- From: Sandro Hawke <sandro@w3.org>
- Date: Sun, 28 Jul 2013 23:49:05 -0400
- To: Melvin Carvalho <melvincarvalho@gmail.com>
- CC: Kingsley Idehen <kidehen@openlinksw.com>, "public-fedsocweb@w3.org" <public-fedsocweb@w3.org>
- Message-ID: <51F5E631.6070607@w3.org>
On 07/28/2013 05:06 PM, Melvin Carvalho wrote:
>
>
>
> On 26 July 2013 15:13, Sandro Hawke <sandro@w3.org
> <mailto:sandro@w3.org>> wrote:
>
> [dropping crossposting lists]
>
>
> On 07/26/2013 08:20 AM, Kingsley Idehen wrote:
>
> On 7/26/13 5:17 AM, Melvin Carvalho wrote:
>
> http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/
>
>
> Yep!
>
> In a centralized system, a Govt. can simply request (or
> covertly demand) keys, passwords, and salt used for hashing.
>
> In a decentralized and distributed system they will have to
> ultimately follow due process for accessing private property
> such as:
>
> 1. private keys
> 2. passwords
> 3. anything else.
>
>
> The problem is that myopic Web 2.0 patterns have created one
> hell of a privacy mess, for all the wrong reasons. This isn't
> what the World Wide Web was supposed to be delivering, far
> from it.
>
> Anyway, the net effect of all of this will be that Web 2.0
> patterns will now be seen for what they are i.e., utter
> rubbish that's completely clueless when dealing with privacy
> and security matters.
>
>
> I've said things a lot like this over the years, and I'm 100% in
> favor of decentralizing, but I'm no longer confident it'll reduce
> government access to personal data. Yes, going from a handful of
> service providers to millions would make the job of obtaining keys
> harder, but I don't think it would make it much harder, not
> technically. It would make it harder to keep secret, it's true.
> But now that this stuff isn't even plausibly deniable any more,
> the lawmakers basically have to decide whether to give the NSA the
> keys to everything or not. If they decide to, then they can just
> demand that every Internet connected system have an NSA-approved
> back door. Okay, that might be going a bit far, but I'm sure
> folks will be pushing for that, and we'll probably settle on a
> compromise that multiuser and/or commercial systems get a
> backdoor. And then when you let your kids use your phone, does
> it qualify as a multiuser system?
>
>
> I've been thinking about this for a while. I think the argument is
> flawed. And the reason is that technology tends to lead law.
> Decentralization was fundamentally baked into the web as an axiom,
> whereas if a lesser genius had designed it, it may have had more of a
> centralized tree like structure. Lawmakers have accepted the
> decentralization of the web because the technology was there. If we
> had followed lawmakers we could have had SOPA and PIPA, but people
> protested against that to keep the technology in place. Lawmakers are
> not as well aligned on this issue with technologists in terms of
> protecting user's privacy rights (which are often constitutionally
> defined). I think it's the responsibility of technologies to create
> tools that benefit society, and even to make things that they'd like
> to use themselves. As we've seen with the web, if it becomes popular,
> the laws will follow.
Yeah, I've been thinking about it, too, and I think I overstated to
case. I sure hope so. Anyway, we might as well do the best we can
with the tech while we see what the lawmakers end up doing.
-- Sandro
>
> -- Sandro
>
>
>
Received on Monday, 29 July 2013 03:49:15 UTC