Policy-Discussion

[Alex Robertson <alex-uk AT cacert.org>]

On 29/05/2014 02:28, Benny Baumann wrote:

> Basically I'm fine with the current wording too, except for exactly ONE
> major issue: Which is exactly the loophole authoritarian governments in
> many countries (UK, US, Turkey, China, ...) provided themselves with
> which makes awareness and readiness to put up resistence necessary. We
> see active attacks on this side (Tor project, EFF, Wikileaks, Amnesty
> International, Reporters without borders, many other civil and human
> rights groups, ...) and thus resisting subversive powers is one first
> step. Or call it civil disobediance. Whatever you prefer.
>
> In a community you have obligations towards this community - and you
> should be sure you subscribe to them if you take part in this community
> - and be it by using their provided services.
>
> So much on thie here - I guess Eva will elaborate on the 2.5 discussion
> anyway - and by this also provide the full arguments on both sides.
We are all part of many communities - CAcert is only one of those - 
other communities include your country and locality, and you may have 
limited choice about those. All of those communities tend to provide 
both rights and responsibilities and conflict between them can occur,

"Resisting the subversive powers" may be what CAcert would like me to do 
(and I do what I can about these issues through various lobbying bodies 
I am associated with!) - but I doubt if the community would pay for (or 
otherwise take on) my legal defence if I refused to surrender keys under 
a legally valid order to do so. Such orders may well not be possible in 
Germany - if so, you are lucky! - but they can be made elsewhere. I 
wouldn't either willingly or voluntarily surrender keys without such an 
order and I would also raise what legal challenges I could if this were 
to happen before doing so.

If it was alleged that a community member was associated with terrorism 
or organised crime and that they were using the facilities the community 
provides as part of that (in particular encryprtion of communications), 
the community is left in an invidious position both legally and morally IMO.

I've seen the results of terrorism - I spent some time in Northern 
Ireland at the height of the troubles there - and it's not pleasant - so 
I personally believe that there *may* be some validity to the state 
requiring access - but this I also believe that this needs to be 
balanced, controlled and very specific as to what is required and why!

In practice, I suspect that the state (whichever state!) is more likely 
to get and act on an order to seize computers, phones etc. as possible 
evidence and (as discussed elsewhere) accessing keys is then a 
relatively trivial exercise  (I think that this can even be done in 
Germany) - and there's not a lot you can do when half a dozen "heavies" 
have metaphorically "kicked down your door"!

Regards

Alex

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature