[Dailydave] Neal Stephenson, the EFF and Exploit Sales

Rich Mogull rmogull-dd at securosis.com
Sat Aug 11 17:02:33 EDT 2012

Dave Aitel wrote:
> So your theory here is that because the EFF is calling for regulation of
> the government's ability to use 0day it has bought, that they are still
> advocating some sort of freedom? Frankly, I can't for the life of me
> understand why the EFF would take these positions - they seem counter to
> its mission, if not just completely confusing. It's like some selection
> of people at the EFF got scared that 0day exists and took a random
> position on the matter, completely ignoring that their (former) support
> base has the opposite position on the "equities issue".
> -dave

I don't the EFF cares much about the morality of 0day as a state vs. 
state weapon in principle. I think this ties directly into concerns that 
governments will leave people at risk of attack and use the tech to 
wiretap. That's completely in-line with their history and beliefs, and 
isn't random at all.

Our current environment is a fascinating experiment. For essentially the 
first time in history, private arms manufacturers are creating identical 
weapons as criminals, both of which rely on knowing vulnerabilities that 
affect the public at large, and can be used anonymously. Very different 
than guns and bombs due to the differing nature of offense and defense 
between digital and kinetic.

Essentially, a government has to leave their population at risk of 
attack from other governments or criminals in order to maintain part (a 
core part) of their offensive capabilities. Everything is dual use. 
Well, triple since you can use the same tools for intelligence 
gathering. I mean quadruple since it could be nation-state intel, or law 

Anyway, not saying this as a moral statement. But if you consider the 
fear of 0day use for wiretapping, and the risk it leaves the populace 
at, it seems totally consistent with the EFF stances in the past. Has 
nothing to do with us attacking China.

More information about the Dailydave mailing list