I don't believe anything Stephen has written debates a nation state's right to
make a law about surveillance. Due process of law may enable wiretap or
pervasive monitoring. It may require companies operating in a nation to hand
over keys, to not enable encryption as a service, or to deny transmission of
encrypted traffic.
What Stephen has described is how a malicious third party may collect bulk
information about users by parsing a "tap" on a trunk connection within the
Internet. The traffic in this case may be transiting infrastructure under the
control of a company under the influence of a nation state. Furthermore (and
perhaps more significantly) the traffic may be obtained through a "tap" placed
on the infrastructure without the knowledge of the company controlling the
infrastructure. Stephen points out that there is no way to distinguish between a
nation state inspecting traffic between its citizens or that transits the nation
(under due process of law), and traffic that is inspected and collected for
criminal (or less illegal, money-making) purposes.
Should we take Tom's reasoning to the extreme we would argue that a nation state
should have the right to disrupt the operation of the Internet within their
borders and that right should be made available to them through interference
with routing protocols. Therefore, we should not allow secure operation of OSPF.
Hmmm, maybe governments need to be able to see all on-line bank transactions in
order to spot drug dealers moving money around. So all on-line banking should be
in the clear.
It is my belief that all governments have available to them mechanisms through
due process of law to obtain the information that they believe they need. What
Stephen's document is about is preventing snooping/surveillance attacks on
Internet traffic by parties that do not have support of the law.
Cheers,
Adrian
From: ietf [mailto:ietf-bounces(_at_)ietf(_dot_)org] On Behalf Of Phillip
Hallam-Baker
Sent: 06 December 2013 23:06
To: t.p.
Cc: IETF Discussion Mailing List
Subject: Re: Last Call: <draft-farrell-perpass-attack-02.txt> (Pervasive
Monitoring is an Attack) to Best Current Practice
On Fri, Dec 6, 2013 at 4:31 AM, t.p. <daedulus(_at_)btconnect(_dot_)com> wrote:
I oppose publication of this I-D by the IETF.
The point has already been that better defences against monitoring
likely means greater use of encryption and encryption is at times
harmful. Two examples come immediately to mind.
Not long ago, a capital city was subject to riots which were more
extensive, and went on for longer, than might have been expected.
Afterwards, the police explained that they had lacked the intelligence
that they usually had, that the organisers of the riots had been using
encryption to communicate and that the police had been unable to crack
their messages. (I understand that the manufacturers of the devices in
question had declined to help the civil power). And yes, that capital
city is where the IETF will meet next March. (The probabliity of you
being caught up in a riot then is very small but if you are, recall that
encryption has made it worse).
We have had riots in Broadwater Farm three out of the last four periods of
Conservative government. Should we ban Conservative governments then?
The 1985 riots predate general UK internet availability and cellular phone
service. So there is an existence proof for the possibility of London riots
before the Internet.
The battle of Cable Street in 1936 was instrumental in suppressing fascism in
the UK and led to the forced abdication of the King.
Moreover, the fatality rate suggests that the risk of being murdered in London
during a riot is actually less than the risk of being murdered in most US cities
under normal circumstances.
In contrast the proponents of mass surveillance were recently responsible for
starting a war that caused the death of over half a million people.
If the US bans all firearms then we can talk about encryption control. Until
that happens they have no credibility on the subject of public order.
--
Website: http://hallambaker.com/