This case is a brilliant reminder to anyone working in deep packet inspection/blocking/filtering tech that your work negatively affects the safety of millions of people in such countries at once.
This case is a brilliant reminder to anyone working in fiber optics that your work negatively affects the safety of millions of people in such countries at once.
But seriously, deep packet inspection is evil now? It's an extremely useful security tool.
Your argument is essentially "engineers at steel plants make steel, which can be used to make guns, which can be used to kill."
At some point, the chain of causality is so remote that assigning unequivocal judgments of evil becomes logically absurd. Are port scanners evil now too?
Do you possibly just have no idea that deep packet inspection has many legitimate uses, and is critical to security in many networks? Or are you simply ignoring that fact for the sake of your argument?
I am not ignoring the legitimate use cases - and I never said that there weren't any. I simply pointed out that if you work in DPI/filter/blocking and your company sells to those regimes, that you support the oppression of the affected users.
I can help with some real world examples. One is Blue Coat.
That's not actually what you said. You said: "anyone working in deep packet inspection/blocking/filtering".
This is much different than (my own wording): "anyone working in DPI for a company they know is selling their products to a police state".
It is absurd to blame open-source developers, researchers, or even employees at company's whose software has a legitimate purpose but is illegally exported and misused. They're just doing their job, since the technology has legitimate uses, as you've acknowledged. Blame the governments, not the programmers.
It's mostly useful for production and other corporate networks. It's basically a more powerful firewall, where you can enforce contracts on your network concerning what traffic is allowed to go in or out.
As a quick example, one strategy (although personally I've always questioned it's viability, but it's just one of many examples) is a network admin may install a filter that deep searches packets for common SQL injection or XSS strings. This is done as a secondary measure to possibly prevent malicious requests.
Other examples are if you want to force employees to not be able to send certain documents or information outside of the company for compliance reasons, you can scrub traffic for that information. Obviously more complex.
The general concept is that it's useful for when you know you do not want specific traffic crossing your network. Ironically, it's the same use case scenario with draconian governments preventing encryption, but in the production or corporate scenario the use case is not ethically unsound.
So it looks like this needs (from EU perspective) another round of lawsuits to get this overthrown again - since the oversight by the US DoC is laughable.
Basically the problem with Safe Harbor is Section 702 of the Foreign Intelligence Surveillance Act and Executive Order 12333. The cumulative effect is that all people non US persons are legitimate targets of mass surveillance under US law.
The fix for Safe Harbor was negotiated with Department of Commerce who has no authority to talk about reforming this policy.
Options were
1. Immediately end the ability of US based digital companies to do business in Europe
2. Cave completely and have a few months of normalcy before Europe Commission kills the deal.
You have a significant misunderstanding of the mechanics of this treaty, FISA, and EO12333.
This treaty: it must be ratified by Congress in order for it to be considered accepted by the EC. Under the U.S. Constitution, this means it would carry the full force of the law. The Commerce Department wouldn't bear the weight of enforcement.
FISA §702: limits collection to targeted non-U.S. persons of foreign intelligence interest at borders (Upstream) and submission of NSLs to U.S. organizations for data on non-U.S. persons. The Privacy Shield agreement only prohibits mass surveillance.
EO12333 does not apply since that collection occurs outside of the United States, and would not be in the jurisdiction of this agreement.
> Department of Commerce who has no authority to talk about reforming this policy.
No, this agreement was made at the behest of the Senate Committee on Commerce, Science, and Transportation [1]. Since this will be ratified by the Senate, it will carry the full weight of the law.
And we've seen that US laws aren't worth the paper they're printed on when it comes to curbing the mass surveilance apparatus. Leaving the policing of their own hungry three-letter agencies to the US is a laughable proposal.
That is not only unethical that is also illegal in some countries.
Also, this is the reason why you should have FB platform a) turned off and b) disallow that your friends "bring your data with them when they use apps".
1) Click the down arrow (▼) in the top right, then go to 'Settings'.
2) Click 'Apps' in the bar on the left side.
3) Click 'Edit' under 'Apps, Websites, and Plugins' then 'Turn Off'
4) Click 'Edit' under 'Apps Others Use' and uncheck everything, then 'Save'.
Yes. And there are tons of other startups and probably also YC companies involved in heavy scraping, aggregating and selling that information to other folks.
