it sounds like you don't get a choice about the latter though, so you may as well just say "no" to both 
-
-
Right, it's just a thought experiment. It will never happen, but if the USG committed to only using a lawful key escrow system, it might move the 0day market as billions of dollars fall out of it. Maybe that would have some benefits, but the economics seem complicated.
3 replies 0 retweets 8 likes -
Which legal systems? It’s entirely unrealistic to believe it would just be USG (just as it is any would promise and live up to promises not use zero days).
2 replies 0 retweets 1 like -
It's not just USG, but they sure are a big player. It would meaningfully move the market for sure. They could promise not to build a key escrow system and do it anyway, so that argument works both ways I think.
2 replies 0 retweets 0 likes -
There is no “market” where governments compete for which one keeps the most promises :)
1 reply 0 retweets 2 likes -
Honestly I also think there are legitimate cases where governments need zero days to do their jobs; if they did keep their empty promise not to use them I would not be happy.
1 reply 0 retweets 2 likes -
That's really interesting, it's not governments accessing data that bothers you, it really is literally the implementation details of that access. I guess that answers my question!
1 reply 0 retweets 1 like -
I think that is a fair summation of my position; one is at scale and largely impossible to defend against (legaly compelling) especially on a global scale and the other is natural law and impossible to prevent.
1 reply 0 retweets 3 likes -
I understand, but the counter argument would be there's no way for a government to hoard 0day without putting innocent people at risk (because you can't prevent other people discovering bugs and abusing them). This is why I don't like governments using 0day.
2 replies 0 retweets 2 likes -
if you can't sell your vulnerabilities to governments, aren't there fewer people looking for them now? so the bugs still aren't getting fixed.
2 replies 0 retweets 3 likes
There's fewer people looking, but the people no longer looking were exploiting them. The bugs are getting fixed, buying us some time to get there is positive.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.