Jonathan, I think we have all become so accustomed to computers where the superuser can do _everything_ that we have forgotten what privacy is in the context of multi-user computer systems.
Can you give some references on this topic? I think we have a pretty good idea now how privacy can be implemented and verified using confinement and TC, but here are a couple of issues that at least I could need some more pointers to: * What is the impact of not having the privacy requirements you want to have? One recent case I can think of is viruses that send random files to random people in your address book. What else is there? * More specifically: No popular system today provides this amount of privacy. Why is this currently not widely perceived as a problem? (This is another way of asking: Why are current systems not good enough?) * What are the legal consequences of implementing or not implementing this feature? In a system where the sysadmin can edit the content of the machine, he may be liable. In a system where every change can be (presumably) traced to me, _I_ am liable. How can I proof that the machine was compromised if there is a strong scientific argument that the machine is "safe"? For completeness: If we build such a system, and it turns out to _not_ be safe, are we programmers liable? Certainly we can't afford to carry such a liability as free software hackers writing in our spare time. * How do we know that we really achieve privacy? If the FBI/NSA/CIA/etc can install a cryptographic backdoor in TPM/TCPA chips, it can probably replace the OS without revealing this modification in the remote attestation protocol. Isn't it better to openly not have privacy than to believe to have privacy without actually having it? Also, what happens if the FBI/NSA/CIA/etc does this, then uses my account to attack some machines, and then sues me? (Ie, a combination of the last two points). Some of this is of course speculative. But at least the first questions are questions for present facts, and don't involve any big brother paranoia whatsoever. Thanks, Marcus _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
