On Mon, 2005-11-07 at 21:01 +0100, Marcus Brinkmann wrote: > * What is the impact of not having the privacy requirements you want > to have? One recent case I can think of is viruses that send random > files to random people in your address book. What else is there?
Here is a more pertinent example: A while back there was a virus that was designed to exploit the check posting function of Quicken. It did this by writing electronic checks back to the virus author. The author, if I recall correctly, cleared several million dollars before being caught. Note that in the absence of enforceable privacy, this cannot be prevented, even if the check register is encrypted. Identity theft would be another example. > * More specifically: No popular system today provides this amount of > privacy. Why is this currently not widely perceived as a problem? > (This is another way of asking: Why are current systems not good > enough?) I believe that there are two reasons: 1. Most people just don't track this stuff at all until it hits them personally. For example, most people still don't think that identity theft is a big deal. I remember the Steve Jackson Games case with personal pain. I've spoken to the then-boss of the two secret service agents who arranged the raid -- they acted substantially beyond their authority, and she has nothing but disgust for those two individuals. Steve was essentially driven out of business in clear violation of US first amendment protections for publishers. Most people don't even know about the case at all, and they don't believe that it can happen to them. 2. Most people do not understand or care about the importance of civil liberties. The house of a colleague of mine was once a subject of a search where the warrant was clearly and unambiguously illegally obtained. The judge in the case *agreed* that the warrant was invalid, but admitted the evidence on the basis of his view that if the police wanted to search then there was probably adequate cause. The problem is that judges like this are very real, and in the face of such judges we cannot rely on the process of law to guard us. And the simple fact is that *everyone* has *something* in their house that can become an argument after the fact that something illegal was going on. This does not make us criminals, but it does make us subject to political pressure if we choose to be dissidents. > * What are the legal consequences of implementing or not implementing > this feature? In a system where the sysadmin can edit the content > of the machine, he may be liable. In a system where every change > can be (presumably) traced to me, _I_ am liable. How can I proof > that the machine was compromised if there is a strong scientific > argument that the machine is "safe"? This depends on your country, and in some cases your state. Today, I think that the answer is that there is no liability, as long as we are not knowingly and actively colluding in the commission of a crime (which, of course, we have no intention to do). > For completeness: If we build such a system, and it turns out to > _not_ be safe, are we programmers liable? Certainly we can't afford > to carry such a liability as free software hackers writing in our > spare time. No more so than Microsoft. > * How do we know that we really achieve privacy? If the > FBI/NSA/CIA/etc can install a cryptographic backdoor in TPM/TCPA > chips, it can probably replace the OS without revealing this > modification in the remote attestation protocol. Isn't it better to > openly not have privacy than to believe to have privacy without > actually having it? Of the groups you list, I am least worried about NSA. For FBI and CIA this is a serious concern, depending on the leadership and politics of the moment. The only answer here is that the balance of economic interests would make this very hard to execute, because the banking community and the computer security community would (and did) scream very loudly. Finally, the vendors know that even a *rumor* of such a collusion would destroy them in the marketplace. I think the real threat is from key escrow schemes rather than built-in compromise of the form you describe. And even if this actually occurs, at least it will be the case that the source of threat becomes known and narrowed. > Also, what happens if the FBI/NSA/CIA/etc does this, then uses my > account to attack some machines, and then sues me? (Ie, a > combination of the last two points). What is to stop them from doing this today? shap _______________________________________________ L4-hurd mailing list [email protected] http://lists.gnu.org/mailman/listinfo/l4-hurd
