Call for input to President's Commission on Enhancing Cybersecurity

juan juan.g71 at gmail.com
Tue Jul 19 20:46:32 PDT 2016 

On Tue, 19 Jul 2016 22:13:00 -0400
Steve Kinney <admin at pilobilus.net> wrote:

> Bridging the trust gap between the IT community and the US government
> is already a done deal, because there has never been one.  The U.S.
> government funded and directed the creation of the IT industry.


	^^^ quoted for truth 



> The U.S. government has not alienated the IT community:  It has
> shielded this community from liability for fraudulent performance
> claims, fed it billions of dollars of annual revenue, and given
> Fortune 500 IT corporations nearly full control of government policy
> affecting those same corporations.  


	so called patents and copyrights, i.e. government privileges, 
	play a fundamental role too.




> Mandate security evaluations based on performance and design metrics
> for all software (and firmware) purchased for use by government
> agencies and departments.  

	You do get a good amount of statist pig points for that one. 

	Actually, the government must stop buying stuff and must start
	giving back all the money they stole.


> 
> Mandate reporting of security incidents by every government activity,
> and every commercial enterprise with a State or Federal tax ID, 

	So yeah, statist bullshit.


> Direct the Federal Communication Commission to conduct and annually
> review studies on the privacy impacts, 

	And even more statist bullshit. 

	And of course I now have to ask. First you correctly explain
	the relationship between the 'industry' and the state and then
	expect the state to regulate it? What?



> See above.  A durable commitment of all necessary resources to assure
> that the measures suggested in response to query 2 are effectively
> implemented would create and sustain rational, constrained trust
> relationships affecting all those aspects of "cybersecurity" which are
> properly the government's business.

	So yeah, statist pig. 


> 
> A practicable proposal would be one that is within the scope of public
> policy authorities and industry capabilities:  Vendors who assert that
> requirements are "impossible" or simply refuse to comply will be
> replaced by vendors who are ready to step forward and meet any
> challenges presented.  Solutions to many of today's most serious and
> widespread network security failures are already avaialbe as off the
> shelf products from vendors with excellent security track records.

	such as?

More information about the cypherpunks mailing list