Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] FW: The security and ethics

Jim Youll jyoull at
Wed Feb 9 18:29:45 PST 2011

On Feb 9, 2011, at 6:22 PM, Jacob Appelbaum wrote:

>> Certification is good if people don't have the resources to evaluate
>> on their own the reputation of an individual but do have the
>> resources to evaluate the reputation of a certifying authority. In my
>> example of a lawyer, we know the court system in the united states is
>> pretty decent for all its follies, and that lawyers have to perform
>> within acceptable parameters (no negligence please; confidentiality
>> guaranteed under most circumstances). So bar membership and standing
>> before the court use the reputation of the government to communicate
>> minimal standards that we can't very well study up to ourselves.
> I guess?
> That says almost nothing of their performance, reputation, or abilities.
> I don't pick a lawyer based on knowing that they have bar membership
> alone. I pick a lawyer based on their previous case history, our ability
> to have a personal/professional relationship, and the seriousness of the
> risks when I've made a bad choice.

Lawyers are peer-rated A,B,C,NR by at least one service.

Is picking an "A" always the way to go? not necessarily.

When i've had to hire lawyers and it mattered a lot, I've looked at
their personal case histories. What kinds of cases did they try? How
much experience? What was the other side like? How articulate and
frankly, clever, are they? How do they do in an initial interview (yeah,
I'm interviewing them, not spewing details of the situation)

Certification means they went to law school once and know the basics.
A CS degree says someone went to computer school once and knows the basics.

even with continuing ed requirements, if it's life and death, then you assess
the person, not the for-profit accreditation agency (in tech it is ALWAYS

We don't need accreditation that will take years to set up and years of debate
to define. We need openly-published, scrutinized, authoritative information,
basically the Wikipedia of security techniques. Oh. I'm supposed to be thinking
about these problems. Maybe that's a part of the answer.

More information about the liberationtech mailing list