While I was going to respond to the below, Nick Lamb has beaten me to it. I concur in full with the remarks in that reply.
We should not be picking national favorites as a root program. There's a whole world out there which must be supported. What we should be doing is ensuring that we know the parties involved, have mechanisms for monitoring their compliance, and have mechanisms for untrusting parties who misissue. On Wed, Feb 27, 2019 at 8:30 AM Alex Gaynor <agay...@mozilla.com> wrote: > (Writing in my personal capacity) > > I don't think this is well reasoned. There's several things going on here. > First, the United States government's sovereign jurisdiction has nothing to > do with any of these companies' business relationship with it. All would be > subject to various administrative and judicial procedures in any event. > Probably most relevantly, the All Writs Act (see; Apple vs FBI) -- although > it's not at all clear that it would extend to a court being able to compel > a CA to misissue. (Before someone jumps in to say "National Security > Letter", you should probably know that an NSL is an administrative subpoena > for a few specific pieces of a non-content metadata, not a magic catch all. > https://www.law.cornell.edu/uscode/text/18/2709). Again, none of which is > impacted by these company's being government contractors. > > Finally, I think there's a point that is very much being stepped around > here. The United States Government, including its intelligence services, > operate under the rule of law, it is governed by both domestic and > international law, and various oversight functions. It is ultimately > accountable to elected political leadership, who are accountable to a > democracy. The same cannot be said of the UAE, which is an autocratic > monarchy. Its intelligence services are not constrained by the rule of law, > and I think you see this reflected in the targetting of surveillance > described in the Reuters article: journalists, human rights activists, > political rivals. > > While it can be very tempting to lump all governments, and particularly > all intelligence services, into one bucket, I think it's important we > consider the variety of different ways such services can function. > > Alex > _______________________________________________ dev-security-policy mailing list dev-security-policy@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security-policy
