Eliot On Sat Mar 28 03:08:45 2015 GMT, Eliot Lear wrote: > Hi, > > It seems to me that having an honest discussion about our biases, goals, > and assumptions might help. > > My goal: I want the Internet to continue to grow in a safe way. It > can't do that if people don't trust the infrastructure. There are EU > studies that discuss what happens when people experience some form of > harm on the Internet.[1] Encryption has played a role in reducing that > harm. But it can also increase harm for the very reasons stated in that > article. Not acknowledging this would be absurd. > > Please now see below. > > On 3/26/15 9:42 PM, Stephen wrote: > > >> Better said, and at effective length, by David Golumbia > >> > >> Opt-Out Citizenship: End-to-End Encryption and > >> Constitutional Governance > >> http://www.uncomputing.org/?p=272 > > Had a quick flick. Arguments based on a presumption of "perfect > > end-to-end encryption" are utterly useless as they are counterfactual. > > Anything one likes can follow from a false assumption like that. > > > > Let me see if I understand this statement correctly: this group is > working toward a world in which we encrypt our communications, and when > someone discusses what that world might look like, you claim it's > "counterfactual"? That's not a reasonable argument.
We disagree. All arguments of the form "the *perfect* thing I dislike has this downside" are bogus. And we simply do not (yet) know how how do do even imperfect but usable e2e security for interpersonal messaging at scale. The article is fatally flawed. S. > > Ted claims that the author argues that there is no need for a right to > privacy. I didn't read that in the article at all, but rather that the > Constitution must be taken as a whole: the same document that protects > our rights also provides various balancing tests to protect the rights > of others. > > On the other hand, the piece missing from that article is the need for > confidence in the infrastructure, and Ted goes in this direction: if you > give the good guys means to gain access to communications, in all > likelihood you're giving the bad guys those very same capabilities. > That has been the cornerstone of the IETF position for a very long time, > and it holds for whatever definition of "good guys" and "bad guys" you > might have. Weakening end-to-end encryption weakens confidence in the > infrastructure. This guy doesn't care because his focus is about the > balance of needs from a legal sense. But these issues cannot be viewed > in isolation from one another. > > Eliot > [1] Riek, et. al, /Understanding the Influence of Cybercrime Risk on the > E-Service Adoption of European Internet Users/, WEIS 2014. > http://weis2014.econinfosec.org/papers/RiekBoehmeMoore-WEIS2014.pdf > > _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
