Here’s a little rant I posted to an IETF mailing list thread on whether the IETF should move its public-facing services to private-by-default mode. Someone posted a reply suggesting that “the user gets to choose the degree of security that they consider appropriate”.
Here, I think, is a key issue. I disagree. What?! How can I possibly disagree with user choice? Because, a huge majority of people:
Aren’t aware that there is a choice to be made, and shouldn’t need to be,
Do not understand the technical issues surrounding the choice, and shouldn’t have to,
Do not understand the legal/policy issues surrounding the choice, and shouldn’t have to.
This includes both the people who use online services and the people who offer them. Thus, the only sane ethical position is to operate in a mode that is private by default, because the consequences of a positive failure (the user didn’t really need privacy but got it anyhow) are immensely less damaging than the consequences of a negative failure (the user really needed privacy but didn’t get it).
Yes, it is certainly desirable that for those who are in the unusual position of being confident that they understand the technical and policy issues, they be given the option of choosing to operate in plain-text anyone-can-MITM anyone-can-eavesdrop mode. But saying that the needs of that very small and specialized group of people should trump the interests of the vast majority who shouldn’t have to understand or worry about where privacy is appropriate and how to provide it; that seems bizarre to me.
So yeah, please turn the IETF’s public-facing offerings over into private-by-default mode. It’s the only ethical course of action.
[Very lightly edited; for example, I had the positive/negative failure mode labels backward.]