On Thu, Sep 10, 2015 at 7:28 AM, Gijs Kruitbosch <
gijskru...@gmail.com>
wrote:
> On 10/09/2015 00:42, Majken Connor wrote:
>
>> On Wed, Sep 9, 2015 at 2:36 PM, R Kent James <
ke...@caspia.com> wrote:
>>
>> On 9/9/2015 9:23 AM, Mike Hoye wrote:
>>>
>>> "Any requirement that systems be designed or modified to enable
>>>> third-party access to encrypted data undermines user security. The goal
>>>> of computer security is to protect users' data from any access that user
>>>> has not authorized; any mechanism that allows the state to circumvent
>>>> the users' wishes can be co-opted and abused by other states or
>>>> non-state actors to do the same. The same is true of surveillance and
>>>> monitoring tools; it is impossible in practice to tell a lawful actor
>>>> with "backdoor" access from an unlawful one. Without the transparency
>>>> and accountability of open source software and open systems designed to
>>>> secure user data rather than facilitate third-party access, those
>>>> systems that states use are increasingly vulnerable to foreign and
>>>> non-state compromise."
>>>>
>>>>
>>> There is an implicit assumption in the way this is worded that "MY
>>> government is assumed to be benign, but YOUR government may be
>>> dangerous."
>>>
>>>
>> I don't read it that way, could you be more specific on what parts give
>> you
>> this impression? I'd like to see if I can see it once you point it out. I
>> am reading with the context that I know Western governments are actively
>> trying to subvert encryption and create back doors.
>>
>
> I see two instances:
>
> any mechanism that allows the state to circumvent the users' wishes
>> can be co-opted and abused by other states or non-state actors to do
>> the same.
>>
>
> which can be read to imply "the state" has a legitimate right to
> circumvent the users' wishes, and "other states" do not, ie one is "benign"
> and the other "dangerous".
>
Ah, see I see this as addressed *to* the governments. The arguments they're
making are that "we need these back doors to keep our people safe" and I
read this as being told to them "if you can do it, so can your enemies, you
don't actually want this." You don't have to agree with someone's
conclusions to help them see that even if you accept their arguments it
still boils down to "this is bad."
>
> I agree that there is little point in making this distinction unless we
> are actively marketing towards governments who want us to assume their
> goodwill/benevolence, which I don't think this paragraph needs to do. We
> could avoid the reading I tried to explain by stating something like "even
> if one assumes the need for and legitimacy of a mechanism to circumvent the
> users' wishes for use by a 'blessed' actor, such a mechanism can be
> co-opted and abused by other actors to do the same."
>
>
Right, I read it as neutral because it doesn't say if it's good or not for
the state to do it, just acknowledging that the state wants to do it. But I
agree that leaving it neutral leaves it open for different readings,
something could be added here.
> The other instance is:
>
> those systems that states use are increasingly vulnerable to foreign
>> and non-state compromise.
>>
>
> Where I think there's a simple solution of just omitting "foreign and
> non-state", and perhaps "that states use" as well.
>
>
True, there are instances of people abusing state resources, though I do
read this as being directed towards governments and that doesn't need to be
pointed out to them to get the point across, and including that might make
them more defensive.