W3C home > Mailing lists > Public > public-credentials@w3.org > February 2016

Re: Rule of law

From: Steven Rowat <steven_rowat@sunshine.net>
Date: Sat, 20 Feb 2016 08:19:42 -0800
To: public-credentials@w3.org
Message-ID: <56C8921E.1080503@sunshine.net>
On 2/20/16 7:54 AM, Timothy Holborn wrote:
> Also note the use of the term "subject"[1]
>
> [1]
> http://www.wired.com/wp-content/uploads/2016/02/Apple-iPhone-access-MOTION-TO-COMPEL.pdf

Tim, just to clarify.... (that's a 35-page document, scanned and so 
non-searchable, which is a bit daunting without some other guidance).

You mean the use on page 3 of "...THE FBI'S SEARCH OF THE SUBJECT 
DEVICE..."  [caps original].  ?

Steven


>
>  On Fri, 19 Feb 2016 at 6:06 AM, Rob Trainer
> <rob.trainer@accreditrust.com
> <mailto:rob.trainer@accreditrust.com>> wrote:
>
> https://stratechery.com/2016/apple-versus-the-fbi-understanding-iphone-encryption-the-risks-for-apple-and-encryption/
>
>
____
>
> __ __
>
> *Rob Trainer | Vice President of Technology____*
>
> *Accreditrust Technologies, LLC____*
>
> C: 410.303.9303____
>
> E: rob.trainer@accreditrust.com
> <mailto:rob.trainer@accreditrust.com>____
>
> W: www.accreditrust.com <https://www.accreditrust.com/>____
>
> __ __
>
> TrueCred-Signature-Logo____
>
> __ __
>
> *From:*Timothy Holborn [mailto:timothy.holborn@gmail.com
> <mailto:timothy.holborn@gmail.com>] *Sent:* Thursday, February 18,
> 2016 1:50 PM *To:* Dave Longley <dlongley@digitalbazaar.com
> <mailto:dlongley@digitalbazaar.com>>; W3C Credentials Community
> Group <public-credentials@w3.org
> <mailto:public-credentials@w3.org>> *Subject:* Re: Rule of law____
>
> __ __
>
> Reviewing the TOS[1] I always find interesting,
>
> Yet essentially, the issue remains including but not exclusive to
> service operators / device vendors, et.al <http://et.al>.
>
> Whilst I entirely agree, accountability is v.important for
> law-enforcement, and, I'm not American, don't get to vote in the
> US, so, I prefer local context that enables me to lobby for changes
> to law should that be necessary; rule of law, kinda needs to be
> supported...
>
> The identifiers in this case include particular FBI representatives
> on particular machines carrying out particular tasks for a
> particular case, with particular court approvals, on a particular
> phone that has an array of other identifiers both identifying that
> Phone to be unique, and that it is indeed associated to the
> court-order related suspect (person).
>
> So, IMHO, there's enough keys there to make those old films scenes
> of the two keys turned simultaneously to launch the weapon, whether
> in submarine or otherwise, look kinda antiquated.
>
> You could put additional requirements, like sensor requirements -
> it needs to see a specially encoded 2d barcode, within a particular
> GPS location, etc. etc.
>
> It's not all or nothing, and any president would want it that way I
> imagine. We all want phones that don't get hacked, but we are
> subject to rule of law for which we are all accountable, no matter
> who we work for or what we do. Isn't that the theory?
>
> I also note, online child sexual exploitation law enforcement teams
> locally, apparently couldn't use semantic / image analytics to
> automatically flag content. If Interpol made that capability
> available, would you allow processing for specific use? Perhaps if
> the gov issue them a credential to including specified capabilities
> for which citizens have a right to fair trial / court / access to
> justice, etc.
>
> Is it Apple, Facebook, Google who that makes the decision about how
> image processing can be used? Do you need to send them your blood
> sample to have it checked? What ads do you get after you've got
> your blood tested? Insurance offers the same?
>
> Market based 'knowledge banking' providers, with really good
> outlines for data ownership.
>
> Yet if the law says 'you've been sent to war'.... If a judge says
> open it. Then to say it's all or nothing, seems incorrect...
>
> We've been working on solutions here... I guess they'll say, no
> solution currently available to market can solve this problem, or
> some similar thing?
>
> Meh.
>
>
> [1] http://images.apple.com/legal/sla/docs/iOS91.pdf____
>
> __ __
>
> On Fri, 19 Feb 2016 at 5:29 AM, Dave Longley
> <dlongley@digitalbazaar.com <mailto:dlongley@digitalbazaar.com>>
> wrote:____
>
> On 02/18/2016 12:50 PM, Timothy Holborn wrote:
>> So,
>>
>> I assume apple[1] can decrypt it.
>
> I think that's a big assumption. Have they said that? I don't know
> how they do their encryption, but if they are using symmetric
> encryption where the key is derived from a password only the user
> knows, then, no, they can't decrypt it. Unless the password is
> easily guessable, it's not feasible to brute force attack the
> encryption.
>
>> So, the issue is how to trust gov? Locally or internationally?
>>
>> Couldn't a bunch of approved credentials be used to present
> something
>> at the phone that in-turn allows that device to say,
> recognise the
>> president said - executive orders - open it.
>
> You could do two forms of encryption: one for the user and one
> using a public key owned and protected by the government. Of
> course, then the government can read everyone's private data.
>
> I suppose you could require a credential from a court (signed by
> the court's public key) indicating a court order was granted to
> the government in order to use their key to read the data ... but
> it's all a little unclear as to whether or not these protections
> would actually be followed, or rather, if they weren't, that a
> violation of them could be easily detected.
>
>
> -- Dave Longley CTO Digital Bazaar, Inc.
> http://digitalbazaar.com____
>
Received on Saturday, 20 February 2016 16:20:12 UTC

This archive was generated by hypermail 2.3.1 : Wednesday, 11 July 2018 21:19:27 UTC