On 10/31/2017 05:20 AM, Phillip Hallam-Baker wrote:
[...] it is the casual negligence many of the technologists show when it comes to security risks.
The question I see is who is going to be in control. Will it be the user or someone else.
[...]
I think you've already answer that question for yourself in the excerpt
below.
We have to have a plan to make the Internet safe for users, yes. But what we also need at this point is a plan to protect society from the Internet itself. [...]
According to that view, it will be someone else, unless "our" plan to
protect "society" from the criminal users of the Internet is adequate.
Absolutely speaking *only* for myself here, but I view talking about
plans "to protect society from the Internet itself" like a pretty much
straight up attack on the fundamental idea of an Internet Society as a
thing worthy of that name.
I mean to say, what does that even mean in an Internet Society?
Instead, it seems to me that we have a philosophical tussle between A)
people who think of the Internet firstly as a command and telemetry
system for political and economic data, to be policed by and subservient
to state power, used mainly as a tool for governing the populace, and B)
people who think of the Internet firstly as an open standard
communication technology to which justice demands that everyone is
recognized to have an equal right to lawfully regulated use for any
public or private purpose.
How you think about security risks, it seems to me, depends on which
side of this philosophical debate you align. Accusing the other side of
"casual negligence," when it's actually the case that the other side has
set different priorities, is probably not the best way to facilitate
better mutual understanding.
As IETFers, I hope we can transcend the usual failure to communicate.
--james