[liberationtech] Bellovin, Blaze, Clark, Landau
Tom Ritter
tom at ritter.vg
Fri Feb 8 13:35:08 PST 2013
When law enforcement relies on vulnerabilities in the system (be it
protocols, operating systems, applications, or web sites), they are
incentivized to keep it insecure. If it were secure, how would they
get in?
Would the FBI patch their own systems against the bugs they know
about? How would they control that information across all their
systems? (This is an old hackers' puzzle: if you had an OpenSSH 0day,
would you patch yourself against it?)
If I were a communications provider (e.g. Silent Circle), and I found
that the FBI was hacking me to learn customer data... what is my
recourse? To borrow from the CFAA, the FBI is certainly performing
unauthorized access or exceeding authorized access to a computer
system. Am I allowed to kick them out? Sue them? What if they
accidently crash a system because they're crappy exploit writers?
Just like when Matt Blaze wrote it in Wired, this feels like a
mistimed April Fools joke.
-tom
--
Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
More information about the cypherpunks-legacy
mailing list