Re: Clarifying the record from EFF

[Dave Aitel <dave.aitel () gmail com>]

Five or so years ago, when Mikko Hypponnen was still in a blissful
imaginary world where bugs could be fixed and AV worked, George W Bush
walked into a room full of defense and intelligence officials, and he
pointed out to them in a dry Southern way how if they didn't think of
something better that the Isrealis were 100% going to attack the Iranian
nuclear program, and they were going to pull the United States into it, and
there was going to be a large serving of  _extremely unpleasant_ sandwich
with a small side of possible nuclear winter for everyone involved...

And looking around the room, the people who had never shot a gun, who that
very night would go home to play an RPG so hideously complex it has its own
government, who spent the time before the meetings with high powered
government officials arguing about Firefly versus Buffy the Vampire
Slayer's various scripts, people who if given have a chance would expound
upon deeply held personal opinons regarding various subtleties in the
licensing of Unix distributions,...these people simply shrugged and said
"Yeah, we got this one."

And hey look, here we are.

So let me just say here in this forum that I appreciate the EFF taking the
time to  post, but I have to imagine that these issues can be thought out a
bit more thoroughly...I can only posit that someone, or some group of
people within the EFF, listened to Chris Soghoian who appears to be going
on a profoundly uneducated crusade against exploit sellers (to which our
personal liberty will be simple collateral damage).

I don't know if the EFF can change its position on this without losing
face, but I also think a careful reading of the Commerce Department's EAR
would demonstrate that we didn't exactly win the war against cryptographic
restrictions either.

-dave

On Tue, Aug 21, 2012 at 11:45 AM, trevor <trevor () eff org> wrote:

>  Hey folks,
>
> Below is EFF's response to the Daily Dave thread entitled "Neal
> Stephenson, the EFF, and Exploit Sales."
>
> In March, in the midst of a heated public about cybersecurity, EFF
> published an article entitled "Zero-Day Exploit Sales Should be a Key
> Point in the Cybersecurity Debate." Unfortunately, it has been
> mischaracterized and distorted on this list and other public forums, so we
> want to take the opportunity to clarify what we said, and importantly, what
> we didn't say.
>
> The confusion seems to stem from this paragraph:*
> *
>
> *If the U.S. government is serious about securing the Internet, any bill,
> directive, or policy related to cybersecurity should work toward ensuring
> that vulnerabilities are fixed, and explicitly disallow any clandestine
> operations within the government that do not further this goal.
> Unfortunately, if these exploits are being bought by governments for
> offensive purposes, then there is pressure to selectively harden sensitive
> targets while keeping the attack secret from everyone else, leaving
> technology—and its users—vulnerable to attack.*
>
>
> Based on this, we’ve been accused of calling for regulation of coders’
> free speech rights.  But that is not what this paragraph (or the rest of
> the blog post) says.  This paragraph is about what *the ****U.S.
> government* should do, and not about coders at all.
>
> Indeed, EFF established that code is speech in the 1990s in a case called
> Bernstein v. Department of Justice, winning the right to export
> cryptography (https://www.eff.org/press/archives/2008/04/21-29). We
> continue to defend these rights to this day. Any legislation or other
> government action that would restrict coders from writing code (and
> offering it to the government) should be presumptively unconstitutional,
> and rightly so.
>
> The blog post was written while the House of Representatives was debating
> CISPA, a dangerous bill that would carve a huge hole in existing privacy
> law while not actually making the Internet any safer:
>
>
> https://www.eff.org/deeplinks/2012/04/cybersecurity-bill-faq-disturbing-privacy-dangers-cispa-and-how-you-stop-it
>
> The basic point we were trying to make is that Congress should look at the
> government's own actions and consider what it could do to improve security
> before passing sweeping new legislation to scale back everyone else's
> rights. That includes the government’s own decisions to keep information
> from companies and the public that could help secure networks, systems, and
> critical data -- as part of a hidden offensive strategy or otherwise.
>
> The main cybersecurity bills are no longer moving forward, but the debate
> about policies to address information security will doubtless continue.  In
> these discussions, EFF will continue to fight for the users, for the
> researchers, for robust privacy and security technology, and against
> governmental restrictions on the freedom to code.  While you may not agree
> with everything we do, we thank you for the opportunity to participate in
> the discussions on this forum.
>
> --
> Trevor Timm
> Activist
> Electronic Frontier Foundationtrevor@eff.org415.436.9333 ext. 104www.eff.org
> 454 Shotwell Street
> San Francisco, CA 94110
>
> Defending your civil liberties in the digital world.
>
>
> _______________________________________________
> Dailydave mailing list
> Dailydave () lists immunityinc com
> https://lists.immunityinc.com/mailman/listinfo/dailydave
_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave