On 09/09/2013 01:24 AM, Jorge Amodio wrote:
Will the discussion include the pervasive data mining from companies
exploiting our Internet use for marketing and targeted advertising purposes
?
IMO the discussion should of course include that as one part
of a larger thing.
Corporate privacy-busting is however somewhat different from
recent news stories, for almost all corporates. There are a
few companies who can monitor so much that they'd compete
with governments in terms of being pervasive monitors. But
recent reports indicate that some governments may have
raised the ante quite a bit higher - if you're accumulating
data from the largest corporate service providers and the
phone companies/ISPs and the trans-atlantic fibres then
you really probably are in a different category than any
of even the largest corporates. I suspect the "new" part
of the new threat model here is the level of pervasiveness
of the monitoring.
Separately, if we can figure out protocol mechanisms or
implementation/deployment guidance that helps mitigate
pervasive monitoring, then those same mechanisms will I
would hope/guess also mitigate corporate non-pervasive
monitoring. But, we'll have to wait and see for that.
So I'd guess that we might be better to consider the
pervasive monitoring attacker for now and then see if the
kinds of mitigation we develop might also be helpful
against somewhat less ubiquitous attackers.
Cheers,
S.
-J
On Sun, Sep 8, 2013 at 4:53 PM, IETF Chair <chair(_at_)ietf(_dot_)org> wrote:
Here are some thoughts on reports related to wide-spread monitoring and
potential impacts on Internet standards, from me and Stephen Farrell:
http://www.ietf.org/blog/2013/09/security-and-pervasive-monitoring/
Comments appreciated, as always.
Jari & Stephen