|
I’m interested in people’s agreement (or not) with Peter here. Seems to me it’s a pretty fundamental point, and much as I hate it, I’ve come to similar conclusions. Being connected really does
expand the abilities of a power who wishes us harm. So I wonder: if we continue to be connected, and fear the arbitrary exercise of power against us, whether two things might be the
most effective internet-age protection: -
A broad social footprint/reach – worst case, the lonely can be made to disappear without a ripple -
Distributed audit trails of information about us and our history: worst case, it’s hard to adjust (records of) reality
when they’re many and various. (Ok, I am imagining the worst of worst cases, where some power goes to great lengths against us. But I’d have thought that’s the
ultimate point.) Is this, maybe, analogous to protection via press freedom? Accountability resting on ineradicable exposure?
If so, it’s (ironically) a kind of anti-privacy remedy – that is, a remedy that relies precisely on
not being private, in the disconnected-and-nobody-knows-you sense. But it’s a very specific sort of anti-privacy. I wonder what we could do to implement this kind of ‘safety net’ anti-privacy?
Could we do that whilst still protecting (data about) my personal realm from unauthorised disclosure? That’s where Dan’s post comes
in, I think. Maybe that’s the political challenge of the digital age. We need to settle disclosure into separate branches, in order to maintain
liberty. Or something like that. Cheers, Aaron From: Peter Cranstone [mailto:
]
Dan, The problem is adoption and user behavior - Govt.'s trump both of those. Whatever new standard/encryption scheme somebody comes up with would have to vetted by
the experts and that would take years. Govt.'s have unlimited resources, the Patriot Act and the ability to pass into law whatever they need. There is NO such thing anymore as Privacy/security. It's just an illusion. Unless you completely disconnect from the world (not possible) you can always be tracked.
HTTPS doesn't stop anybody determined enough, nor does AES. We are all connected for better or worse - we should accept reality as it is, and look for new ways to allow consumers to be in control of the collection, flow and use of their data. We need to stop thinking of ourselves as islands - the Internet connected every island and therefore to interact we must share - and for 99% of the time HTTPS
is good enough. For those who want more privacy disconnect - but it's lonely world. Peter
From:
Dan Blum <
">
> After revelations of NSA's Bullrun exploits against
commercial cryptography, I'm hearing questions from partners in the emerging personal cloud ecosystem about whether they should build alternatives to HTTPS/SSL/TLS into their privacy-enabling products. Enterprise security staff and individuals are also re-evaluating
what products and protocols can still be trusted, and what to build into their long plans. In the following post "Do
We Need an Alternative to HTTPS and TLS for Transport Layer Security?" I share some brief analysis of this issue and also am looking for any comments. Best regards, Dan Blum Respect Network @danblumSS |
Archive powered by MHonArc 2.6.19.