Re: Feds tell Web firms to turn over user account passwords

[dropping crossposting lists]

On 07/26/2013 08:20 AM, Kingsley Idehen wrote:
> On 7/26/13 5:17 AM, Melvin Carvalho wrote:
>> http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/ 
>>
> Yep!
>
> In a centralized system, a Govt. can simply request (or covertly 
> demand) keys, passwords, and salt used for hashing.
>
> In a decentralized and distributed system they will have to ultimately 
> follow due process for accessing private property such as:
>
> 1. private keys
> 2. passwords
> 3. anything else.
>
>
> The problem is that myopic Web 2.0 patterns have created one hell of a 
> privacy mess, for all the wrong reasons. This isn't what the World 
> Wide Web was supposed to be delivering, far from it.
>
> Anyway, the net effect of all of this will be that Web 2.0 patterns 
> will now be seen for what they are i.e., utter rubbish that's 
> completely clueless when dealing with privacy and security matters.
>

I've said things a lot like this over the years, and I'm 100% in favor 
of decentralizing, but I'm no longer confident it'll reduce government 
access to personal data.   Yes, going from a handful of service 
providers to millions would make the job of obtaining keys harder, but I 
don't think it would make it much harder, not technically.   It would 
make it harder to keep secret, it's true. But now that this stuff isn't 
even plausibly deniable any more, the lawmakers basically have to decide 
whether to give the NSA the keys to everything or not.   If they decide 
to, then they can just demand that every Internet connected system have 
an NSA-approved back door.    Okay, that might be going a bit far, but 
I'm sure folks will be pushing for that, and we'll probably settle on a 
compromise that multiuser and/or commercial systems get a backdoor.   
And then when you let your kids use your phone, does it qualify as a 
multiuser system?

      -- Sandro

Received on Friday, 26 July 2013 13:13:52 UTC