Re: Bruce Schneier's Proposal to dedicate November meeting to saving the Internet from the NSA

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

    > From: Scott Brim <scott.brim@xxxxxxxxx>

    > I wouldn't focus on government surveillance per se. The IETF should
    > consider that breaking privacy is much easier than it used to be ...
    > right now the Internet's weakness in privacy is far from "better". The
    > mandatory security considerations section should become security and
    > privacy considerations. The privacy RFC should be expanded and worded
    > more strongly than just nice suggestions. 

Excellent point. There are a lot more threats to privacy than just the NSA
(and similar agencies in other large, powerful countries, which probably do
their own snooping, although not on the scale of the NSA's).

I am minded of the 'recent' revelations that Google, etc trawl through email
they handle, looking for URLs, which they then crawl. (I say 'recent' because
I discovered this some years ago. A 'private' page of mine - i.e. one with no
links to it - wound up in Google's search results, because I'd sent someone
on gmail a message with the URL in it...) Etc, etc. Added up across all the
large companies, I reckon the amount of 'private' surveillance is probably
close to what the NSA does.


    > From: Theodore Ts'o <tytso@xxxxxxx>

    > For too long, I think, we've let the perfect be the enemy of the good.
    > At least this way they will be forced to go the NSL route ... or spend
    > $$$ on huge racks of servers in public data centers, which maybe means
    > less money to subvert standards setting activities.
    > ...
    > Although perfect security is ideal, increasing the cost of casual style
    > dragnet surveillance is still a Good Thing.

Good point. But let's not make a similar diversion ourselves.

I suspect that for most people, the results of having their machine infected
with a virus, or identity theft from compromised information, is probably a
lot more painful than being the subject of dragnet surveillance by a
government (irritating though that may be).

So if we throw resources at attacking the dragnet surveillance, and take
those resources from efforts to tackle other security problems, that might
not be in the best overall interests of the networks' users.

	Noel


PS: I'm having fun trying to imagine the reaction of the people at the NSA,
GCHQ, etc who are reading this thread. (Hi, all!)
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]