Re: [Cfrg] Requesting removal of CFRG co-chair

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Sat, 21 December 2013 23:37 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC9431AE0E9 for <cfrg@ietfa.amsl.com>; Sat, 21 Dec 2013 15:37:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hylPGYVPge01 for <cfrg@ietfa.amsl.com>; Sat, 21 Dec 2013 15:37:03 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id 6BEF01AE0E7 for <cfrg@ietf.org>; Sat, 21 Dec 2013 15:37:03 -0800 (PST)
Received: from [192.168.13.128] (lair.fifthhorseman.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 73C46F984; Sat, 21 Dec 2013 18:36:59 -0500 (EST)
Message-ID: <52B62618.5030602@fifthhorseman.net>
Date: Sat, 21 Dec 2013 18:36:56 -0500
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.1.1
MIME-Version: 1.0
To: Hilarie Orman <ho@alum.mit.edu>
References: <201312212237.rBLMbo5i016331@sylvester.rhmr.com>
In-Reply-To: <201312212237.rBLMbo5i016331@sylvester.rhmr.com>
X-Enigmail-Version: 1.6
Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="OgoT2mA44Rv5BanWW9QhsqL48jJGRXkqv"
Cc: cfrg@ietf.org, irtf-chair@irtf.org
Subject: Re: [Cfrg] Requesting removal of CFRG co-chair
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Dec 2013 23:37:06 -0000

On 12/21/2013 05:37 PM, Hilarie Orman wrote:
> Take it as a challenge, is the IETF smarter than NSA or any other
> organization with ulterior motives?  Can the IETF make sound technical
> judgments based on written documents?  If you don't believe this is
> possible, then by all means, start the purges.  Otherwise, step up to
> the plate, be part of the evaluation-on-the-merits process, and choose
> leaders based on their competence and not on their employment.

It seems to me that Trevor's request is specifically raising concerns
about Kevin's competence in regards to the Dragonfly proposal.  He has
specifically cast doubt on Kevin's competence at communication within
the CFRG (point 1), his technical competence in the subject matter
(point 2), and his ability to effectively report beyond the group (point
3).  These are critical competencies for the co-chair of an IRTF
research group.

However, employment by and public affiliation with an antagonistic
organization are also relevant.

If Kevin was in a position within the NSA to know about their attempts
to subvert standards processes and did not alert the IRTF to this risk,
or was actively attempting such subversion himself, he needs to be
removed from his position as chair.  The chair has too much "wide
discretion in the conduct of Research Group business" [0] to be held by
an adversary.

OTOH, if he is a good-faith participant in the working group, but
discovered with the rest of us this year that his major institutional
affiliation was working behind his back to subvert the process in which
he was actively engaged, I would have expected him to acknowledge the
situation and at least make some sort of embarrassed remark about his
employer to the research group he co-chairs.  I've seen no such message
from Kevin to the CFRG list.  Kevin, maybe you can comment on this?

A good-faith Kevin who apologizes for his employer (or who even resigns
from the NSA in disgust at how his colleagues have undermined his work)
and continues as the co-chair of the CFRG is unfortunately
indistinguishable to the rest of us from a bad-faith Kevin who is intent
on continuing to subvert the privacy and security we want to build into
the Internet.  Kevin's future contributions to the group will inevitably
draw a higher degree of scrutiny and doubt from some parties because of
his affiliation with a known adversary.

At some point, a good-faith Kevin would realize that his position and
ability to lead as co-chair is damaged by the adversarial nature of his
employer to the goals of the research group.  Stepping down from that
position and continuing to contribute helpfully would be a way to
indicate where his allegiance lies in this conflict.  This is not a
purge.  No one is calling for his expulsion from the research group
entirely.

Regards,

	--dkg

[0] http://wiki.tools.ietf.org/html/rfc2014#section-5.3