[pp.int.general] Our ideology

Wed Jul 29 22:14:01 CEST 2009

On 29 Jul 2009, at 20:53, Philip Hunt wrote:

> 2009/7/29 Eric Priezkalns <eric.priezkalns at pirateparty.org.uk>:
>> On 29 Jul 2009, at 19:32, Philip Hunt wrote:
>>> What are the implications of this? One is that the government (or  
>>> any
>>> other organisation) can't read Alice and Bob's mail. To ensure this,
>>> they should be allowed to use strong encryption. This means they
>>> mustn't be using locked-down hardware (such as the iPhone) where  
>>> only
>>> certain programs can run, and they've no way of knowing if there's a
>>> trapdoor that compromises their privacy.
>>>
>>> We also want to prevent the possibility of traffic analysis
>>
>> You'll need to be refine this idea.  Not all traffic analysis is  
>> about
>> making more money from ordinary customers.  Some of it is just about
>> managing costs in running a complex network.  Some of it is about  
>> preventing
>> fraudsters from abusing networks.  Neither of these infringe the  
>> rights or
>> impact any normal individual.
>
> I meant traffic analysis in the sense of an eavesdropper using it to
> spy on Alice and Bob's communications, in order to find things out
> abot them that they'd rather keep secret.

Understood.  Technically, depending on the communication channel, both  
legitimate commercial traffic analysis and eavesdropping may be  
performed using identical or similar technology.  That makes it a  
challenge to precisely define what network operators can and cannot  
do, and to enforce those rules.  It is probably best to go down the  
data protection road to realizing this in legislation - saying what  
end results are acceptable and what is unacceptable, rather than  
trying to proscribe the specific technologies and procedures used for  
traffic analysis.  However, that will always leave a risk that  
legitimate technology can be used for illegitimate purposes so the  
question of enforcement is very real.  Most data protection  
enforcement is non-existent, so this is a very practical challenge  
about how to realize the goals effectively without creating an  
alternative kind of oppressive monitoring regime that will hurt honest  
businesses.

Please also let me apologize for saying "you'll" need to refine the  
idea - I don't know why I did that.  I should have said "we will" need  
to refine the ideas, and I didn't mean to imply the burden was with  
you alone.

[snip]

>>  Anonymity can be a bad thing if individuals don't understand how
>> anonymous they are.
>
> Yes, but that's merely a function of people understanding / being
> educated in how their computer and software works.

Agreed.