Looking at this paragraph and the comments on it, maybe the thing to do is to make the text talk more about functions and try avoid tricky terminology. So how'd a change along these lines be: OLD: More limited-scope monitoring to assist with network management that is required in order to operate the network or an application is not considered pervasive monitoring. There is though a clear potential for such limited monitoring mechanisms to be abused as part of pervasive monitoring, so this tension needs careful consideration in protocol design. Making networks unmanageable in order to mitigate pervasive monitoring would not be an acceptable outcome. But equally, ignoring pervasive monitoring in designing network management mechanisms would go against the consensus documented in this BCP. An appropriate balance will likely emerge over time as real instances of this tension are considered. NEW: Monitoring in itself can be a good thing and need not be part of a pervasive monitoring attack. For example, network management functions often require monitoring packets or flows, anti-spam mechanisms may need to see mail message content and some kinds of monitoring can be part of mitigating the pervasive monitoring attack, e.g. with Certificate Transparency logs. [RFC6962] There is though a clear potential for such monitoring mechanisms to be abused as part of pervasive monitoring, so this tension needs careful consideration in protocol design. Making networks unmanageable in order to mitigate pervasive monitoring would not be an acceptable outcome. But equally, ignoring pervasive monitoring would go against the consensus documented in this BCP. An appropriate balance will likely emerge over time as real instances of this tension are considered. Feedback appreciated. Probably better if that's more like "good direction" or "bad direction" rather than immediate wordsmithing, e.g. tweaking the examples is probably not the most important for now. S.