[Wikimedia-l] Wikimedia and the politics of encryption

Terry Chay tchay at wikimedia.org
Tue Sep 3 19:38:36 UTC 2013 

This part of the discussion has strayed a bit far from the politics of encryption. ;-)

Not that it doesn't have value, but if I can bring it back on-topic for a moment…

The gist of the HTTPS issues is that it's simply not an engineering discussion, it's a political one. The abuses recently revealed in the United States is either orthogonal to the issue of the politics of encryption (in that HTTPS encryption in China, Iran, and the future is in discussion), or is the direct salient (in that it is a prime motivator for accelerating HTTPS rollout which has triggered this issue).

I, for one, would like to see the discussion of what to do. I'm of the believe that there is no simple engineering decision without introducing practical, political, legal, and moral complications. I suspect that even the more clever or complex ones also introduce these issues. It's important to outline what our choices are and the consequences of those choices, and derive consensus on what the right choice is going forward, as it is clear what we have now[1] is a temporary band-aid.[2]

I'm less sanguine about Erik's suggestion that creating a deadline to HTTP-canonical will actually get us to an adequate resolution. The reason is simply—whatever I think of Google personally—I feel Google has a highly-capable, highly-motivated, engineering-driven staff, and they were unable to come up with a workable solution. Unlike Google, we have a clear sense about what motivates us[3], so we need to figure out how best to get there/interpret it.

[1]: http://blog.wikimedia.org/2013/08/28/https-default-logged-in-users-wikimedia-sites/
[2]: Maybe start an RfC or other wiki page on Meta with a summary of the discussion so far?
[3]: http://wikimediafoundation.org/wiki/Vision

Take care,

terry

On Sep 3, 2013, at 11:50 AM, Kirill Lokshin <kirill.lokshin at gmail.com> wrote:

> The thing is, it's kind of a crapshoot anyways.  You might see something that you think might be classified and report it; but, unless you actually have the corresponding clearance yourself, you have no way of knowing for certain whether the material is in fact classified in the first place.  Conversely, anyone who does have that information is unlikely to confirm it one way or the other, for obvious reasons. 
> 
> To make things even more convoluted, reporting certain kinds of material to the WMF could itself potentially be considered illegal in some circumstances, since not everyone at the WMF is considered a "US person" for ITAR purposes. 
> 
> Kirill
> 
> On Sep 3, 2013, at 2:34 PM, "Fred Bauder" <fredbaud at fairpoint.net> wrote:
> 
>>> To be fair, none of the people receiving requests through legal@ or
>>> emergency@ have security clearances either.
>>> 
>>> Kirill
>> 
>> True, but there are not so many of them. I'm not sure if a request about
>> a major matter has ever been made through any channel. In a way, that is
>> kind of a dumb move.
>> 
>> Fred
>

More information about the Wikimedia-l mailing list