ietf
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: draft-farrell-perpass-attack architecture issue

2014-01-14 15:46:33
from [Fred Baker (fred)] [Permanent Link] 

On Jan 13, 2014, at 11:28 AM, Stephen Farrell 
<stephen(_dot_)farrell(_at_)cs(_dot_)tcd(_dot_)ie> wrote:


 It means
  that, if asked, there needs to be a good answer to the question "is
  pervasive monitoring relevant to this work and if so how has it been
  considered?"


Just a thought - that might be a good question to add to the shepherd's report.

In that case, I might suggest a minor change, however. We discuss "Pervasive 
monitoring" in a "big brother is watching" sense, and (at least in perpass) 
concern ourselves with data that could have been hidden had encryption or some 
other code used. I'll argue that, however dreadful Big Brother might be, 
location-based services can be a lot scarier.

http://online.wsj.com/news/articles/SB10001424052702303453004579290632128929194?mg=reno64-wsj&url=http%3A%2F%2Fonline.wsj.com%2Farticle%2FSB10001424052702303453004579290632128929194.html

Data point: a lot of these operate without specific knowledge of an individual, 
but can. For example, the article talks a lot about aggregating information and 
providing it without identifying information. However, it goes on to say that 
if someone logs into a service using, for example, a Facebook identifier, they 
can remain identified to the system as they wander around in it. The messages 
themselves contain no identifying information per se, but they contain 
information that can be correlated back to that login. And the login wasn't 
"data in flight", it was "creating state with a service at rest".

So the question in the shepherd's report should not be "tell me you thought 
about the EU Data Retention Initiative and whether your protocol's data 
identifies an individual". It should be "what personal, equipment, or session 
identifiers, encrypted or otherwise, are carried in your protocol? How might 
they be correlated with offline data or otherwise used to infer the identity or 
behavior of an individual?"

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: [mpls] Last Call: <draft-ietf-mpls-in-udp-04.txt> (Encapsulating MPLS in UDP) to Proposed Standard, l.wood
Next by Date:  Re: [perpass] draft-farrell-perpass-attack architecture issue, Scott Brim
Previous by Thread:  Re: draft-farrell-perpass-attack architecture issue, Eliot Lear
Next by Thread:  Re: [perpass] draft-farrell-perpass-attack architecture issue, Scott Brim
Indexes:  [Date] [Thread] [Top] [All Lists]