That's excellent! Point two seems weaker than the two others.
[email protected] wrote: > Hi all, > > Members of the platform, policy, and legal teams at Mozilla have been > working to create a set of principles that should serve as a guide to > government surveillance activities, and that are grounded in our > commitment to trust and openness online. We would appreciate your > input on these. Check them out below. > > The following three principles, derived from the Mozilla Manifesto, > offer a Mozilla way of thinking about the complex landscape of > government surveillance and law enforcement access. We are not > proposing a comprehensive list of good or bad government practices, > but rather describing the kinds of activities in this space that > would protect the underpinnings and integrity of the Web: > > 1) User Security > Mozilla Manifesto Principle #4 states "Individuals' security and > privacy on the Internet are fundamental and must not be treated as > optional." Governments should act to bolster user security, not to > weaken it. Encryption is a key tool in improving user security. > > Requirements that systems be modified to enable government access to > encrypted data are a threat to users' security. The primary aim of > computer security is to protect user data against any access not > authorized by the user; allowing law enforcement access violates that > design requirement and makes the system inherently weaker against > attacks that it is intended to defend against. Once systems are > modified to enable law enforcement access by one government, vendors > will be under enormous pressure to provide access to other > governments. It will not be possible in practice to restrict access > to only "friendly" actors. Moreover, the more government actors have > access to monitoring capabilities, the greater the risk that non > -governmental cyberattackers will obtain access. Endpoint law > enforcement access requirements are also incompatible with open > source and open systems because they conflict with users' right to > know and control the software running on their own devices. > > 2) Minimal Impact > Mozilla Principle #2 states that the Internet is a global public > resource. Government surveillance decisions should take into account > global implications for trust and security online by focusing > activities on those with minimal impact. > > Efforts should be made to collect only the information that is > needed. Whenever possible, only data on specific, identifiable users > should be collected, rather than collecting data from a large group > of users with the expectation that it can be triaged later. > Activities should be designed to minimize their impact on the > Internet infrastructure and on user trust. Compromise of or > unauthorized access to third party infrastructure or systems should > be avoided if at all possible and is wholly unacceptable if other > avenues for obtaining third party cooperation are available. > > 3) Accountability > Mozilla Principle #8 calls for transparent community-based > accountability as the basis for user trust. Because surveillance > activities are (and inherently must be, to some degree) conducted in > secret, independent oversight bodies must be effectively empowered > and must communicate with and on behalf of the public to ensure > democratic accountability. > > A strong oversight regime involves several components. Oversight > should be conducted outside of those agencies responsible for the > programs themselves, by bodies with broad mandates and access, > technical competence, and enforcement authority. Oversight should > include statutory transparency requirements that allow the public to > know that aggressive oversight is taking place and to be able to know > the scope and scale of government access to user data. Finally, > oversight should be evidence-based and start with an analysis of the > national security benefits and potential harms of programs in > question. > _______________________________________________ > governance mailing list > [email protected] > https://lists.mozilla.org/listinfo/governance _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
