
Tim Berners-Lee: Spies' cracking of encryption undermines the web - Libertatea
http://www.theguardian.com/technology/2013/dec/03/tim-berners-lee-spies-cracking-encryption-web-snowden
======
binarymax
While I agree that its horrible for agencies to be doing this, I must also say
- if it is breakable, then it is not good enough. We shouldn't have to worry
about whether someone can break encryption or not. We shouldn't have to guard
the guards. The factors of morality and ethics and trust needs to be removed
from the equation entirely, because there will always be parties that are not
moral, ethical, or trustworthy. This is happening at a good time in history.
There are people who are doing what they can to make sure it doesn't happen
again. We've only had the internet for 30 years. Lets patch it now.

~~~
Nursie
>>if it is breakable, then it is not good enough.

And if the agencies are steering people towards crypto they know is broken but
the public do not?

~~~
venomsnake
Then the agencies are endangering their own countries. It is simple math - the
world produces much more geniuses that NSA employs (or GRU or anyone). If you
deliberately introduce weakness someone will find it. And the entity may not
be friendly.

The problem comes because the win of the cold war somewhat skewed the western
view of their own capabilities.

When NSA had adversaries that they deemed worthy - they took the effort to
strengthen everyone's communications. Right now while looking at the others
with disdain and (wrongly) refocused the efforts on terrorism - they prefer
weak networks.

------
onion2k
_" Internet security is hard," he says with emphasis. "All systems have
undiscovered holes in them, and it's only a question of how fast the bad guys
can discover the holes compared with how fast the good guys can patch them
up."_

The internet should be thought of as something that transcends the notion of
governments and nations; it's a tool for all of humanity regardless of who
they are and where they live. The NSA should be considered just another "bad
guy" in this scenario - a well-funded arm of a group of people who don't
necessarily have the good of humanity _as a whole_ at heart. Literally
_anyone_ who wants to manipulate the way the internet works away from an open
tool for communication and sharing, to subvert it and break it for their
personal gain, or that of their corporation, organisation, government or
nation, is the bad guy.

~~~
grey-area
I do find this an interesting notion. Because the internet transcends national
boundaries and government jurisdiction, it encourages people to think of
themselves as part of a global humanity, without loyalty to a specific
government or group, and without loyalty to those who try to invade privacy
for corporate or nationalist reasons. It's easy to forget that the concept of
nation states and nationalism is a relatively new one and not necessarily
worth of respect. Perhaps the internet and sharing and protecting our own data
will help to obsolete nations and encourage people to be loyal to ideas, not
brands or polities.

~~~
dasil003
Nationalism is mostly pretty evil IMHO, but nation states are actually
providing a crucial role as a check on the power of corporations, the boards
of which would otherwise be defacto global lords. The tension of diplomacy
between nation states is critical to keeping everyone honest. My biggest fear
for the future of the planet is a consolidated world government with real
power (as opposed to the United Nations) because I think serious corruption
would be unavoidable over time.

------
Zigurd
> _Internet security is hard_

And among the hard things is the fact that you can't have it both ways. In
TBL's case this means he has to realize that DRM is Big Brother Inside.
Standardizing DRM means building a standard framework for back doors. You
can't be an enabler for the big entertainment companies without being an
enabler for snooping.

Many security experts have not faced the fact that they cannot protect their
users from state actors and still be deputized by the same state in crime-
fighting. The only way to protect the user is to put the user's data out of
reach of both spies and police. The security priesthood is easily co-opted and
turned into witting and unwitting tools.

------
Malstrond
Then he should stop underminding the web himself with HTML5 DRM.

------
D9u

         Any country that tries to create what he calls a "walled garden" of the internet would find the value of its GDP drop through the floor. Trade would be disrupted, cross-cultural exchange wither
    

While I agree with the sentiment of the article, I can't help but look to
China's version of a "walled garden of the internet" and how that has affected
China's GDP. It seems that China continues to do quite well in spite of the
aforementioned "walled garden" approach to the internet.

Is the rest of the world doomed to a similar situation?

------
pyalot2
DRM undermines the web.

------
knappador
The whole cyber arms-race makes no sense. It's like mutually assured
destruction when you have the capability to remotely dismantle each others'
nukes by publishing your designs.

------
na85
This feels pretty rich coming from the same guy who kowtowed to the copyright
industry in order to bring us baked-in DRM on the web.

In practice, the singularly boneheaded decision to allow DRM into the official
HTML5 spec will have a far greater impact on the average user's web experience
than NSA backdoors will.

~~~
eridius
Go take your misinformed whining somewhere else. HTML5 does _not_ have DRM. It
merely standardized an API to allow media content to talk to a content
decryption module. But there is no actual DRM in there.

You are right, though, that this will have a pretty big impact on the average
user's web experience. Namely, it will let them view protected content without
requiring proprietary plugins (e.g. Flash, Silverlight, etc). So it's pretty
good for the average web user.

~~~
na85
>HTML5 does not have DRM

Yet.

From the 14 Nov 2013 draft:

>This proposal extends HTMLMediaElement _providing APIs to control playback of
protected content_.

In other words, they're extending HTMLMediaElement to allow Hollywood to put
whatever DRM measures in place that they choose. What this WILL NOT do is
increase accessibility. Maybe Tim thought it was a good idea, but the old
adage is that the road to Hell is paved with good intentions.

The copyright industry are not the good guys, and they _will_ find some way,
just as they always have, to make the user experience worse in the interests
of their bottom line(s). But who knows? Maybe I'm wrong, or maybe you just
have more faith in the industry that was shipping malicious rootkits on music
CDs than I do.

~~~
eridius
EME extends HTMLMediaElement to let it talk to Content Decryption Modules,
which must be provided elsewhere. This is just a standardized API for being
able to handle protected content. I do not understand all the hyperbole
surrounding this.

You're also a bit off your rocker if you're trying to paint "the copyright
industry" as some kind of secretive cabal of people who just want to cram DRM
on users' computers. Not to mention the fact that sites that don't use this
won't even be affected by it. The vast majority of websites out there won't
even care, and the ones that do care _already have a solution to deal with
protected content today_ , it's just a crappy solution (e.g. requiring
Silverlight). Hell, using EME to handle protected content is a _far_ better
experience for the user than requiring the installation of a third-party
plugin that can has far more capabilities than just decryption content. So if
anything, this actually limits the scope of what protected content playback
code can do on users' machines.

~~~
na85
I never said the copyright cabal was secretive but they absolutely want
control over our computers' playback mechanisms.

There was a proposal, I think in the HDDVD spec maybe, wherein the dvd drive
itself would be remotely disabled and prevented from playing future content
based on the sole discretion of some nebulous 3rd party.

There's the Sony BMG rootkit thing that Mark Russinovich uncovered.

Yes, they absolutely want to cram your computer with DRM and you're a fool for
thinking they don't.

~~~
eridius
They want to control how their content is played back on your computer. That
is _not_ the same thing as wanting to arbitrarily stuff arbitrary computers
full of arbitrary DRM. Yes, they've gone ridiculously overboard in the past,
but DRM is not the goal in and of itself.

------
saraid216
When does "undermining the web" become the new "think of the children"?

