Re: Smart Contracts, DRM, etc // was Re: Don't cache things against content providers' wishes. Re: Draft finding - "Transitioning the Web to HTTPS"

Tim is definitely clear minded about the bugger picture. Good to hear about the efforts in the background.

If we had corporate or NGO sponsorship of "securing the web" similar to corporate sponsorship of TAG's work we can get you one of the nation's brightest and most experienced security researchers to provide clear and actionable analysis of the "potentially many" existing holes.  Without that it would be work in the public interest and unfortunately not everyone is so willing to donate free time. It's no different than asking a developer to code a challenging application or release in public some secret sauce paid for by other clients. TAG has to specifically seek out top security researchers at existing large companies and nominate for membership. If you like referrals I can provide at least one great choice if not many.


Sent from my iPhone

> On Jan 21, 2015, at 6:20 AM, Harry Halpin <hhalpin@ibiblio.org> wrote:
> 
>> On Wed, Jan 21, 2015 at 3:00 PM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>> <<
>> As an architectural group, if you're pushing DRM for the Web, you're already
>> enforcing law thru technology...
>> 
>> Can you balance the equation and design a protocol that enforces privacy?
>> 
>> To clarify. privacy is not strongly protected by law or else governments and
>> corporations wouldn't be collecting, retaining and analyzing our private
>> communication/data.
>> 
>> But if privacy was to be strongly protected by law then how would you almost
>> *strongly guarantee* it thru technology? Same for anything else that's being
>> done that should not be legal. If DRM is OK to architect into the web, then
>> so should privacy and everything else that should not be legal.
>> 
>> And that's where the TAG is missing an opportunity IMO, focusing on
>> corporate agenda (e.g. DRM) and not so much on working hard enough to
>> guarantee the human rights of web users (primary among them is privacy) by
>> creating strong guarantees in the web's security architecture for privacy,
>> and acknowledging in the open all existing holes, and while supporting wire
>> lawful use of tapping law. It's clear that the problem is bigger than the
>> TAG's scope but it does not mean that the TAG cannot be a useful participant
>> in solving it. You hold a position of leadership on architecture and are
>> expected to help in not only aligning architecture with law but also
>> advocating new laws where they're missing. Politicians don't even know what
>> is possible in terms of *strong guarantees thru architecture* and what is
>> not, and so what is being asked is to carry some of the educational burden
>> and help shape the debate around laws that should be there that aren't (like
>> privacy) and their technical enforceability.
>> 
>> Things like:
>> Stronger security layer (incl. acknowledging existing holes, and fixing
>> them, ahead of adopting flawed protocols everywhere)
>> Making things that should be prohibit by law extremely hard while educating
>> and collaborating with EFF et al on the need for corresponding laws.
>> Giving law enforcement lawful, selective wiretapping ability but only once
>> privacy of the general public is guaranteed by law.... probably the
>> thorniest issue but a must have for civil society to function
>> 
>> Feel free to shoot the messenger.
> 
> I think Mark's work on TLS shows that the TAG is working on security.
> We also have a W3C Privacy and Security Interest Group that we'd love
> to have actionable and clear analysis of holes in the security of the
> Web and how to fix them. You are free to join.
> 
> http://www.w3.org/Security/wiki/IG
> 
> Regarding the issue of laws, that is generally considered outside the
> work of standards bodies, although there are cases like EME that seem
> to cross that line by building technology that could be used to
> selectively enforce particular laws around copyright, but EME (i.e.
> DRM) - is not yet a W3C Recommendation.
> 
> That being said, the "Web We Want" campaign and Tim's idea of the
> 'magna carta' for the Web  is also trying to work to imagine what kind
> of secure and privacy-protecting Web could be in the future, and
> hopefully will be working towards a strategy on making that real:
> 
> https://webwewant.org/
> 
> Just pointing out that not everything is on the shoulders of the TAG
> and there's plenty of room for good ideas to go into standards and in
> political campaigns.
> 
>   cheers,
>         harry
> 
>> 
>> Marc
>> 
>>> On Wed, Jan 21, 2015 at 5:19 AM, Marc Fawzi <marc.fawzi@gmail.com> wrote:
>>> 
>>> Have you looked into Smart Contracts?
>>> 
>>> http://en.wikipedia.org/wiki/Smart_contract
>>> 
>>> As an architectural group, if you're pushing DRM for the Web, you're
>>> already enforcing law thru technology...
>>> 
>>> Can you balance the equation and design a protocol that enforces privacy?
>>> 
>>> 
>>> 
>>>> On Wed, Jan 21, 2015 at 1:59 AM, Yves Lafon <ylafon@w3.org> wrote:
>>>> 
>>>> On Wed, 21 Jan 2015, Mark Nottingham wrote:
>>>> 
>>>>>> Should it be illegal for an ISP to inject anything (like javascript) of
>>>>>> any sort into anything (like http: HTML pages) ?
>>>>>> 
>>>>>> Making it illegal doesn't stop the remote outright criminal or the
>>>>>> oppressive regime.  But it stops corporations and institutions, like ISPs
>>>>>> and SNSs and content providers in many countries.  It means that the
>>>>>> incentives tip, can make the system run a whole lot more smoothly, and we
>>>>>> can focus the energy and the technical measures more effectively.
>>>>> 
>>>>> 
>>>>> It's tempting to suggest something like "Architecture of the World Wide
>>>>> Web vol. 2: Law and the Web."  Is the TAG the right body to work on that?
>>>> 
>>>> 
>>>> Which reminds me of the failed attempt at pushing
>>>> http://www.w3.org/TR/publishing-linking/
>>>> 
>>>> --
>>>> Baroula que barouleras, au tiƩu toujou t'entourneras.
>>>> 
>>>>        ~~Yves
>> 

Received on Wednesday, 21 January 2015 17:02:22 UTC