[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: DRM vs. Privacy
|
From: |
Marcus Brinkmann |
|
Subject: |
Re: DRM vs. Privacy |
|
Date: |
Mon, 07 Nov 2005 21:01:14 +0100 |
|
User-agent: |
Wanderlust/2.14.0 (Africa) SEMI/1.14.6 (Maruoka) FLIM/1.14.7 (Sanjō) APEL/10.6 Emacs/21.4 (i386-pc-linux-gnu) MULE/5.0 (SAKAKI) |
Jonathan,
I think we have all become so accustomed to computers where the
superuser can do _everything_ that we have forgotten what privacy is
in the context of multi-user computer systems.
Can you give some references on this topic? I think we have a pretty
good idea now how privacy can be implemented and verified using
confinement and TC, but here are a couple of issues that at least I
could need some more pointers to:
* What is the impact of not having the privacy requirements you want
to have? One recent case I can think of is viruses that send random
files to random people in your address book. What else is there?
* More specifically: No popular system today provides this amount of
privacy. Why is this currently not widely perceived as a problem?
(This is another way of asking: Why are current systems not good
enough?)
* What are the legal consequences of implementing or not implementing
this feature? In a system where the sysadmin can edit the content
of the machine, he may be liable. In a system where every change
can be (presumably) traced to me, _I_ am liable. How can I proof
that the machine was compromised if there is a strong scientific
argument that the machine is "safe"?
For completeness: If we build such a system, and it turns out to
_not_ be safe, are we programmers liable? Certainly we can't afford
to carry such a liability as free software hackers writing in our
spare time.
* How do we know that we really achieve privacy? If the
FBI/NSA/CIA/etc can install a cryptographic backdoor in TPM/TCPA
chips, it can probably replace the OS without revealing this
modification in the remote attestation protocol. Isn't it better to
openly not have privacy than to believe to have privacy without
actually having it?
Also, what happens if the FBI/NSA/CIA/etc does this, then uses my
account to attack some machines, and then sues me? (Ie, a
combination of the last two points).
Some of this is of course speculative. But at least the first
questions are questions for present facts, and don't involve any big
brother paranoia whatsoever.
Thanks,
Marcus
- Re: About social balances, (continued)
Re: About social balances, Jonathan S. Shapiro, 2005/11/07
Re: About social balances, Benno, 2005/11/07
Droits moraux, Ludovic Courtès, 2005/11/07
Re: About social balances, Jonathan S. Shapiro, 2005/11/07
Re: About social balances, Jonathan S. Shapiro, 2005/11/07
DRM vs. Privacy, Jonathan S. Shapiro, 2005/11/07
- Re: DRM vs. Privacy,
Marcus Brinkmann <=
- Re: DRM vs. Privacy, Bas Wijnen, 2005/11/08
- Re: DRM vs. Privacy, Bas Wijnen, 2005/11/08
- Re: DRM vs. Privacy, Jonathan S. Shapiro, 2005/11/08
- Re: DRM vs. Privacy, Bas Wijnen, 2005/11/08
- Re: DRM vs. Privacy, Jonathan S. Shapiro, 2005/11/08
- Re: DRM vs. Privacy, Bas Wijnen, 2005/11/08
- Re: DRM vs. Privacy, Jonathan S. Shapiro, 2005/11/08