On 16/12/2013 20:39, Stephen Farrell wrote:
Replying to a bunch of things at once:
On 12/16/2013 06:48 PM, Andrew Sullivan wrote:
Adding the sentence, "In addition, to qualify as pervasive monitoring,
the activity should be either unknown to or unwelcome by the target of
the monitor," would make the difference explicit.
I disagree. Even if X% of people agreed or approved or authorized
the attack, it would still be an attack. While one might have an
argument if X approximated 100, that's just not the case.
An example of 100% would be an employer doing anti-malware
filtering, monitoring for spyware or trapping the export of intellectual
property, where consent for traffic monitoring is a condition of
employment.
And user
consent is a huge rathole that's not meaningful for most protocol
design activities, so I also disagree with including variants of
Andrew's suggestion, as well as disagreeing with the statement.
The issue is where a protocol needs to be designed to operate
in two modes - PM=OK and PM=NotOK. Unless antiPM is
conditional the protocol would not be of use in an environment
requiring PM.
- Stewart