Security Risks of Government Hacking

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors. A new report from the Center of Internet and Society looks at the security risks of allowing government hacking. They include:

  • Disincentive for vulnerability disclosure
  • Cultivation of a market for surveillance tools
  • Attackers co-opt hacking tools over which governments have lost control
  • Attackers learn of vulnerabilities through government use of malware
  • Government incentives to push for less-secure software and standards
  • Government malware affects innocent users.

These risks are real, but I think they're much less than mandating backdoors for everyone. From the report's conclusion:

Government hacking is often lauded as a solution to the "going dark" problem. It is too dangerous to mandate encryption backdoors, but targeted hacking of endpoints could ensure investigators access to same or similar necessary data with less risk. Vulnerabilities will never affect everyone, contingent as they are on software, network configuration, and patch management. Backdoors, however, mean everybody is vulnerable and a security failure fails catastrophically. In addition, backdoors are often secret, while eventually, vulnerabilities will typically be disclosed and patched.

The key to minimizing the risks is to ensure that law enforcement (or whoever) report all vulnerabilities discovered through the normal process, and use them for lawful hacking during the period between reporting and patching. Yes, that's a big ask, but the alternatives are worse.

This is the canonical lawful hacking paper.

Posted on September 13, 2018 at 9:08 AM • 40 Comments

Comments

Sancho_PSeptember 13, 2018 9:29 AM

”These risks are real, but I think they're much less than mandating backdoors for everyone.” (@Bruce)

Honestly, I don’t know if it would be better to sacrifice my right or left hand.
In the end, both alternatives (???) depend on our insecurity.
A bad idea, not worth discussing.

meSeptember 13, 2018 9:36 AM

All of this is happening now!

-Disincentive for vulnerability disclosure
->people prefer to seel zerodays rather than have them patched

-Cultivation of a market for surveillance tools
->read any citizenlab report and you see that lots of people are selling spy devices to govs, even who deosn't respect human rights; money before everything!

-Attackers co-opt hacking tools over which governments have lost control
->see hacking(ed) team

-Attackers learn of vulnerabilities through government use of malware
->i dont think i have an example for this but i heard of zerodays sold both to gov and bad guys.

-Government incentives to push for less-secure software and standards
->nsa main job, waste tons of money to corrupt people and add backdoors

-Government malware affects innocent users.
->any tor exploit they used affected any page visitor

AndySeptember 13, 2018 9:58 AM

While I tend to agree that lawful hacking is preferable to lawful access backdoors, the cost of government hacks escaping is pretty high. Witness the impact of the Russians using a leaked NSA exploit to unleash NotPetya and Ukraine and any business operating there.

Impossibly StupidSeptember 13, 2018 10:08 AM

If a citizen can't legally hack, I don't see why their representative government should be able to do so. Same reason I'm not a big fan of the "legal murder" headlines that seem to be happening on a daily basis with the police. Either the laws matter and are applied equally to everyone, or you're just pushing towards anarchy.

echoSeptember 13, 2018 10:56 AM

No. Just no. This is just another "clever" strategy which is no different to "clever" gaslighting in an abusive relationship.In all the arguments about "going dark" and yet more invasive policy and cuts to the fabric holding society together I have never once heard discussions about integrity of the law or kindness or giving people a voice. It's all there in treaties and published military strategies. Even the discredited Tony Blair is paying lip service to this policy position in todays newspapers.

I posted links today in the squid topic which pretty much proves government cannot be trusted to respect human rights or equality, or the eradication of povery all of which contribute to removing the causes of unrest let alone terrorism.

There was a time when GCHQ withheld information from the courts and even government if its release could not be justified on nationals ecurity grounds or it would betray operatuonal methods. This allowed an MP who was a sex abuser to get away with it and criminals be set free by the court. Today we have undercover policemen getting women activists pregnant, anti money laundering legislation harming human rights charities activity, and unsettling complicity with "dark money" and government ministers currently in office trading away citizens human rights to curry favour in trade deals and cut public finances to the bone for tax cuts for the already wealthy. Because of this there are more avoidable deaths in UK healthcare to date than all the dead caused by the Iraq War.

At some point you have to stop feeding the monster. Beyond a certain point "sorry" is no longer good enough. Once the abuse is discovered the onus is on the abuser to prove they are not abusing. I do not see this proof.

HmmSeptember 13, 2018 11:34 AM

https://www.theguardian.com/uk-news/2018/sep/13/gchq-data-collection-violated-human-rights-strasbourg-court-rules

GCHQ violated human rights just with their surveillance campaign, says EU.

Is targeted hacking a step up from mass surveillance or a step down?


" laws should be equal for me, you and for the police "

The laws are the same more or less. But they're not applied the same.

I don't think anyone expects them not to hack or gather information, (futile..)
I think what people expect is accountability when they blow it.

Mr. VerhartSeptember 13, 2018 12:33 PM

There are more than two options here. We do not need to decide between "mandatory backdoors" and "lawful government hacking". I would propose that both of those options should be specifically illegal. It is illegal for companies to knowingly include backdoors in software and illegal for a governments to engage in hacking at anything other than a military level.

Government hacking should instead be left entirely within the scope of military operations. Foreign governments hacking efforts should be legally classified as acts of war.

HmmSeptember 13, 2018 1:02 PM

@Krupp

FTA- "According to Zerodium, the zero-day affects only the Tor Browser 7.x series. The Tor Browser 8.x branch, released last week, is not affected."

FrankoSeptember 13, 2018 1:42 PM

The Six Lines Problem: "give me six lines written by an honest man, and I will find something in them to hang him." Cardinal Richelieu (of the Spanish Inquisition)

If law enforcement can see all of your internet communications: web pages you have merely looked at, links you have clicked, off-handed remarks in comboxes, etc., they can easily trump up charges against anyone. If they decide they want you in prison, they can put you there.

Denton ScratchSeptember 13, 2018 2:08 PM

@BS "and use them for lawful hacking during the period between reporting and patching"

Well, sort of depends on what you think "lawful" means. It's different in EU countries and in the USA. At least - there's no such thing as 'lawful hacking' in the EU. Is that a thing in the USA? Wow.

John DoeSeptember 13, 2018 2:53 PM

This is all ridiculous nonsense and is impossible in any "free society." And was universally recognized as such back in 2013 when the Snowden leaks first happened. How far has society fallen in just 5 years, to start entertaining this kind of nonsense as "better than the alternative"!!!

I like the first guy's post: would you rather have your right hand cut off or your left hand??? pick one! If you just drill this into people's skulls for 5 years, maybe cutting off a mere hand instead of a head or a heart doesn't seem so bad I guess... I'm so sorry that one of your eyes has been gouged out, Bruce, that you can't see this... maybe you need to take up a new field of interest, this one is destroying you :(

John DoeSeptember 13, 2018 3:09 PM

@Mr. Verhart

You're close... Let me add: governments hacking their own citizens should be considered an act of war between said government and their own citizens. This is why it's incompatible with a free society. To accept such a thing as so-called "legal" is only to accept there can never be free society, only fascism. I don't really want to invoke the "H" word here, but it's entirely appropriate in my opinion... If this truly is where society is headed, and even where Bruce says we should go, then that's pretty disheartening.

BlahverSeptember 13, 2018 3:49 PM

@Hmm:

They have got exploits OTHER than the NoScript addon exploit they just revealed. We don't know whether the TorBrowser 8 is affected be them, but the fact that they managed to get "many" and probably sell them to governments bothers me a lot. The website of Zerodium indicates that the companty is interested in serious exploits that effectively de-anonymise a user completely.

Michael A.September 13, 2018 4:01 PM

> At least - there's no such thing as 'lawful hacking' in the EU

Well, it depends on the member state. Some of them have provisions for lawful hacking by respective law enforcement agencies. National security issues are, in general, within the competences of the member states, not the Union.

HmmSeptember 13, 2018 4:07 PM

@Doe

" I'm so sorry that one of your eyes has been gouged out, Bruce, that you can't see this... maybe you need to take up a new field of interest, this one is destroying you "

It sounds like it's destroying you, not Bruce.

You're essentially saying this trade-off between safety and freedom is like cutting a hand off.
I sure didn't notice a solution in your little blurb there. What's your alternative?
Anarchist Libertarianism? Back to a deist monarchy with you on the throne? What?

You've locked onto this idea that a society can be entirely and completely "free" - which, let's face it, is nonsense in the real world. It hasn't happened anyway. Laws are how we codify society's norms since 1800~ BCE. Sure it's still unfairly applied, but it internally aims to address that on some level and has some success in places. Nowhere is it perfect. But nowhere has ANY anarchist society flourished either, except under the umbrella of a powerful regulatory state. Anywhere, ever.

You're free to go do that in some parts of the world, find an empty spot and sovereign it up.
The rest of us have (tacitly or deliberately, both) accepted the societal contract on some level.
It's not perfect, I don't think any of us are fully satisfied.

But what alternative system would you realistically propose to replace it? THAT is the question.

HmmSeptember 13, 2018 4:21 PM

@Blahver

" but the fact that they managed to get "many" and probably sell them to governments bothers me a lot. "

You realistically ought to expect this in every protocol/platform/os/app or screensaver.
There's very little institutionally or legally standing against that new normal.

I would say "the" government probably isn't doing "the job" if they don't try to gather all the new vulns they can for T/A purposes at least, and to expect them to not use any of that for their own purposes is unrealistic. It comes back down to oversight of those doing it, "who watches the watcher" problem again. Which is IMO inescapable but necessary "evil" in any government that "does stuff" to protect its citizens. Back to the paradoxes that define governance philosophically, right? It's unsolved IMO.

Anyone who can come up with a softer, gentler totalitarianism wins the taco.

HmmSeptember 13, 2018 4:39 PM

Aside : I "realistically" need to stop "repeating" the same "words" like a "jerk"

I don't want to be misconstrued as an apologist for the state's abuses. There needs to be checks and balances designed to ensure accountability cannot be overlooked or overridden. But to expect them right now to put the CS vuln genie back in the bottle is beyond impossible, kind of a 'world peace' from the 60's slogan. You might as well ask them to stop stockpiling tactical nuclear weapons. I salute the idea behind it, but it will never happen. So we're left to what probably will happen, and what definitely will happen.

Definitely governments and their agents will continue to attack and exploit each other for their agendas. No question. Probably this will result in significant changes to the internet and/or major outages meanwhile. Probably most of us reading this forum should expect to be attacked by a government on some level in our lifetime - and probably our own governments in addition. If anyone can think of some third possible outcome I'd definitely like to hear it, but this web "of trust" was not designed for this environment.

WeatherSeptember 13, 2018 5:12 PM

I think they are updating exiting laws with new technology.
Eg a Le can go onto a property and plant a GPS and mic on a car,but only for certain type of suspected crimes, this is just a extra branch to that,
The reason..
A local gang in the town I live now cellphone are monitored of associated of people, so they use old techniques like sending up a set of fireworks, to pass on a message to others in the area.
There's probably a lot more techniques but I'm guessing the LE need to get a lot of small bits of information.

ALSeptember 13, 2018 5:17 PM

If given a choice between mandatory backdoors, or government developing zero days, I choose the latter.

The mandatory backdoor targets all users, whereas, the zero-day would or could only target a suspected evildoer, and subjected to a warrant approval.

The mandatory backdoor supposes a government right to forbid its citizens to speak to each other in code. Encryption is a method of speaking to each other in code.

Restating:
4iL0uuulKrmBd/EUkyi7Kn0K9FQ0ym2vhAkMYNKLIDh7Z3frORNYZHkdiJX27wchriBVWBo2eSCj
x2M2AokAjY2Ekj5qG5nFlG9G20TqKmYfuZrFYDePRxiktbIx+nca55k4ZbzBO491

I don't think that squares with the 1st amendment. There is nothing in the 1st that allows speech except speech that can't be understood by the government. Speech is allowed whether it can or cannot be understood by the government.

In contrast, the zero day hack would be analogous to the breaking into a suspect's home or business to plant listening devices. That's been done in the past, and has appeared to survive court challenge.

So, to comport with the U.S. laws and constitution, I like plan B, the hacking approach. That's the right fit in this country.

WeatherSeptember 13, 2018 6:42 PM

All
Can you post with in hex with out the 0x and a space between them

The only thing that I brought is a $100 phone, no computer and not enough paper

de la BoetieSeptember 14, 2018 3:28 AM

"Lawful" government hacking has a further big weakness in that it cannot/should not be used in any evidential process and effectively cannot be part of law. Woops.

This is because the hacking by its nature affects the systems being examined, and further it's well known that all the hacking tools have extensive facilities to implant not only malware, but also illegal or embarrassing content, which has already been used to discredit opposition figures. In the UK at least, the fact of that hacking also precluded from disclosure even to lawyers in the case where it has happened (whatever other evidence is presented) - obviously not a fair trial.

So, to benighted fools who care about the rule of law, it's a disaster, one which builds on top of the assault on the rule of law by mass surveillance.

stineSeptember 14, 2018 6:20 AM

I'm not going to put words in his mouth, but I think what he means is that its better for us to let them try to hack us than it is for them to have the vendors hack us for them, because, at least with the second option, that's a hole you, the user, can't close.

With that being said, this is what all governments have been doing since there were goverments. Once side of the coin is the ENIGMA hacking during World War II, and the other side of the coin is J. Edgar Hoover's FBI.

Clive RobinsonSeptember 14, 2018 8:11 AM

@ Bruce and others,

Some of us -- myself included -- have proposed lawful government hacking as an alternative to backdoors.

Why are we talking about this?

The law has had a successful way of dealing with access to people private papers and effects for centuries.

The authorities go to court, present an argument, if successful will obtain a warrant. Only then present the warrant to the person before carrying out the search.

Have we realy missed that the authorities have talked people past that all important before protection?

And it is that not the "backdoor -v- hacking" we should realy be talking about.

If you think about the consequence of the ommission of the "befor" it's a very very real step towards a "Secret Police State" because we know already just how the current authorities so easily evade any kind of oversight at any level.

The fact that the authorities have slipped this by people is a very clear indicator of the "long game" they are playing towards "Total unrestrained access" and that this will enable not just "parallel construction" but also much easier "entrapment" as any access into a persons system will alow for not just "impersonation" but "deletion" that due to the way MITM attacks work the users will not be able to spot without having a secure side channel.

If we go back to the way warrants were originally intended then those problems would not arise.

But think a little further, the judicial system in use is "adveserial" and derives from "combat by trial" with the all important "equity in arms". Your right to a not only "Fair" but importantly "Timely Trial" has been taken away from you.

Part of which in the US is the "statute of limitations" which most have probably not noticed the authorities are also trying to get rid of.

If they achive both objectives then the citizens of the US will never be safe from political manipulation and arbitary persecution.

If you want to see how bad it could get go and look at what they have been and are trying to do in the case of Marcus Hutchins / MalwareTech. Then multiply that by several times... It's "Rights stripping" on an industrial scale and by letting the authorities set the arguments we are loosing ground steadily towards it.

Sancho_PSeptember 14, 2018 3:37 PM

@Clive Robinson, (Tatütata)

”Why are we talking about this? The law has had a successful way of dealing with access to people private papers and effects for centuries.” (Clive Robinson)

This.
And before is bad enough when you think of their un-punishable stasi-methods:

They get (trick?) a judge.
They come and take _everything_ in paper and electronics, from phone to credit cards, from you and your family, at best you are left with the money in your pocket.
There isn’t anything you can do about, you are ruined.
After weeks of complaining there may be an “Oh, a mistake” but no “sorry”, let alone compensation, nada.

E.g. it happened in Germany for “probably witnesses of a crime” (hint: Tor, Tails):

Disrupt, confiscate, intimidate, access data, invade privacy: (in English)

https://tails.boum.org/news/zwiebelfreunde_raided/index.en.html
and
https://www.ccc.de/en/updates/2018/hausdurchsuchungen-bei-vereinsvorstanden-der-zwiebelfreunde-und-im-openlab-augsburg

But surprise, surprise, the search and seizures were illegal:
https://blog.torservers.net/20180704/coordinated-raids-of-zwiebelfreunde-at-various-locations-in-germany.html

John DoeSeptember 14, 2018 4:22 PM

@Hmm says: "You're essentially saying this trade-off between safety and freedom is like cutting a hand off."

Safety from what? You are MANY MANY MANY times more likely to die from slipping in the bathtub and hitting your head, than from a terrorist attack... Where are all the "counter bathtub" police rescinding the constitution, barging into people's homes, and forcing them to put anti-slip stickers on their bathtubs at gunpoint, to save their precious lives??? Same with lightning! Why not force people to wear tracking devices, monitor them, and come tackle them and drag them away if they're outside in a thunderstorm.... I mean, think of all the precious lives that will be saved... Am I being ridiculous? Of course I am! So also, those who want to destroy the very fabric of free society in order to make certain that certain kinds of excruciatingly rare but "terrifying" crime can never ever happen, are also being ridiculous. The cure is worse than the disease.

"I sure didn't notice a solution in your little blurb there. What's your alternative?"

the alternative is to go back to how things used to be: where we just treated crime as crime. and we didn't abolish freedom in order to eradicate certain "scary" forms of it, we just got crime down to a rare enough level that people could live with it. Instead, our own governments are actually hyping up the crime, to try to make people MORE SCARED of this vague special class of crime, so they can do a power grab. Who are the real terrorists when this kind of thing is happening? My point with all this is: by exposing how ridiculous this all is, I'm hoping some people will wake up, back off, and go back to normal lives again, leaving human rights intact...

We don't need to break the security of all our hardware and software, and we don't need to "legalize" a mass war against our own citizens. Just drop it. Let police do police work the way they always have. They're not "going dark"... it's the information age, for goodness sake! It's the age where more and more information is available on everyone, and available to many, if not all. Especially to police and criminals alike. If anything, we need to crack down and strengthen security, not weaken it... because all this stuff is available to criminals too.

HmmSeptember 14, 2018 8:21 PM

"You are MANY MANY MANY times more likely to die from slipping in the bathtub and hitting your head, than from a terrorist attack..."

Of course. But if only you personally die in the tub, major industries and economies will not be much affected. You are just one person, news of your bathtub death probably won't affect many other people's routines. Your neighbors would likely be a lot more upset to learn you were killed by terrorists in your bathtub, that isn't an accident. Preventing accidents is something society tries to do already. Yes, it's futile.

"and forcing them to put anti-slip stickers on their bathtubs at gunpoint,"

Well, per your example if you slip and damage yourself and can prove negligence by someone in creating an unsafe situation, it being a negligence as opposed to a deliberate attack on people, that's going to be a lesser concern - Yet there actually are government safety warning programs about bathtubs specifically, millions and millions of dollars. Whole industries address specifically safer bathtubs, right now. Insurance inspection programs, ADA stuff, the whole gamut. So your downplayed comparison is misplaced, because that safety concern is actually taken fairly seriously!

https://www.chalatlaw.com/chalat-blog/jury-awards-240000-in-slip-and-fall

"Same with lightning!"

https://books.google.com/books/about/Lightning_Protection_of_Aircraft.html?id=qjErAAAAIAAJ

-Dating back to 1977, but I'm sure it goes back much further. Lightning rods?
An ounce of prevention is worth a pound of cure. Stay indoors during storms?
We do spend money on prevention programs about this stuff. Yep. Lots.

"The cure is worse than the disease."

-Not so in the above examples, really... how do you make a blanket statement like that?

There have always been trade-offs in any society just like this. In every society. By definition, as a group some people are going to be de-empowered from total self-determination. Requiring you have a license to drive or not wave a gun around in town are the same idea. If you can't stand being "restrained" by laws, you have few options but to leave society.

True "Libertarian" nations would look a lot like Somalia, for example. Failed states. You'd have near-total freedom. The problem is, so would everyone else.


"the alternative is to go back to how things used to be:"

So put the genie back in the bottle. I see. Why didn't I think of that?


"Instead, our own governments are actually hyping up the crime, to try to make people MORE SCARED"

-"Our own governments" - be specific. Who is scaring people unreasonably? Where's the limit?

"I'm hoping some people will wake up, back off, and go back to normal lives again, leaving human rights intact..."

-Sure I agree with that.

What human right do you see being threatened in your life by counter-terrorism, privacy?
How exactly has that affected you negatively? Just the thought that they know everything you do? Anything tangible though, did you get patted down at an airport unreasonably? Did they make you enter a password on a laptop and snoop around? What? Denied a job based on a FB post? The devil is in the details. There are a lot of concerns. IS "privacy" a right? Is it even feasible in public at all now? Open questions.

But you can't expect the genies to go back in willingly, that's one of the things about genies.
Everything is a trade-off. Libertarianism is a fine thought experiment, but no solution.

John DoeSeptember 15, 2018 12:41 AM

But you're not terrorized by your bathtub, yet you're terrorized by something way way way less likely to happen to you... it's irrational. Take a deep breath, and set your mind to refuse to BE terrorized in the first place.

Then we won't need to purposefully weaken the security of all our devices, and we won't need to "legalize" government warfare against its own citizens, to placate your fear, because you won't have any in the first place.

This is the genie that absolutely can go back in the bottle.

Clive RobinsonSeptember 15, 2018 1:01 AM

@ Sancho_P, Tatütata,

E.g. it happened in Germany for “probably witnesses of a crime”

I've been keeping an eye on that and several other abuses of power.

Perhaps over simply they are working on the "three steps forward, two steps back" principle.

That is they keep pushing at the boundries and unless slapped back by a court, they essentially gain ground.

To procead this way would normally be considered lunacy due to the burden of defending court cases. However as they are "Tax Funded" and run by "Empire Growers" the stratagy wins on three fronts for them.

The only way to stop this behaviour is to cut their tax funding, as even the government providing money to assist those taking action against them does not nullify all the benifits.

echoSeptember 15, 2018 5:55 AM

Speaking of which I'd like to know why politicians have stopped being called politicians and are now being called "lawmakers". This has even happened in UK media when referring to UK/EU politicians. I don't personally believe it describes the job itself properly and get the impression it's a way of editing discussion or giving politicans status they haven't earned.

Almost all law is made by civil servants and lobby groups and NGOs and advocacy groups and lawyers themselves of course and to some degree by concerned citizens making a racket. The majority of hands on law created by most politicans seems to be those amendments they like to push into the process to twist the statute to whatever their hobby horse is.

You can also add "senior politician" to the list of confirmation bias infused puffery.

I suppose the little darlings need an ego boost since there is no more money left for wars of glory.

HmmSeptember 15, 2018 7:43 AM

@Doe

"But you're not terrorized by your bathtub, yet you're terrorized by something way way way less likely to happen to you... it's irrational."

Some people are terrified by their bathtub, which isn't an irrational fear per se as you denoted.

But individuals may be irrational. From the standpoint of the agencies it isn't irrational.
They see a threat from terrorism that bathtubs do not pose, you may not see it but it exists.
It's nonzero, you're minimizing it based on a relatively successful track record.

"set your mind to refuse to BE terrorized in the first place."

Tell it to the people looking up at the smoking towers. Seriously, that's useless in the moment.

" and we won't need to "legalize" government warfare against its own citizens, "

Threats foreign and domestic, as the saying goes. It's in the mandate already.

"This is the genie that absolutely can go back in the bottle."

I don't see what you're basing that on. It shows no sign of going away.

RatioSeptember 15, 2018 7:45 AM

Yeah, how dare people call members of a legislature (like a parliament) “lawmakers”? *shakes righteous fist of ignorance*

Gerard van VoorenSeptember 15, 2018 9:51 AM

I would say the opposite: Backdoor key components.

Why? Well then at least the components are known. Then the only thing you have to replace is the component. And yes, I agree, it requires a or some whistle blowers but the big elephants in the room are well known. And no, I am not optimistic about this subject.

HmmSeptember 15, 2018 1:14 PM

"Backdoor key components. Why? Well then at least the components are known."

Because that worked out so well with the Intel ME? Also that implies a crypto BD is the only way.
It's really not.

Do you plan to replace all of these components when the BD is discovered?
How much sense does that actually make? That's the point, there's the rub.

Mandate junk locks for consumers, eventually someone will break that.
If you secure your devices with security-in-depth instead of a "cheat",
you can maintain cross-checked integrity in layers as opposed to having
some magic string that drops you right into ring 0 - or below.

Replacing infrastructure takes years and millions of dollars and never fully finishes.
Do not build something you're going to rely on that's fundamentally flawed, it's basic!

Clive RobinsonSeptember 15, 2018 8:21 PM

@ echo, ratio,

Whilst polititions are often called legislators, few are actually capable of creating let alone correctly defining the acts they actually vote upon.

The reason for this comes in two parts,

The first is the generalised political theory of the "separation of powers". It requires legislators to be different individuals from the members of the executive and the judiciary. But does not realy define the roles other than for an "independent judiciary". Further as can be seen in a number of political houses not only do the executive members get to vote on legislation, they actually introduce it to the house. This is because they draw the executive from the elected members of the house.

The second part of the problem is what qualifies you to be eligible to be the member of a house. In many parliments it's the fact that you can raise a sum of money, be alive and get the required votes from those eligable to vote. That's it, there is no requirment for you to be able to read or write, or even be sane for that matter (as long as you are not sectioned).

So guess what we often get politicions who suffer from narcissistic personality disorder, the Duning-Kruger effect and sociopathic tendencies. Not just as individual disorders but multiple concurrent disorders. Which is why they try to "Gaslight the citizens on mass"...

So no politicians do not make law the executive members get other people to take their vague "make it so" specifications and turn them into something that is atleast logically self consistent. Even though it may not be consistent with existing legislation or the moors of society.

Look at it this way, in many juresdictions a "Keeper of a vehicle" is required to keep the vehicle in an appropriate condition such that it can be put on the road. That is they are responsible for ensuring the vehicle is "road worthy". However they are not required to be mechanics, drivers, or even adults, or even capable of being any of them. That is a blind quadriplegic pre teen could be the registered keeper of the vehicle, oh and they don't even need to own the vehicle.

https://www.whatdotheyknow.com/request/does_the_registered_keeper_of_a

Oh and the reply from the DVLA is actually wrong when they say,

    If the parent or guardian, is the person who is responsible for taxing and using the vehicle on the road then it is the parent or guardian details that must be shown as the registered keeper.

It's clearly established in law that the "person" who taxes the vehicle can be as they say in EU legislation be "Any person legal or natural" that is a company can pay the tax on the vehicle, they can also hold the insurance on the vehicle and the driver can be an entirely seperate person as long as they hold a current recognised drivers licence or equivalent.

Oh and you don't even require a licence or equivalent to drive, if it is done "Off the public highway". Which is why you can see quite young people driving "farm machinery" on a farm.

As they say "That's just the way the cookie crumbles"

CassandraSeptember 16, 2018 3:02 PM

Is John Winthrop's "Citty upon a Hill" one where the government lawfully breaks into citizens' private papers at will?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.