- From: Melvin Carvalho <melvincarvalho@gmail.com>
- Date: Sun, 28 Jul 2013 23:06:32 +0200
- To: Sandro Hawke <sandro@w3.org>
- Cc: Kingsley Idehen <kidehen@openlinksw.com>, "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
- Message-ID: <CAKaEYhL-MYpb4z=3CQCsKUo-trszRA0AjwLD_MzndCT2QC+KXA@mail.gmail.com>
On 26 July 2013 15:13, Sandro Hawke <sandro@w3.org> wrote: > [dropping crossposting lists] > > > On 07/26/2013 08:20 AM, Kingsley Idehen wrote: > >> On 7/26/13 5:17 AM, Melvin Carvalho wrote: >> >>> http://news.cnet.com/8301-**13578_3-57595529-38/feds-tell-** >>> web-firms-to-turn-over-user-**account-passwords/<http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/> >>> >> Yep! >> >> In a centralized system, a Govt. can simply request (or covertly demand) >> keys, passwords, and salt used for hashing. >> >> In a decentralized and distributed system they will have to ultimately >> follow due process for accessing private property such as: >> >> 1. private keys >> 2. passwords >> 3. anything else. >> >> >> The problem is that myopic Web 2.0 patterns have created one hell of a >> privacy mess, for all the wrong reasons. This isn't what the World Wide Web >> was supposed to be delivering, far from it. >> >> Anyway, the net effect of all of this will be that Web 2.0 patterns will >> now be seen for what they are i.e., utter rubbish that's completely >> clueless when dealing with privacy and security matters. >> >> > I've said things a lot like this over the years, and I'm 100% in favor of > decentralizing, but I'm no longer confident it'll reduce government access > to personal data. Yes, going from a handful of service providers to > millions would make the job of obtaining keys harder, but I don't think it > would make it much harder, not technically. It would make it harder to > keep secret, it's true. But now that this stuff isn't even plausibly > deniable any more, the lawmakers basically have to decide whether to give > the NSA the keys to everything or not. If they decide to, then they can > just demand that every Internet connected system have an NSA-approved back > door. Okay, that might be going a bit far, but I'm sure folks will be > pushing for that, and we'll probably settle on a compromise that multiuser > and/or commercial systems get a backdoor. And then when you let your kids > use your phone, does it qualify as a multiuser system? > I've been thinking about this for a while. I think the argument is flawed. And the reason is that technology tends to lead law. Decentralization was fundamentally baked into the web as an axiom, whereas if a lesser genius had designed it, it may have had more of a centralized tree like structure. Lawmakers have accepted the decentralization of the web because the technology was there. If we had followed lawmakers we could have had SOPA and PIPA, but people protested against that to keep the technology in place. Lawmakers are not as well aligned on this issue with technologists in terms of protecting user's privacy rights (which are often constitutionally defined). I think it's the responsibility of technologies to create tools that benefit society, and even to make things that they'd like to use themselves. As we've seen with the web, if it becomes popular, the laws will follow. > > -- Sandro > > >
Received on Sunday, 28 July 2013 21:07:01 UTC