On 12/12/2013 02:07, Stephen Farrell wrote:
...
>> NEW:
>> More limited-scope monitoring that
>> is required in order to operate the network or an application is not
>> considered pervasive monitoring.
>
> Can you give examples of what is "not required" to operate
> the network?
Well, is the degree of deep packet inspection performed by a
load balancer or a diffserv classifier "monitoring"? What about
a web cache that looks at your URL to discover whether or not
it has a cached copy? These are things widely considered to be
vital parts of normal operation, but they may be looking at every
packet you send. However, they could all be readily suborned for
surveillance purposes.
Is Netflow or IPFIX "monitoring"? They're also considered vital
by some operators. They are also prime sources for traffic
analysis.
On the other hand a classical router that *only* looks at the
destination address and logs nothing is presumably not "monitoring"
in anybody's book.
I think Alissa's phrasing is just fine.
Brian