Ancestors

Written by Poul-Henning Kamp on 2024-10-06 at 20:00

@mattblaze @SteveBellovin

If your solution only works for USA, law enforcement in other countries will keep pestering their legislators, and the big heavy in this space is EU, which is not afraid to regulate tech.

You're simply barking up the wrong tree: The cat is at EU's top.

And EU's "solution" whatever it becomes, has to work for Luxembourg and Denmark too.

So if you're suddenly bored now, may I suggest you think about solutions which work for both USA and EU ?

=> More informations about this toot | More toots from bsdphk@fosstodon.org

Toot

Written by Poul-Henning Kamp on 2024-10-06 at 20:03

@mattblaze @SteveBellovin

Personally I expect all three of us will hate EU's "solution" when it lands.

But that's what we get, when people who might come up with something better either refuse "to dirty themselves with politics", or think that if they solve the problem for FBI in USA, that'll work just as well in the rest of the world.

But yeah, I get it, you "solved" the problem already, and now you're "bored"...

=> More informations about this toot | More toots from bsdphk@fosstodon.org

Descendants

Written by Steve Bellovin on 2024-10-07 at 00:19

@bsdphk @mattblaze Let me try one more time.

1. We analyzed this from a US legal perspective because we're not qualified to speak about other legal systems. We're only marginally qualified to speak on US law; we're not lawyers.

2. Law enforcement will do anything they legally can. US law enforcement was hacking long before our paper (https://en.wikipedia.org/wiki/Magic_Lantern_(spyware))

3. Our papers say "this is and will be good enough; don't mandate back doors which will make things worse. Also, report holes."

1/

=> More informations about this toot | More toots from SteveBellovin@mastodon.lawprofs.org

Written by Steve Bellovin on 2024-10-07 at 00:27

@bsdphk @mattblaze 4) We're not, in fact, fond of law enforcement hacking;see, e.g., https://www.cs.columbia.edu/~smb/papers/rsearch.pdf. We do regard it as better than alternatives like mandated back doors.

2/

=> More informations about this toot | More toots from SteveBellovin@mastodon.lawprofs.org

Written by Steve Bellovin on 2024-10-07 at 00:29

@bsdphk @mattblaze 5) The US doesn't have one police force (the FBI), it has the FBI (and several other national police forces) and 50 states, each with many cities with its own. Per Wikipedia, about 30 US states have a smaller population than Denmark. I suspect that most are poorer, too. The FBI can aid these states (see ¶106). Could the EU provide such assistance? The EU and the US have comparable GDPs.

3/

=> More informations about this toot | More toots from SteveBellovin@mastodon.lawprofs.org

Written by Steve Bellovin on 2024-10-07 at 00:32

@bsdphk @mattblaze 6) Our paper was a framework for restricting hacking and providing for reporting vulnerabilities. In other words, it's strictly better than today's situation, where (in the US) there is not quite explicit statutory permission (that's a complicated question…) and no mandate or even central policy for reporting. And it was intended to head off back doors. I'd love to see a proposal for an EU regulation along those lines, but I'm not qualified to do it.

I have no more to say

/end

=> More informations about this toot | More toots from SteveBellovin@mastodon.lawprofs.org

Written by Poul-Henning Kamp on 2024-10-07 at 05:48

@SteveBellovin @mattblaze

USA and EU are indeed not comparable to each wrt. policing, and that is precisely the problem:

Even if you got your solution enacted as federal law, EU will end up with something different, because your solution does not work for EU.

This problem does not stop at the border.

If EU mandates back doors, which they seem to end up doing, USA will have back doors too, just like you have seen other EU regulations, from ROHS to GDPR, leak into USA.

=> More informations about this toot | More toots from bsdphk@fosstodon.org