The whole point the EFF is trying to make is, apparently our government has a lot of knowledge and power with regards to computer vulnerabilities and exploits, and is using it all secretly with no oversight and no restraints that we normally hope to enjoy due to things like the 4th amendment. I feel weird even needing to explain this.
So, please forgive us when you say, "just trust this guy," and we are leery.
Do you have something more than an appeal to a much weaker authority? All I see as a counterargument is "EFF says otherwise". But EFF does not in fact staff experts in the development of zero-day exploits, and Dave Aitel --- apart from himself being one of those experts --- clearly does.
Update: slightly better summary of Dave Aitel's article.
I'm speaking about the greater issue of unchecked government power that the EFF raised. That does not come from a a simple appeal to authority, I hope we don't need to rehash the reasons we have a Bill of Rights and a government based on checks and balances. Dave Aitel's article was very focused on one of the EFF's concerns, management and disclosure of vulnerabilities, and much of what he said boiled down to, "Our enemies operate without oversight and so we need to also. Sorry, you are just going to have to trust us."
I'm sorry, but if we can't even agree about the facts, or even how we might arrive at the same ballpark of facts, what makes you think a debate of meta-facts is going to be productive?
We do seem to be talking past each other. Against better judgement, I'll try once more.
Dave Aitel can be the world's foremost expert on developing zero days with no peer in sight, but that doesn't automatically make him (or any expert) trustworthy. One of the great things about our government (when it functions correctly) is that we don't have to trust any one person in our government too much. We have things like transparency, checks and balances, competing interests and so on that help force everyone to be at least somewhat honest and responsible. The arguments that we should just shut up and trust the FBI and the NSA go counter to that. The EFF may not be expert in exploits, but even school children in the US understand basics about government corruption and the need for checks and balances.
I do think I understand Dave's argument. Oversight and transparency applied to US agencies with regards to exploits will not also be uniformly applied to non-US agencies and their use of exploits. Why does that matter even matter? Well, nobody seems to be coming out and saying as much but Dave and others strongly imply that we are in the middle of a secret all-out no-holds-barred high-stakes computer security war with other countries right now. Burdening the FBI and NSA with any kind of transparency or oversight requirements will put us at a disadvantage in that war and Bad Things will happen if we lose.
If that's really the case, then it sounds like we need Geneva Conventions for cyber war, something that protects all the worlds citizens from the land mines and mustard gasses of state sponsored computer hacking. Before that could ever happen we'd need to first admit we are in the middle of a cyber war, and nobody seems to want to do that.
The whole point the EFF is trying to make is, apparently our government has a lot of knowledge and power with regards to computer vulnerabilities and exploits, and is using it all secretly with no oversight and no restraints that we normally hope to enjoy due to things like the 4th amendment. I feel weird even needing to explain this.
So, please forgive us when you say, "just trust this guy," and we are leery.