it sounds like you don't get a choice about the latter though, so you may as well just say "no" to both 
-
-
Right, it's just a thought experiment. It will never happen, but if the USG committed to only using a lawful key escrow system, it might move the 0day market as billions of dollars fall out of it. Maybe that would have some benefits, but the economics seem complicated.
3 replies 0 retweets 8 likes -
Which legal systems? It’s entirely unrealistic to believe it would just be USG (just as it is any would promise and live up to promises not use zero days).
2 replies 0 retweets 1 like -
It's not just USG, but they sure are a big player. It would meaningfully move the market for sure. They could promise not to build a key escrow system and do it anyway, so that argument works both ways I think.
2 replies 0 retweets 0 likes -
There is no “market” where governments compete for which one keeps the most promises :)
1 reply 0 retweets 2 likes -
Honestly I also think there are legitimate cases where governments need zero days to do their jobs; if they did keep their empty promise not to use them I would not be happy.
1 reply 0 retweets 2 likes -
That's really interesting, it's not governments accessing data that bothers you, it really is literally the implementation details of that access. I guess that answers my question!
1 reply 0 retweets 1 like -
I think that is a fair summation of my position; one is at scale and largely impossible to defend against (legaly compelling) especially on a global scale and the other is natural law and impossible to prevent.
1 reply 0 retweets 3 likes -
I understand, but the counter argument would be there's no way for a government to hoard 0day without putting innocent people at risk (because you can't prevent other people discovering bugs and abusing them). This is why I don't like governments using 0day.
2 replies 0 retweets 2 likes -
Understood, but as a thought experiment would we need to write secure code if everyone agreed not to exploit bugs?
1 reply 0 retweets 1 like
I think USG dropping out of the 0day market would have a substantial market impact, and move incentives enough to improve security, but this is probably too complex to agree on! For the purpose of discussion, let's just say a treaty is signed or something. 
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.