On Mon, Jul 1, 2013 at 4:57 PM, grarpamp <grarp...@gmail.com> wrote: >> And when LEA >> get caught doing this nothing terribly bad happens to LEA (no officers >> go to prison, for example). > > It is often in the interest/whim of the executive to decline to > prosecute its own, > even if only to save embarassment, so many of these cases will never see a > jury. > That's why you need citizen prosecutors who can bring cases before both grand > and final jury. For example, how many times have you seen a LE vehicle failing > to signal, speeding/reckless, with broken running lights, etc... now > try to criminally > (not administratively) prosecute that just as you might be prosecuted for > same.
I'd love to see proposals for how to criminal prosecutions by the public would work. >> their own secrecy is the best and >> strongest (though even then, not fail-safe) guaranty of non-use for >> criminal investigations. > > Didn't the requisite construction of plausible paths from tainted seed just > get covered. So, No! The only guaranty against secret taint is transparency. > Try removing the 'non-' next time. Sometimes it's easy to cover up, sometimes it's not. If you look at how the Allies used their cryptanalytic breaks in WWII you'll see that they made sparing use of their sigint obtained that way -- they had to be very careful when to act and when not to act on it, and when they did they had to take extra steps to make the enemy to believe other avenues to be plausible. Transparency is nice, but the thing is: I don't think you can keep a PRISM-like system secure from being abused by analysts and sysadmins, much less by political appointees, and I think it's harder still to pull that off if its existence is public knowledge. Whereas the incentive to keep the secret from spilling is so strong that it should act as a moderator on its operators. That incentive is lost once the program is public, and then transparency isn't enough: there's always going to be ways to game the controls, and those controls will never be as strong as the need to keep the program secret had been. I could be wrong though. It might well be that in practice there's no difference between abuse potential when the program was secret vs. now that it's public, in which case it's clearly better that it be known to the public. But my instinct tells me otherwise, and that's not a defense of the program, just... paradoxical, ironic. Nico -- _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
