On 21 November 2014 10:57, Joseph Bonneau <[email protected]> wrote: > While we're having Amateur Political Science Friday in this thread though, I > think it's an interesting question what "the right thing" to do is for > WhatsApp or any other provider facing demands to turn crypto off (or > severely weaken it) to get their app into country X. My initial reaction is > I'd like them to stand tall, refuse to modify their product and let it be > blocked. I can see an argument though that a better strategy is to comply at > first. If they stand tall, odds are some inferior local app will take their > place with terrible security that's totally controlled by the local > government. If they ship a weakened product, they may try to upgrade it > later after they've achieved substantial local deployment. Or they can > upgrade it quickly if the government falls or changes policy. On the other > hand, it's much likely to be much more visible (and unpopular) if country X > has to actively block foreign products with encryption. The governments in > China and Iran pay some political price for blocking Facebook, Twitter, etc. > > I'd probably still come down on the side of not shipping weakened products, > but I expect many companies will come to a different decision and it's > probably worthwhile for us to think technically about how to have the most > secure product while trying to accommodate constraints like this.
I think the number one factor that determines what they can/should/might do is whether or not they have employees or a legal venue in the country of question that can be threatened, imprisoned, or effectively sued/fined into nonexistence. If they do have such a presence, and want to make any sort of stand, their options are either to abandon their people, which would be a horrible decision in an of itself, or lay them off (or offer to relocate them). -tom _______________________________________________ Messaging mailing list [email protected] https://moderncrypto.org/mailman/listinfo/messaging
