Policy-Discussion

[Benny Baumann <benbe AT cacert.org>]

Am 27.05.2014 21:49, schrieb Eva Stöwe:
> Dear Alex, dear List,
>
>>>>> 2.5b Various countries - certainly including UK and US (and I think AU)
>>>>> have legislation in place that can enforce surrender of keys allegedly
>>>>> for anti-organised crime and anti-terrorism reasons in their
>>>>> legislation. Given this, *I'd prefer not to add such a clause*,
> here is another approach for 2.5:
>
> There are a lot of countries - including probably US and UK - that try
> to avoid that business secrets of "their" companies are stolen so that
> business rivals could profit from them.
>
> There are a lot of countries that forbid - including US and UK -
> employees of the state to share secrets they learned during that
> employment. (For US think about Manning or Snowden.) At least I had to
> swear an oath to not share some kind of information to outsiders and it
> was only a student job at the university.
>
> My country - and probably every other country - would not accept any
> other country to just state that they have a right to learn said secrets
> and that one has to provide everything with which one protects those
> secrets. If I would share those secrets I would be legally responsible
> before local courts - (a false oath is worth at least 1 year in jail in
> Germany - I'm not sure if this would apply in this context but there are
> other laws for employees of the state as well that speak about jail).
>
> Now for another gedankenexperiment. Consider you have a big company who
> issues some certificates to their employees with which those employees
> should communicate to keep the business secrets secure. Than you learn
> that one of your employees has shared his key with an employee of a
> rival and the rival beats you in a competition and you lose big numbers
> of money because of the rival knew what you planned and where your weak
> points where. I think you would sack said employee and you would sue him
> for this. You probably would win this case, even if the employee defends
> herself saying that she was told to do so or that she even had to do so
> by the rival.
>
> So even if one country declares that one has to share everything with
> them, this will be illegal everywhere else and following this can lead
> to quite harsh legal issues everywhere else.
>
> Sharing keys and by this secrets (even "unimportant" details can make a
> big difference) is banned more or less in every context and one has to
> expect harsh punishment for it.
>
> Why should it be different within CAcert? Why should we state that we
> allow to do so - with only saying "should not"?
>
> If a "must not" would be unfair and unsensible in any given situation
> there is arbitration to help. As people love to have it for more or less
> everything else.
>
Absolute Full-ACK.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature