On Wed, 27 Feb 2019 09:30:45 -0500 Alex Gaynor via dev-security-policy <dev-security-policy@lists.mozilla.org> wrote:
> Finally, I think there's a point that is very much being stepped > around here. The United States Government, including its intelligence > services, operate under the rule of law, it is governed by both > domestic and international law, and various oversight functions. It > is ultimately accountable to elected political leadership, who are > accountable to a democracy. So, on my bookshelf I have a large book with the title "The Senate Intelligence Committee Report On Torture". That book is pretty clear that US government employees, under the direction of US government officials and with the knowledge of the government's executive tortured and murdered people, to no useful purpose whatsoever. For the avoidance of doubt, those are international crimes. Are those employees, officials and executives now... in prison? Did they face trial, maybe in an international court explicitly created for the purpose of trying such people? Er, no, they are honoured members of US society, and in some cases continue to have powerful US government jobs. The US is committed to using any measures, legal or not, to ensure none of them see justice. Sure, there are lots of places where there wouldn't even be a book published saying "Here are these terrible things we did". But that's a very low bar. For the purposes of m.d.s.policy we definitely have to assume that the United States of America very much may choose to disregard the "rule of law" if it suits those in power to do so. I don't think the insistence that the UAE is definitively worse than the US helps this discussion at all. We're not here to publish books about awful things done by governments years after the fact, we're here to protect Relying Parties. It is clear they will need protecting from the US Government _and_ the United Arab Emirates. Nick. _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy