Hi Everyone! I'm sorry to barge in, especially with a message not quoted correctly, but I weight the thoughts a lot more than the format.
Warrant Canaries might not be a very wise choice, at least not in its most simple form. However, resent events in the world has shown everyone that having I project without a backdoor or (suspected) weak encryption, is a very strong positive, and my personal opinion is that the future will make it even more important. It could be a smart decision to build this "feature" into the product. - As the code is all open, you could make code review/code assessments by "external" people a part of the project, and simply see this as a feature itself. - ESF could bind themselves by ethical rules that forbids them to continue product support on "non secure" releases. How would anyone be able to prove what the code reviewers were "hinted" to review and by who. How would any agency be able to force ESF to break ethical rules, and order them to continue working on something that they have promised to stop working on when it no longer gives any meaning. However there is also a problem here, what if the governments/agencies wins this war, and laws are passed that "require" products to be "open" for the governments, there is a possibility for this scenario too, even if we don't like the sound if it, having a project that can't comply with current laws will definitely kill it. My English is bad, and this is just my thoughts, but they all have to do with the project, and what "features" we will/might find important in the future, so please be constructive. - Ulrik Lunddahl Fra: [email protected] [mailto:[email protected]] På vegne af Yehuda Katz Sendt: 11. oktober 2013 20:22 Til: pfSense support and discussion Emne: Re: [pfSense] naive suggestion: conform to US laws On Fri, Oct 11, 2013 at 1:41 PM, Thinker Rix <[email protected]<mailto:[email protected]>> wrote: Probably would not work (or would get whoever did that thrown in jail). This is similar to a Warrant Canary, but the USDoJ has indicated that Warrant Canaries would probably be grounds for prosecution of violation of the non-disclosure order. inspired by the keyword you dropped, I researched a little bit and found: https://en.wikipedia.org/wiki/Warrant_canary It seems that you are correct: What Adrian suggests, is called a Warrant canary. In the wikipedia article it says that: "The intention is to allow the provider to inform customers of the existence of a subpoena passively, without violating any laws. The legality of this method has not been tested in any court." Is that wrong or in conflict with what you wrote? I do not know of any prosecution for using a Warrant Canary, but that does not change whether the government would intend to prosecute it (and I have discussed it with lawyers in the DoJ and other areas). It just means that the situation has not come up: either because no place that uses a Warrant Canary has received a "secret order" or because no place that has received one has been willing to really use it as designed. This is what it boils down to: Do you want to go in front of a federal judge and say "I did not say we received a subpoena, I just stopped saying we did not receive one."? I know I would not want to. If anyone wants to talk more about Warrant Canaries, email me off the list. - Y
_______________________________________________ List mailing list [email protected] http://lists.pfsense.org/mailman/listinfo/list
