On Sep 11, 2013, at 2:45 AM, Ted Lemon <Ted(_dot_)Lemon(_at_)nominum(_dot_)com>
wrote:
On Sep 10, 2013, at 6:50 PM, Phillip Hallam-Baker
<hallam(_at_)gmail(_dot_)com> wrote:
Could be but I have been working through what we know versus what would be
required and I really can't see how a group of people who would let Snowden
loose on their innermost secrets would be able to keep a conspiracy that
required CAs or Gmail staff or the like to participate on the scale required.
You don't need a conspiracy. You just need to threaten the right person
with jail.
I don't think you'd even need the threats.
"Hello, Mr. Lemon. Thank you for taking the time to see us. As you know, there
are a lot of terrorists who as we speak are planning attacks against our
country. Let me ask you something. Do you love your country? You know what,
don't answer that. I don't go much for all that flag-waving myself. But you
remember 9/11? 3000 people died there. And in Iraq 170 were killed in the last
few months. Those are the same people, and they're as determined as ever. And
do you think they're all in Iraq and Syria? I'm not supposed to tell you this"
(looks around the room to make sure you're alone) "but just last month we
arrested <insert Arab-sounding name here> right in Virginia with bomb
components in his basement and plans for some key buildings in DC. You know how
they coordinated their attacks? They used your mail service. And that is why
we've come to you. Not so that America can win. What's winning, anyway? But
because we're saving lives, hundreds of lives, both here and abroad. We !
need your help. Will you do this for America? For the innocent victims?"
Notice the important parts of that pitch. A sense of danger; Making the target
feel either patriotic or a humanitarian; Sharing a "secret" with the target,
making him part of the "inner circle". Making the target feel important, like
"only your cooperation can help us stop the next attack". If this pitch is
executed correctly, by the end, the target is asking for an NSL as CYA. I've
seen this kind of thing done once years ago, but it was done very poorly and
didn't work.
Nevertheless, your optimism about this problem is not an optimism that I
share, and apparently I am not alone in my pessimism. You can certainly
argue that the IETF need not address this threat model, but I don't agree
with you, and your assurances that it's all perfectly okay are not swaying
me... :)
Yeah, I don't get those references to the NSA being in hot water. Polls get
different results depending on how the question is asked, but they either show
a slim majority against massive snooping or a very slim majority accepting
massive snooping "if it's to fight terrorism". I don't see much in the way of
massive pressure on the legislative or executive branch to stop it.
Yoav