On Wednesday, September 2, 2015 at 10:53:09 PM UTC+1, mer...@mozilla.com wrote: > Hi all, > > Members of the platform, policy, and legal teams at Mozilla have been working > to create a set of principles that should serve as a guide to government > surveillance activities, and that are grounded in our commitment to trust and > openness online. We would appreciate your input on these. Check them out > below. > > The following three principles, derived from the Mozilla Manifesto, offer a > Mozilla way of thinking about the complex landscape of government > surveillance and law enforcement access. We are not proposing a comprehensive > list of good or bad government practices, but rather describing the kinds of > activities in this space that would protect the underpinnings and integrity > of the Web: > > 1) User Security > Mozilla Manifesto Principle #4 states "Individuals' security and privacy on > the Internet are fundamental and must not be treated as optional." > Governments should act to bolster user security, not to weaken it. Encryption > is a key tool in improving user security. > > Requirements that systems be modified to enable government access to > encrypted data are a threat to users' security. The primary aim of computer > security is to protect user data against any access not authorized by the > user; allowing law enforcement access violates that design requirement and > makes the system inherently weaker against attacks that it is intended to > defend against. Once systems are modified to enable law enforcement access by > one government, vendors will be under enormous pressure to provide access to > other governments. It will not be possible in practice to restrict access to > only "friendly" actors. Moreover, the more government actors have access to > monitoring capabilities, the greater the risk that non-governmental > cyberattackers will obtain access. Endpoint law enforcement access > requirements are also incompatible with open source and open systems because > they conflict with users' right to know and control the software running on > their own devices. > > 2) Minimal Impact > Mozilla Principle #2 states that the Internet is a global public resource. > Government surveillance decisions should take into account global > implications for trust and security online by focusing activities on those > with minimal impact. > > Efforts should be made to collect only the information that is needed. > Whenever possible, only data on specific, identifiable users should be > collected, rather than collecting data from a large group of users with the > expectation that it can be triaged later. Activities should be designed to > minimize their impact on the Internet infrastructure and on user trust. > Compromise of or unauthorized access to third party infrastructure or systems > should be avoided if at all possible and is wholly unacceptable if other > avenues for obtaining third party cooperation are available. > > 3) Accountability > Mozilla Principle #8 calls for transparent community-based accountability as > the basis for user trust. Because surveillance activities are (and inherently > must be, to some degree) conducted in secret, independent oversight bodies > must be effectively empowered and must communicate with and on behalf of the > public to ensure democratic accountability. > > A strong oversight regime involves several components. Oversight should be > conducted outside of those agencies responsible for the programs themselves, > by bodies with broad mandates and access, technical competence, and > enforcement authority. Oversight should include statutory transparency > requirements that allow the public to know that aggressive oversight is > taking place and to be able to know the scope and scale of government access > to user data. Finally, oversight should be evidence-based and start with an > analysis of the national security benefits and potential harms of programs in > question.
ok.Thank you _______________________________________________ governance mailing list governance@lists.mozilla.org https://lists.mozilla.org/listinfo/governance
