On Wed, Sep 9, 2015 at 2:36 PM, R Kent James <[email protected]> wrote:
> On 9/9/2015 9:23 AM, Mike Hoye wrote: > >> "Any requirement that systems be designed or modified to enable >> third-party access to encrypted data undermines user security. The goal >> of computer security is to protect users' data from any access that user >> has not authorized; any mechanism that allows the state to circumvent >> the users' wishes can be co-opted and abused by other states or >> non-state actors to do the same. The same is true of surveillance and >> monitoring tools; it is impossible in practice to tell a lawful actor >> with "backdoor" access from an unlawful one. Without the transparency >> and accountability of open source software and open systems designed to >> secure user data rather than facilitate third-party access, those >> systems that states use are increasingly vulnerable to foreign and >> non-state compromise." >> > > There is an implicit assumption in the way this is worded that "MY > government is assumed to be benign, but YOUR government may be dangerous." > I don't read it that way, could you be more specific on what parts give you this impression? I'd like to see if I can see it once you point it out. I am reading with the context that I know Western governments are actively trying to subvert encryption and create back doors. > > There's a hint of trying to being politically sensitive to the fact that > we all have to live under some government that we don't want to antagonize, > but we want to find acceptable reasons why we will deny them access to our > user's data without actually coming out and saying that the government > itself might be evil. But face it, some are - maybe even yours (or mine) > without naming any nationalities here. > > Do we really have to be that cautious in our wording? Is there some way > that you can say that Mozilla is an international organization that appeals > to a diverse audience, and we cannot make any a priori assumptions about > who is or is not a legitimate entity that should have privileged access to > our user's data (subject to the laws that we are forced to obey)? > > Nit: "from any access that user has not authorized" is really begging for > a double that "access that that user". I agree with > http://english.stackexchange.com/questions/3418/how-do-you-handle-that-that-the-double-that-problem > : "it was a logic distractor, could lead to confusion, and therefore should > be reworded to avoid this." > > As a side note, Thunderbird is starting to work closely with the Pretty > Easy Privacy Foundation http://pep-project.org to make end-to-end > communication encryption a priority, so this issue is pretty close to our > heart these days. See also the large number of comments at > https://blog.mozilla.org/thunderbird/2015/08/thunderbird-and-end-to-end-email-encryption-should-this-be-a-priority/ > > R Kent James > Chair, Thunderbird Council > > _______________________________________________ > governance mailing list > [email protected] > https://lists.mozilla.org/listinfo/governance > _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
