@icedquinn fair points, and thanks for taking the time to lay them out in detail. There's a lot to unpack here. I'm on Mastodon so I'll have to do a series of posts addressing different aspects of your post.
Conversation
Notices
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:07:10 UTC Strypey -
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:11:30 UTC Strypey @icedquinn
> the contents of [the police's] investigation notebook is secret for a limited time but the general concept of how they do investigations doesn't really need to be hidden.I think this is a sensible use of secrecy. Specific, time-bound, and to a purpose. In the secret police, secrecy tends to be general, open-ended, and arguably exists mostly for the sake of #SecurityTheatre to justify excessive powers and funding. I think that the latter ought to be more like the former.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:20:33 UTC Strypey @icedquinn
> this is of course assuming you are doing the presumed work of preventing existential crises ...Exactly, and I tend towards the Chomskyan view that the burden of proof is on the authorities to justy their claims to need special rights or powers. #NZ Politicians have spent two decades claiming that secret police are needed to protect us from Islamists. The only terror attacks we know about were committed by French secret agents and #WhiteSupremacists. What gives?
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:30:12 UTC Strypey @icedquinn if people are suspected of planning violence, I don't think anyone investigating them ought to have to publicize their investigation notebooks or their sources, whether that's law enforcement, jounalists, or activists. But I think their methods ought to be a matter of public record, especially when they have extraordinary powers, and that investigations should be partitioned so that as much as possible of what they learn and achieve can be published, for accountability.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:38:20 UTC Strypey @icedquinn imagine a secretive government agency that claims to protect us from vampires, werewolves, and zombies, but refuses to give us any evidence these actually exist in our country (although it occasionally raids Halloween Parties and arrests cosplayers doing zombie walks), nor any proof that they have stopped some real ones from harming people. Would we give it millions in funding every year and constantly increase its powers? Yet swap in "terrorists, and extremists" ...
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:47:19 UTC Strypey @icedquinn the ethics of keeping #ZeroDay exploits secret is another kettle of fish. I'm guessing you're offering this as an example of when secrecy of approach might be justified. The thing is, the method here is not secret, just the current inventory of the armoury. I mean, you just described the approach to me in a public medium.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:51:19 UTC Strypey @icedquinn now, imagine replacing secret police with agencies that were much more transparent, keeping operations specific and time bound, using secrecy only for current investigation notes. Agencies that politicians, public servants, journalists and civil society can hold to account when they target people inappropriately or talk up boogiemen in attempts at mission creep and empire-building.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 11:58:30 UTC Strypey @icedquinn you may also be offering this as a justification for security by obscurity. I hope not, because that would miss the point of how I'm applying the phrase here. I'm talking about the design of the agencies' own security, such that they can publish their operational "source code" (*not* the equivalent of their system passwords, private keys etc of course), without that information being of any use to opponents trying to break their security (evade detection etc).
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 12:05:51 UTC Strypey @icedquinn one way to approach the question of whether secret police ought to be allowed to keep armouries of zero day exploits is a utilitarian one. What causes the greater harm to the greater number? Not responsibly disclosing security bugs to software developers, platform sysadmins etc, or people who violent actions can reliably be prevented by the use of undisclosed exploits? But as mentioned in the other branch of my replies, the public have no way to quantify the latter.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 12:09:18 UTC Strypey @icedquinn whereas we have mountains of publicly available data on the harms caused when undisclosed exploits are used by Bad Actors, in some cases professionals working for competing governments or corporations. I think it's reasonable to say that the very "national security" or "public safety" the secret police purportedly exist to protect is regularly harmed by this. So to me, the burden of proof is on the secret police to justify the utility of their exploit armouries.
-
Strypey (strypey@mastodon.nzoss.nz)'s status on Thursday, 18-Jul-2019 12:13:24 UTC Strypey @icedquinn arguably both national security and public safety would be greatly increased by redirecting most of the funds spent on secret police in "democratic" countries, to the developers of the essential #FreeCode components that everyone's security depends on, in a myriad of different ways, and to teams working on robust encryption, pen testing of all the above with responsible disclosure etc. Less security theatre (vampires! werewolves! zombies!), more actual security work done.
-