I would like to add to this thread one thing: do not underestimate the arbitrariness by which people get called on to testify at Senate hearings. A careful, anaconda-like law enforcement agenda on encryption would be much better than the reality, which is most likely rule of derp
-
-
I think it’s good to avoid being a knowing instrument of derp and derp theatre. Which is what today was.
1 reply 0 retweets 2 likes -
Replying to @matthew_d_green @tqbf and
I'd be interested to know what you would have said in that context (I'm still working on an interminable article on this) that you feel was misleading or elided in the written statements or testimony. I realize that's a make-work tweet so please feel free to ignore
1 reply 0 retweets 1 like -
Some of what he said is right. But then he claims that CSAM scanning can he moved to the client in an offhand way, says we can do device encryption backdoors (“though with difficulty”), and his view on wiretapping is undefined except that 0days are currently sufficient.
2 replies 0 retweets 2 likes -
Replying to @matthew_d_green @Pinboard and
Whole thing about how tech companies haven’t thought hard enough about how they can get full device encryption while also getting law enforcement access, which he says we have good options for.
1 reply 0 retweets 2 likes -
Replying to @matthew_d_green @Pinboard and
Also, this whole debate ignores security controls implemented outside the context of major American phone firms Would escrow or shared access considerations be required to be coded into any version of Qubes anti-evil maid deployed in the US? https://www.qubes-os.org/doc/anti-evil-maid/ …
1 reply 0 retweets 0 likes -
Replying to @HarperMitchell @matthew_d_green and
Really hate the "evil maid" phrasing to be honest
2 replies 0 retweets 4 likes -
Replying to @Pinboard @matthew_d_green and
I didn't name it, just pointing out the existence of that pattern Saw a talk from someone this year who deploys laptops in that configuration for people under threat from malicious governments and organizations. Would they need to make special consideration for the US?
1 reply 0 retweets 0 likes -
Replying to @HarperMitchell @Pinboard and
Maybe there is an answer for that specific case that satisfies enough people to where the specific instance of a security control is not relevant to change the nature of proposed legislation. But there is still a question of "what parties can be compelled to cooperate"
1 reply 0 retweets 0 likes -
Replying to @HarperMitchell @Pinboard and
I know the folks at the Invisible Things Lab have a different threat model for law enforcement agencies than American law enforcement agencies have about themselves. What would the penalties for non-compliance be, and how would those penalties be enforced?
2 replies 0 retweets 0 likes
The whole debate right now suffers from a lack of imagination about what "law enforcement" means. US people just read it as "FBI", or if you're lucky, some wordly policymaker expands it in their mind to "British FBI"
-
-
Replying to @Pinboard @HarperMitchell and
I personally find that everything just sounds better when you append British to it. And not even solely because I parse every subsequent thing in a British accent in my head. So I dunno you might be on to something here.
0 replies 0 retweets 0 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.