobile phone Secure Elements) but it also needs carefully written and verified code."
Technology can't solve privacy issues
Wilson called MegaNet "brittle, unforgiving and only applicable to very unusual people" and warned that "technology can't solve our privacy issues".
"Advocates for these tools are not dishonest but they are utopian," he said. "Surveillance and privacy are political issues. You can only fight national surveillance agencies at the ballot box.
"You don't turn around today's abhorrent national surveillance practices and bare-faced commercial exploitation of personal data by fighting fire with fire. Instead, you lobby for better national security policies and better privacy enforcement."
We've heard it all before
The security & encryption expert said security professionals tend to "turn off" as soon as they hear new cryptography & algorithms are involved.
"The claims are fanciful," he said. "The consumer platforms being proposed are not fit for the intended purpose. And sweeping claims of perfection never stand up to scrutiny.
Blockchain could put you behind bars
Mega Net models its file storage system off Blockchain, Bitcoin's method of recording transactions. With every MegaNet user storing some capacity of the network's file system on their device, Wilson says it can make them vulnerable to search and seizure by law enforcement.
"There are ways in theory for messages to be split up amongst memory stores, and I can think of ways Dot Com might be doing it," Wilson said. "But I doubt any mug user could convince authorities, based on the MegaNet brochureware, that there can't be anything on their phone of interest. Why would law enforcement believe that? So yes, national security agencies would have a case to search the phone."
It wouldn't be the first time that people participating in anonymity tools have been held accountable for the behaviour of others on the same network.
In Austria last year a TOR operator was found guilty as an accomplice because someone used his node to commit a crime.
In any case, Blockchain is as yet an unproven technology, even for the Bitcoin it was designed for, Wilson added.
"By that I mean, the cryptography is wonderful but the implementation depends on realities like perfect key management at the end points, assumptions about who controls the mining resource, and resistance to exotic new attacks that are emerging."
"The Bitcoin community is in flux; they can't agree on how to maintain the block size, or when to fork the blockchain," the security expert told Fairfax. "This is code we're talking about, written by volunteers, who squabble like all coders do. Who knows if the code is even properly tested and reviewed."
Someone has to know what's going on
The managing director added that the security of MegaNet depends on splitting up its secrets, meaning users will never be able to store anything securely locally.
"But hey, when you decrypt the secret stuff and display it on your phone, well then it's in the clear after all, for the cops to seize in any case."
The eccentric millionaire claims to have designed the network such that nobody — not even he and the people building the new system — knows what is stored on it, but Geordie Guy, privacy and online rights analyst for Future Wise, said somebody has to be the fall guy.
"Distributed systems need a way to, well, de-distribute," Guy told Fairfax. "Something or someone somewhere in MegaNet knows the topology of the whole network, and can be compelled by law enforcement to hand it over."
Guy says it is impossible to reclaim the web from surveillance communities without building new infrastructure "because the people who'd do that — Kim Dotcom included — aren't as resourced as the surveillance community".
"When Google found out that the NSA was intercepting the links between their and Yahoo's data centres two years ago everyone was really surprised, because it involves a phenomenal amount of smarts and money to actually intercept fibre optic cables like that. Even if you built new infrastructure to hide from the surveillance communities, well they hacked Google and Yahoo, they'll hack you too."
Kim Dotcom did not respond to a request for comment regarding the analysts' claims.