Kevin,We believe it is not or (trust-security-privacy) technology or contract or legal, it is and and and.Even more so these things need to be wireframed into one concerted techno-legal contractual framework.LukOn 21 Sep 2014, at 04:36, Kevin Cox < ');" target="_blank"> > wrote:We are building Welcomer using the ideas from the Live Web http://www.amazon.com/The-Live-Web-Event-Based-Connections/dp/1133686680 where the computational objects (Phils picos) are computers.As I read the article by Cory Doctorow http://boingboing.net/2012/08/23/civilwar.html refered to above, I realised we are facing the problem today with Welcomer - because we are creating and distributing "computers".We will publish the details of our computers by making our code open source with a licence. At the moment we are thinking of using the same licence as used by Apache because it allows some non essential parts to have a different licence. This is to cover the situation where we use other proprietary software as part of our solution. We would be interested to hear any thoughts on licensing that others might have.When two entities exchange private data then privacy has to be based on social contracts, not technological solutions, because once another entity has been given private information it is no longer private. So accordingly we do not sell computers; we facilitate the social contract made between the two entities when data is transferred between computers we operate for the entities, and we charge for that service. If either entity breaks the social contract and we find out about it, we first negotiate with the offending party to see if we can come to an accommodation and if that is not possible we limit our dealings with the offending party in a way that does not inconvenience others in the network. We tell others in the network what we have done and why.For Welcomer we expect the parties to the contracts to be apps developers and the parties who exchange data (organisations holding or receiving personal data and individuals).This way we are not dependent on external bodies or institutions to enforce the contracts others make and which we facilitate. That is we hope to assist the small part of the Internet involving us to be private by building privacy into the way our part of the system operates.KevinOn Sun, Sep 21, 2014 at 5:14 AM, Johannes Ernst < ');" target="_blank"> > wrote:Personally, I believe that Tim Cook is sincere. I think he believes what he said.
There more interesting question is whether he can have any confidence in his own belief.
E.g. consider http://www.heise.de/tp/artikel/5/5263/1.html -- look for the word "stunned".
And think of it as the "adversary". How would you go about subverting a product? It seems much easier to get some low-level minion to make a few little changes to the build process that, say, includes an extra key like this article alleges, than to go through the CEO who might as well put up a fight, given the resources they can throw at the problem. (unlike the minion)
The only thing I can think of, in terms of avoiding these kinds of things, as I said before, is 1. complete openness of source code and build process, 2. multiple reviewers residing in multiple, preferably slightly antagonistic, jurisdictions.
Cheers, (although it isn't a very cheerful subject)
Johannes.
On Sep 20, 2014, at 3:34, Doc Searls < ');" target="_blank"> > wrote:
> This is from a list I'm on: http://bit.ly/1qjFwM0 . Full text below.
>
> Here's Wikipedia on John Gilmore, who wrote it: http://en.wikipedia.org/wiki/John_Gilmore_(activist)
>
> Doc
>
>> From: "Dave Farber via ip" < ');" target="_blank"> >
>> Subject: [IP] new wiretap resistance in iOS 8? Why we believe apple
>> Date: September 20, 2014 at 7:54:13 AM GMT+1
>>
>> ---------- Forwarded message ----------
>> From: John Gilmore
>> Date: Saturday, September 20, 2014
>> Subject: Re: [Cryptography] new wiretap resistance in iOS 8?
>>
>>
>>>> Quoting from the new iOS 8 privacy policy announced tonight Wed Sep 17.
>>>>> Apple has no way to decrypt iMessage and FaceTime data when itœôòùs in
>>>>> transit between devices. So unlike other companie' messaging>
>>>>> services, Apple doesnœôòùt scan your communications, and we wouldnœôòùt be
>>>>> able to comply with a wiretap order even if we wanted to.
>>>> https://www.apple.com/privacy/privacy-built-in/
>>
>> And why do we believe them?
>>
>> * Because we can read the source code and the protocol descriptions
>> ourselves, and determine just how secure they are?
>>
>> * Because they're a big company and big companies never lie?
>>
>> * Because they've implemented it in proprietary binary software,
>> and proprietary crypto is always stronger than the company
>> claims it to be?
>>
>> * Because they can't covertly send your device updated software that
>> would change all these promises, for a targeted individual, or on
>> a mass basis?
>>
>> * Because you will never agree to upgrade the software on your
>> device, ever, no matter how often they send you updates?
>>
>> * Because this first release of their encryption software has no
>> security bugs, so you will never need to upgrade it to retain
>> your privacy?
>>
>> * Because if a future update INSERTS privacy or security bugs, we
>> will surely be able to distinguish these updates from future
>> updates that FIX privacy or security bugs?
>>
>> * Because if they change their mind and decide to lessen our privacy
>> for their convenience, or by secret government edict, they will
>> be sure to let us know?
>>
>> * Because they have worked hard for years to prevent you from
>> upgrading the software that runs on their devices so that YOU can
>> choose it and control it instead of them?
>>
>> * Because the US export control bureacracy would never try to stop
>> Apple from selling secure mass market proprietary encryption
>> products across the border?
>>
>> * Because the countries that wouldn't let Blackberry sell phones
>> that communicate securely with your own corporate servers,
>> will of course let Apple sell whatever high security non-tappable
>> devices it wants to?
>>
>> * Because we're apple fanboys and the company can do no wrong?
>>
>> * Because they want to help the terrorists win?
>>
>> * Because NSA made them mad once, therefore they are on the side
>> of the public against NSA?
>>
>> * Because it's always better to wiretap people after you convince
>> them that they are perfectly secure, so they'll spill all their
>> best secrets?
>>
>> There must be some other reason, I'm just having trouble thinking of it.
>>
>> John
>
> To me it's not about belief, but about placing bets. There is much to un-love about Apple, as John points out above. But there is more, in respect to privacy on one's phone, to un-love about other companies, including Google. Of course, that's arguable, and I'll take points from both sides. But I'd rather trust a company I'm paying for services than one that's selling me and my life to other companies, which is what B2B companies in the personalized advertising business do.
>
> My own preference, in the long run, is to have good, easy-to-use white-box (general purpose) phones and tablets that meet John's requirements. But we don't have those yet. (On the tablet front, Omie should be one: <http://customercommons.org/2013/04/25/meet-omie-a-truly-personal-mobile-device/>.)
>
> Meanwhile, Cory Doctorow does a good job unpacking the problem, and the basic conflicts we'll be in for a long time: <http://boingboing.net/2012/08/23/civilwar.html>.
>
> Doc
>
>
Archive powered by MHonArc 2.6.19.