Re: Smart Contracts, DRM, etc // was Re: Don't cache things against content providers' wishes. Re: Draft finding - "Transitioning the Web to HTTPS" from Harry Halpin on 2015-01-21 (www-tag@w3.org from January 2015)

From: Harry Halpin <hhalpin@ibiblio.org>
Date: Wed, 21 Jan 2015 15:20:47 +0100
To: Marc Fawzi <marc.fawzi@gmail.com>
Cc: Yves Lafon <ylafon@w3.org>, Mark Nottingham <mnot@mnot.net>, Tim Berners-Lee <timbl@w3.org>, Mark Watson <watsonm@netflix.com>, Public TAG List <www-tag@w3.org>
Message-ID: <CAE1ny+4c5Z+4n0JgZT0vT9su4P9tnOCQq+2ULSUuWPnk+JpY7Q@mail.gmail.com>

On Wed, Jan 21, 2015 at 3:00 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
> <<
> As an architectural group, if you're pushing DRM for the Web, you're already
> enforcing law thru technology...
>
> Can you balance the equation and design a protocol that enforces privacy?
>>>
>
> To clarify. privacy is not strongly protected by law or else governments and
> corporations wouldn't be collecting, retaining and analyzing our private
> communication/data.
>
> But if privacy was to be strongly protected by law then how would you almost
> *strongly guarantee* it thru technology? Same for anything else that's being
> done that should not be legal. If DRM is OK to architect into the web, then
> so should privacy and everything else that should not be legal.
>
> And that's where the TAG is missing an opportunity IMO, focusing on
> corporate agenda (e.g. DRM) and not so much on working hard enough to
> guarantee the human rights of web users (primary among them is privacy) by
> creating strong guarantees in the web's security architecture for privacy,
> and acknowledging in the open all existing holes, and while supporting wire
> lawful use of tapping law. It's clear that the problem is bigger than the
> TAG's scope but it does not mean that the TAG cannot be a useful participant
> in solving it. You hold a position of leadership on architecture and are
> expected to help in not only aligning architecture with law but also
> advocating new laws where they're missing. Politicians don't even know what
> is possible in terms of *strong guarantees thru architecture* and what is
> not, and so what is being asked is to carry some of the educational burden
> and help shape the debate around laws that should be there that aren't (like
> privacy) and their technical enforceability.
>
> Things like:
> Stronger security layer (incl. acknowledging existing holes, and fixing
> them, ahead of adopting flawed protocols everywhere)
> Making things that should be prohibit by law extremely hard while educating
> and collaborating with EFF et al on the need for corresponding laws.
> Giving law enforcement lawful, selective wiretapping ability but only once
> privacy of the general public is guaranteed by law.... probably the
> thorniest issue but a must have for civil society to function
>
> Feel free to shoot the messenger.

I think Mark's work on TLS shows that the TAG is working on security.
We also have a W3C Privacy and Security Interest Group that we'd love
to have actionable and clear analysis of holes in the security of the
Web and how to fix them. You are free to join.

http://www.w3.org/Security/wiki/IG

Regarding the issue of laws, that is generally considered outside the
work of standards bodies, although there are cases like EME that seem
to cross that line by building technology that could be used to
selectively enforce particular laws around copyright, but EME (i.e.
DRM) - is not yet a W3C Recommendation.

That being said, the "Web We Want" campaign and Tim's idea of the
'magna carta' for the Web  is also trying to work to imagine what kind
of secure and privacy-protecting Web could be in the future, and
hopefully will be working towards a strategy on making that real:

https://webwewant.org/

Just pointing out that not everything is on the shoulders of the TAG
and there's plenty of room for good ideas to go into standards and in
political campaigns.

   cheers,
         harry

>
> Marc
>
> On Wed, Jan 21, 2015 at 5:19 AM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>>
>> Have you looked into Smart Contracts?
>>
>> http://en.wikipedia.org/wiki/Smart_contract
>>
>> As an architectural group, if you're pushing DRM for the Web, you're
>> already enforcing law thru technology...
>>
>> Can you balance the equation and design a protocol that enforces privacy?
>>
>>
>>
>> On Wed, Jan 21, 2015 at 1:59 AM, Yves Lafon <ylafon@w3.org> wrote:
>>>
>>> On Wed, 21 Jan 2015, Mark Nottingham wrote:
>>>
>>>>> Should it be illegal for an ISP to inject anything (like javascript) of
>>>>> any sort into anything (like http: HTML pages) ?
>>>>>
>>>>> Making it illegal doesn't stop the remote outright criminal or the
>>>>> oppressive regime.  But it stops corporations and institutions, like ISPs
>>>>> and SNSs and content providers in many countries.  It means that the
>>>>> incentives tip, can make the system run a whole lot more smoothly, and we
>>>>> can focus the energy and the technical measures more effectively.
>>>>
>>>>
>>>> It's tempting to suggest something like "Architecture of the World Wide
>>>> Web vol. 2: Law and the Web."  Is the TAG the right body to work on that?
>>>
>>>
>>> Which reminds me of the failed attempt at pushing
>>> http://www.w3.org/TR/publishing-linking/
>>>
>>> --
>>> Baroula que barouleras, au tiéu toujou t'entourneras.
>>>
>>>         ~~Yves
>>>
>>>
>>
>

Received on Wednesday, 21 January 2015 14:21:14 UTC