Re: Feds tell Web firms to turn over user account passwords from Melvin Carvalho on 2013-07-26 (public-fedsocweb@w3.org from July 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 26 Jul 2013 16:35:15 +0200
To: Sandro Hawke <sandro@w3.org>
Cc: Kingsley Idehen <kidehen@openlinksw.com>, "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
Message-ID: <CAKaEYh+mz+TEtKKxyjzdCKuouPPafqqXxi7dxTr20Q_Fd=TZVg@mail.gmail.com>

On 26 July 2013 15:13, Sandro Hawke <sandro@w3.org> wrote:

> [dropping crossposting lists]
>
>
> On 07/26/2013 08:20 AM, Kingsley Idehen wrote:
>
>> On 7/26/13 5:17 AM, Melvin Carvalho wrote:
>>
>>> http://news.cnet.com/8301-**13578_3-57595529-38/feds-tell-**
>>> web-firms-to-turn-over-user-**account-passwords/<http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/>
>>>
>> Yep!
>>
>> In a centralized system, a Govt. can simply request (or covertly demand)
>> keys, passwords, and salt used for hashing.
>>
>> In a decentralized and distributed system they will have to ultimately
>> follow due process for accessing private property such as:
>>
>> 1. private keys
>> 2. passwords
>> 3. anything else.
>>
>>
>> The problem is that myopic Web 2.0 patterns have created one hell of a
>> privacy mess, for all the wrong reasons. This isn't what the World Wide Web
>> was supposed to be delivering, far from it.
>>
>> Anyway, the net effect of all of this will be that Web 2.0 patterns will
>> now be seen for what they are i.e., utter rubbish that's completely
>> clueless when dealing with privacy and security matters.
>>
>>
> I've said things a lot like this over the years, and I'm 100% in favor of
> decentralizing, but I'm no longer confident it'll reduce government access
> to personal data.   Yes, going from a handful of service providers to
> millions would make the job of obtaining keys harder, but I don't think it
> would make it much harder, not technically.   It would make it harder to
> keep secret, it's true. But now that this stuff isn't even plausibly
> deniable any more, the lawmakers basically have to decide whether to give
> the NSA the keys to everything or not.   If they decide to, then they can
> just demand that every Internet connected system have an NSA-approved back
> door.    Okay, that might be going a bit far, but I'm sure folks will be
> pushing for that, and we'll probably settle on a compromise that multiuser
> and/or commercial systems get a backdoor.   And then when you let your kids
> use your phone, does it qualify as a multiuser system?
>

What if we put the service provider inside the browser?


>
>      -- Sandro
>
>
>

Received on Friday, 26 July 2013 14:35:43 UTC