> From: Scott Brim <scott.brim@xxxxxxxxx> > I wouldn't focus on government surveillance per se. The IETF should > consider that breaking privacy is much easier than it used to be ... > right now the Internet's weakness in privacy is far from "better". The > mandatory security considerations section should become security and > privacy considerations. The privacy RFC should be expanded and worded > more strongly than just nice suggestions. Excellent point. There are a lot more threats to privacy than just the NSA (and similar agencies in other large, powerful countries, which probably do their own snooping, although not on the scale of the NSA's). I am minded of the 'recent' revelations that Google, etc trawl through email they handle, looking for URLs, which they then crawl. (I say 'recent' because I discovered this some years ago. A 'private' page of mine - i.e. one with no links to it - wound up in Google's search results, because I'd sent someone on gmail a message with the URL in it...) Etc, etc. Added up across all the large companies, I reckon the amount of 'private' surveillance is probably close to what the NSA does. > From: Theodore Ts'o <tytso@xxxxxxx> > For too long, I think, we've let the perfect be the enemy of the good. > At least this way they will be forced to go the NSL route ... or spend > $$$ on huge racks of servers in public data centers, which maybe means > less money to subvert standards setting activities. > ... > Although perfect security is ideal, increasing the cost of casual style > dragnet surveillance is still a Good Thing. Good point. But let's not make a similar diversion ourselves. I suspect that for most people, the results of having their machine infected with a virus, or identity theft from compromised information, is probably a lot more painful than being the subject of dragnet surveillance by a government (irritating though that may be). So if we throw resources at attacking the dragnet surveillance, and take those resources from efforts to tackle other security problems, that might not be in the best overall interests of the networks' users. Noel PS: I'm having fun trying to imagine the reaction of the people at the NSA, GCHQ, etc who are reading this thread. (Hi, all!)