Re: Feds tell Web firms to turn over user account passwords from Michał 'rysiek' Woźniak on 2013-07-30 (public-fedsocweb@w3.org from July 2013)

From: Michał 'rysiek' Woźniak <rysiek@fwioo.pl>
Date: Tue, 30 Jul 2013 09:43:24 +0200
To: public-fedsocweb@w3.org
Message-ID: <5023447.cHsDzE05Ie@laptosid>
Dnia niedziela, 28 lipca 2013 23:49:05 Sandro Hawke pisze:
> On 07/28/2013 05:06 PM, Melvin Carvalho wrote:
> > On 26 July 2013 15:13, Sandro Hawke <sandro@w3.org
> > 
> > <mailto:sandro@w3.org>> wrote:
> >     [dropping crossposting lists]
> >     
> >     On 07/26/2013 08:20 AM, Kingsley Idehen wrote:
> >         On 7/26/13 5:17 AM, Melvin Carvalho wrote:
> >             http://news.cnet.com/8301-13578_3-57595529-38/feds-tell-web-fi
> >             rms-to-turn-over-user-account-passwords/>         
> >         Yep!
> >         
> >         In a centralized system, a Govt. can simply request (or
> >         covertly demand) keys, passwords, and salt used for hashing.
> >         
> >         In a decentralized and distributed system they will have to
> >         ultimately follow due process for accessing private property
> >         such as:
> >         
> >         1. private keys
> >         2. passwords
> >         3. anything else.
> >         
> >         
> >         The problem is that myopic Web 2.0 patterns have created one
> >         hell of a privacy mess, for all the wrong reasons. This isn't
> >         what the World Wide Web was supposed to be delivering, far
> >         from it.
> >         
> >         Anyway, the net effect of all of this will be that Web 2.0
> >         patterns will now be seen for what they are i.e., utter
> >         rubbish that's completely clueless when dealing with privacy
> >         and security matters.
> >     
> >     I've said things a lot like this over the years, and I'm 100% in
> >     favor of decentralizing, but I'm no longer confident it'll reduce
> >     government access to personal data.   Yes, going from a handful of
> >     service providers to millions would make the job of obtaining keys
> >     harder, but I don't think it would make it much harder, not
> >     technically.   It would make it harder to keep secret, it's true.
> >     But now that this stuff isn't even plausibly deniable any more,
> >     the lawmakers basically have to decide whether to give the NSA the
> >     keys to everything or not. If they decide to, then they can just
> >     demand that every Internet connected system have an NSA-approved
> >     back door.    Okay, that might be going a bit far, but I'm sure
> >     folks will be pushing for that, and we'll probably settle on a
> >     compromise that multiuser and/or commercial systems get a
> >     backdoor.   And then when you let your kids use your phone, does
> >     it qualify as a multiuser system?
> > 
> > I've been thinking about this for a while.  I think the argument is
> > flawed.  And the reason is that technology tends to lead law.
> > Decentralization was fundamentally baked into the web as an axiom,
> > whereas if a lesser genius had designed it, it may have had more of a
> > centralized tree like structure.  Lawmakers have accepted the
> > decentralization of the web because the technology was there.  If we
> > had followed lawmakers we could have had SOPA and PIPA, but people
> > protested against that to keep the technology in place.  Lawmakers are
> > not as well aligned on this issue with technologists in terms of
> > protecting user's privacy rights (which are often constitutionally
> > defined).  I think it's the responsibility of technologies to create
> > tools that benefit society, and even to make things that they'd like
> > to use themselves.  As we've seen with the web, if it becomes popular,
> > the laws will follow.
> 
> Yeah, I've been thinking about it, too, and I think I overstated to
> case.     I sure hope so.    Anyway, we might as well do the best we can
> with the tech while we see what the lawmakers end up doing.

I feel that it is eerily inappropriate how both sides of the above discussion 
treat law as a some kind of external force of nature, as if we had absolutely 
no influence on it.

I understand from where this comes, but I believe we should embrace the fact 
that at some level the law of the land is the emanation of the will of the 
people (wow, that sounded daft). Of course there is corruption, and there are 
political agendas, etc., but at least that's the theory.

We are the technologically literate few. If we do not speak, if we do not act 
and try to *explain*, why some laws are stupid and dangerous, how can we 
expect the law to be sane? Once we start doing that, I believe we might all be 
better off.

It worked in Poland:
http://rys.io/en/109

-- 
Pozdrawiam
Michał "rysiek" Woźniak

Fundacja Wolnego i Otwartego Oprogramowania
Received on Tuesday, 30 July 2013 07:44:26 UTC