Governing Privacy

Citizens have the right to have privacy. Intruding the privacy in the name of security is fine as long as it is JUSTIFIED BY THE LAW.

Now we know that laws are man made. Lets look at this recent news “U.S. Tries to Make It Easier to Wiretap the Internet“.

Why would the government want to make sure that you don’t use encryption algorithms to secure our conversation, unless there is a backdoor entry for them to peek into?

• They want to know, if we are communicating anything that would harm the public interest
• Pre-emptively/Non-Intrusively monitor the communications, as if the messages are sent in “clear text”
• Don’t invest anything big, like computing farms and heavy duty super computers, to decode the messages being sent

Here is what I see as a problem and thereby an opportunity:

• Are we thinking that the security measures that the government is uses aren’t good enough to keep us secured?
• Blanket Judicial Approvals/Orders to start monitoring communications based on a BROAD classification of PREJUDICE, STEREOTYPES and DISCRIMINATION. I DON’T complain that this is unfair. We all have experiences to justify WHY this is a necessity or otherwise.
• Blanket approvals to monitor cause too much overhead for those who try to:
  • Monitor
  • Comply
  • Abide to the rules
• Huge rewrite of software applications that use encryption tools and techniques
• There is very little transparency on the systems that would try to use the backdoor entry points
• Would these initiatives come with the clauses where the backdoor entries are recorded and documented for future judiciary review, in an non-repudiation basis?
• A BIG UNKNOWN on how many new exploits would be targeted towards the backdoor entry points

All this reiterates my usual point

Security is a perception and its usually governed by factors beyond our control. In this case, “beyond” is a relative term, where few perceive it being finite while others don’t.

We all know that amount of effort went towards creating a SECURE infrastructure. The whole Trusted Computing Platform and Common Criteria Evaluation initiatives are now very much questionable. If privacy is not controlled by my choice (Opt-In/Opt-Out), why have a Trusted Platform/Products?

I know that commenting on these sensitive topics are taboo, since it is sometime to do with freedom of speech?