Re: Feds tell Web firms to turn over user account passwords from Kingsley Idehen on 2013-07-29 (public-fedsocweb@w3.org from July 2013)

From: Kingsley Idehen <kidehen@openlinksw.com>
Date: Mon, 29 Jul 2013 08:34:34 -0400
To: public-fedsocweb@w3.org
Message-ID: <51F6615A.3060006@openlinksw.com>
On 7/28/13 11:49 PM, Sandro Hawke wrote:
> On 07/28/2013 05:06 PM, Melvin Carvalho wrote:
>>
>>
>>
>> On 26 July 2013 15:13, Sandro Hawke <sandro@w3.org 
>> <mailto:sandro@w3.org>> wrote:
>>
>>     [dropping crossposting lists]
>>
>>
>>     On 07/26/2013 08:20 AM, Kingsley Idehen wrote:
>>
>>         On 7/26/13 5:17 AM, Melvin Carvalho wrote:
>>
>>             http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-firms-to-turn-over-user-account-passwords/
>>
>>
>>         Yep!
>>
>>         In a centralized system, a Govt. can simply request (or
>>         covertly demand) keys, passwords, and salt used for hashing.
>>
>>         In a decentralized and distributed system they will have to
>>         ultimately follow due process for accessing private property
>>         such as:
>>
>>         1. private keys
>>         2. passwords
>>         3. anything else.
>>
>>
>>         The problem is that myopic Web 2.0 patterns have created one
>>         hell of a privacy mess, for all the wrong reasons. This isn't
>>         what the World Wide Web was supposed to be delivering, far
>>         from it.
>>
>>         Anyway, the net effect of all of this will be that Web 2.0
>>         patterns will now be seen for what they are i.e., utter
>>         rubbish that's completely clueless when dealing with privacy
>>         and security matters.
>>
>>
>>     I've said things a lot like this over the years, and I'm 100% in
>>     favor of decentralizing, but I'm no longer confident it'll reduce
>>     government access to personal data.   Yes, going from a handful
>>     of service providers to millions would make the job of obtaining
>>     keys harder, but I don't think it would make it much harder, not
>>     technically.   It would make it harder to keep secret, it's true.
>>     But now that this stuff isn't even plausibly deniable any more,
>>     the lawmakers basically have to decide whether to give the NSA
>>     the keys to everything or not.   If they decide to, then they can
>>     just demand that every Internet connected system have an
>>     NSA-approved back door.    Okay, that might be going a bit far,
>>     but I'm sure folks will be pushing for that, and we'll probably
>>     settle on a compromise that multiuser and/or commercial systems
>>     get a backdoor.   And then when you let your kids use your phone,
>>     does it qualify as a multiuser system?
>>
>>
>> I've been thinking about this for a while.  I think the argument is 
>> flawed.  And the reason is that technology tends to lead law.  
>> Decentralization was fundamentally baked into the web as an axiom, 
>> whereas if a lesser genius had designed it, it may have had more of a 
>> centralized tree like structure.  Lawmakers have accepted the 
>> decentralization of the web because the technology was there.  If we 
>> had followed lawmakers we could have had SOPA and PIPA, but people 
>> protested against that to keep the technology in place.  Lawmakers 
>> are not as well aligned on this issue with technologists in terms of 
>> protecting user's privacy rights (which are often constitutionally 
>> defined).  I think it's the responsibility of technologies to create 
>> tools that benefit society, and even to make things that they'd like 
>> to use themselves.  As we've seen with the web, if it becomes 
>> popular, the laws will follow.
>
> Yeah, I've been thinking about it, too, and I think I overstated to 
> case.     I sure hope so.    Anyway, we might as well do the best we 
> can with the tech while we see what the lawmakers end up doing.
>
>         -- Sandro

Remember, there is no law that mandates storage of data in unencrypted 
form. It just so happens that the Web 2.0 brigade decided to impose that 
on their user base. I still can't even believe the ex. head of the CIA 
would actually use GMAIL let alone end up where he did, since GMAIL 
won't support S/MIME due to the effect it would have on their business 
model (viewing your email and inserting ADs).

If I recall, it is illegal to open mail as they travel from source to 
destination. It is even illegal to open someone's mailbox without their 
permission.

In my eyes, the Govt. isn't totally at fault in this complex privacy 
matter. The tech firms that lure users into their privacy challenged Web 
2.0 solutions have a lot to answer for -- since they are the one's that 
have actually compromised the privacy of their users.


Kingsley
>
>
>>
>>          -- Sandro
>>
>>
>>
>


-- 

Regards,

Kingsley Idehen	
Founder & CEO
OpenLink Software
Company Web: http://www.openlinksw.com
Personal Weblog: http://www.openlinksw.com/blog/~kidehen
Twitter/Identi.ca handle: @kidehen
Google+ Profile: https://plus.google.com/112399767740508618350/about
LinkedIn Profile: http://www.linkedin.com/in/kidehen
Attachments

application/pkcs7-signature attachment: S/MIME Cryptographic Signature
Received on Monday, 29 July 2013 12:35:25 UTC