Policy-Discussion

[Duane <duane AT cacert.org>]

Sven Anderson wrote:

> That's a bit to diffuse to react to, smells a bit like conspiracy theory
> too, but well, everybody has the right to have one. ;-) In general I would
> say, if you want to avoid, that certain people get certain data, the only
> way is not to create that data. Everything else will be an endless and
> doomed task.

There was nothing diffuse or ambiguous or even metaphorical about my
statement at all, all the time there is new reports on how social
networks are analysed for different purposes but that's only what
researchers are doing and publicly announcing. Not only is CAcert a
social network but it also deals with the use of cryptography.

To be a little more specific, we can assume people are using
certificates in a large number of countries world wide, we can also
assume there is some pretty whack laws in some of those countries that
will put you in gaol as a result of using crypto, or even something as
simple as exporting an application that does crypto, should we be
publishing their names and details so governments can go an arrest and
throw them in a deep dark hole somewhere and forget about them?

Another example might be you or someone you knows travels to one of
these countries and the government there has built a large search engine
that interrogates things like this if CAcert published it, so when you
got to that country you could be refused entry or worst.

Of course these are worst case, a less extreme example, someone has used
a certificate for say child pornography and investigators notice your
association with a person because you assured them, so they arrest you
as an accessory. Regardless of your innocents, do you really want to get
arrested in connection with child pornography in this day and age where
everyone presumes you're guilty of something if the police arrest you?

Just to make life interesting the entry requirements into some countries
require you to disclose if you were ever arrested, you don't have to be
even charged with a crime to make your life more difficult.

I can sit here and go on and on as to why it's a bad idea, might not
happen, but there is past precedents that clearly point out any or all
the above could happen.

I only have to be right once :P

-- 

Best regards,
 Duane

http://www.cacert.org - Free Security Certificates
http://www.nodedb.com - Think globally, network locally
http://www.sydneywireless.com - Telecommunications Freedom
http://e164.org - Because e164.arpa is a tax on VoIP

"In the long run the pessimist may be proved right,
    but the optimist has a better time on the trip."