My point is that 0day hoarding is absolutely inevitable. No matter how many key escrow systems you mandate. There will always be an abundance of criminals that don’t use the key escrow system (which right now is as simple as downloading an app) or who just store data locally.
-
-
Replying to @matthew_d_green @rmhrisk and
It's not inevitable at all, the government is big enough to move markets and a shift in policy can drastically change the risks people are exposed to. I'm not in favour of key escrow, but encouraging more government exploit usage is even worse.
2 replies 0 retweets 2 likes -
Replying to @taviso @matthew_d_green and
Let me clarify something, are you in favour of the *results* of key escrow (e.g. state access to private data), so long as something other than key escrow is used to achieve that?
3 replies 2 retweets 1 like -
So let me answer your first question with a question: if Western governments mandate key escrow, will the government of UAE be able to use it under the UAE’s legal regime? If yes, then I *am* objectively uncomfortable with key escrow. If no, hello lucrative 0day market.
2 replies 1 retweet 12 likes -
Replying to @matthew_d_green @rmhrisk and
Let's avoid the slippery slope argument (i.e. if one government has key escrow, then they all must) for the purposes of discussion. Do you agree that fixing vulnerabilities is a good thing, or should they be hoarded so that key escrow isn't necessary?
2 replies 0 retweets 1 like -
It’s not a slippery slope argument. Your thought experiment is that the existence of key escrow could wipe out the 0day demand. I think that won’t happen, and the UAE not having access is one example of why it will not. (And giving access to the UAE seems a bad compromise.)
3 replies 0 retweets 15 likes -
Replying to @matthew_d_green @taviso and
Once the capability is there, access will be demanded by every country in which these companies want to sell their devices. So yeah, China, Russia, UAE, etc will demand lawfull access too.
2 replies 0 retweets 2 likes -
Replying to @paulpols @matthew_d_green and
And you can’t place the burden to decide which countries are “good enough for lawful access” on these companies, because their incentives are not aligned properly (money will influence this decision).
1 reply 0 retweets 2 likes -
Replying to @paulpols @matthew_d_green and
I'd rather not get into the slippery slope argument, but "these companies" already get to decide who has access. For example, wasn't it BlackBerry who agreed to give India key escrow? Nothing is stopping other vendors doing the same thing.
2 replies 0 retweets 0 likes -
Replying to @taviso @matthew_d_green and
I don’t see it as a slippery slope argument, I’d say you have to weigh the LE benefits in democratic nations against the foreseeable consequences in less democratic nations.
1 reply 0 retweets 0 likes
That is precisely a slippery slope argument, you're saying "If the US has key escrow, then other nations must also have it", right? "If I let you in, then I'll have to let everyone else in" is the classic example of a slippery slope, isn't it?
-
-
Replying to @taviso @matthew_d_green and
The rule will be: if its technically feasible then lawful access should be granted according to the law of the land. It’s not a slippery slope, it’s the starting point.
0 replies 0 retweets 2 likesThanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.