Search Mailing List Archives
[liberationtech] Cryptography super-group creates unbreakable encryption
rguerra at privaterra.org
Thu Feb 7 18:59:30 PST 2013
Nicely put. Agree with your comments 100%
On 2013-02-07, at 8:14 PM, Christopher Soghoian wrote:
> See Inline
> On Thu, Feb 7, 2013 at 12:15 PM, Andy Isaacson <adi at hexapodia.org> wrote:
> Silent Circle may be an excellent privacy app. It might not have any
> significant security problems. It might even do a good job of
> mitigating important platform-based attacks and supporting important new
> use cases (the "burn after reading" feature). When it's actually open
> source I'll take a look and if it is good, I'll recommend it to users.
> Until that open review happens, I think it's inappropriate for voices in
> our community to commend or recommend such a proprietary system. Each
> person makes their own choices, of course, and nobody should base their
> actions solely on what *I* think is right, but I hope you can hear my
> concerns and consider the outcomes of your actions.
> Twitter's official client and server code are not open source. That hasn't stopped the good folks at EFF, as well as many other privacy advocates from praising the company's law enforcement transparency policies, as well as Twitter's willingness to go the extra mile when responding to various forms of legal process.
> Much of Google's code, including all of the Gmail backend code is not open source, but that hasn't stopped privacy advocates from legitimately praising the company for voluntarily publishing some really useful data on government requests and DMCA takedown demands.
> Although I have not recommended Silent Circle to anyone, I believe that it is entirely legitimate to praise the company for its commitment to transparency regarding law enforcement requests and the company's overall law enforcement policy.
> Hell, looking at the list of companies ranked on EFF's "Who's got your back" website, closed source is by far the norm, not the exception. That hasn't stopped EFF from giving out gold stars where they feel they are deserved. See: https://www.eff.org/pages/when-government-comes-knocking-who-has-your-back
> In fact, for many of the factors that I am most interested in, source code is completely irrelevant. Client source code does not reveal a company's data retention policy, and server data retention configurations are impossible to verify. Source code does not reveal whether a company will tell its users about subpoenas submitted for user data where not prevented from doing so by a gag order. Source code will not reveal a company's willingness to spend hundreds of thousands of dollars on legal bills to fight an improper request submitted by lawyers at the Department of Justice. For such things, you have to evaluate the company on its public policy (and, once the policy is put into action, you can judge the company via its track record).
> By all means, continue to harass Silent Circle about its source code. Likewise, please do hold journalists accountable for the bogus headlines they, or their editors have selected. But do not dismiss my legitimate interest in the law enforcement legal policies adopted by companies. These policies are often just as important, yet impossible to verify, even when companies publish their source code.
> Unsubscribe, change to digest, or change password at: https://mailman.stanford.edu/mailman/listinfo/liberationtech
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the liberationtech