I got my arm slightly twisted to produce the attached: a simple
concatenation of some of the actionable suggestions made in the
discussion of PRISM and Bruce Schneier's call for action.
Brian,
This is a useful summary, but I would like to see a few additions:
1) Encourage protocol designs that rely on peer-to-peer transmission, rather
than intermediate relays, because relays are natural targets for interception
services.
2) Encourage distributed services over centralized services. For example,
social networking services today are heavily centralized. A distributed
architecture would allow distribution of data at multiple location, managed by
different commercial companies and covered by different legal authorities.
3) Require security sections of new RFC to include "mass surveillance" in their
threat model and consider mitigations.
-- Christian Huitema