[Ideas] Concerns of privacy and identity

Tom Herbert <tom@herbertland.com> Sat, 23 September 2017 16:04 UTC

Return-Path: <tom@herbertland.com>
X-Original-To: ideas@ietfa.amsl.com
Delivered-To: ideas@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AD2B5132D96 for <ideas@ietfa.amsl.com>; Sat, 23 Sep 2017 09:04:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=herbertland-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzrPdS4Uk1Lo for <ideas@ietfa.amsl.com>; Sat, 23 Sep 2017 09:04:55 -0700 (PDT)
Received: from mail-qt0-x229.google.com (mail-qt0-x229.google.com [IPv6:2607:f8b0:400d:c0d::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 223BE132351 for <ideas@ietf.org>; Sat, 23 Sep 2017 09:04:55 -0700 (PDT)
Received: by mail-qt0-x229.google.com with SMTP id b1so3594330qtc.4 for <ideas@ietf.org>; Sat, 23 Sep 2017 09:04:55 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=herbertland-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to; bh=2pkYfnULP+6RsDUT0Gy8WkzWB8Wt+apT9g9Dn7r8ukY=; b=s9SpB5rR4FG+tbwKplpe8yE439GIaEkvRKzV67m66mreEwLAKHq39NZKOZ0PGtp5hv 1dqKB/2lEDgyoZwgZgKpC1sYhV4w74ezWX4oXr0hbPDbAf3pohcM/M5MrGOkRnK6cB1f ZVt5fSbK4TGTeanQYz6WA/jdXi8wDffO2HWek8JHL8p40XwyZW4xfBujP2CKUKQnuhsy G+ZmAQ4Rb8/Aq2RmvOxM/94rnlESCgHHExVE7mhTKFgYyCM5SJaL+dlU4sCBsnTisbrG ExK86EgWwXmhwZ6vK1k7elsPhRx4sYMaB+NfrbNjqv9/truwdR8ium3ZL82klNLkxlBv r9tw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=2pkYfnULP+6RsDUT0Gy8WkzWB8Wt+apT9g9Dn7r8ukY=; b=ICh138ozohQMCDhmWjYYdrghsy2DIxo8mp/8y46o2OMcOc6qLr2V7qX4bQDcdKLBDd NZuI1A46flfVW5vtOOYCI0MT4cnaT+1mFCH5sD3K1Rkut3TESXSo2zzAnTo2ad0f33dv YV2E9C24Zk5ub7CemuhdtJt6zG1sIkBOELw+NF22cy4m25BAm1TMEbKQGxdGLj2g8PRt PUWYprsSsNzoviHeo9TUtqJMbhJIEj9xgpDXyxv+VY7ecKMh21Uoe6+ldKJOwc2N/qrv V7KCPSxLbDhav5ztft/mZaHxQ9EDbf9YKkcKbs8r2KZnlP929iIvW7F8Bg+A4QmDc4v1 8EBw==
X-Gm-Message-State: AHPjjUj6E2eouogwBnuflWPkmBOsQ4ZNOp1eWIpXepjRi0blQh8WdOaf QuykzzghMgqFR9Kz3MrI2juKT5orcVTyVdF+WZF6QpU/
X-Google-Smtp-Source: AOwi7QAt6lFxn1//vPY+VyiE5082YvSZgb6Yks1ssvQeVAoJwyPUZsDFFnwxV4RAcyEq61LO0YBgWLEOGsWw6pfqB2g=
X-Received: by 10.200.22.105 with SMTP id x38mr3996411qtk.108.1506182693997; Sat, 23 Sep 2017 09:04:53 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.237.61.196 with HTTP; Sat, 23 Sep 2017 09:04:53 -0700 (PDT)
From: Tom Herbert <tom@herbertland.com>
Date: Sat, 23 Sep 2017 09:04:53 -0700
Message-ID: <CALx6S36HThu4tRieGz2JVE-esJhLeZXDeCqXPp=-KNYzyFMt+Q@mail.gmail.com>
To: ideas@ietf.org
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ideas/PhjGuHhyw82Sw45Xh17HgsSZOXc>
Subject: [Ideas] Concerns of privacy and identity
X-BeenThere: ideas@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Discussions relating to the development, clarification, and implementation of control-plane infrastructures and functionalities in ID enabled networks." <ideas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ideas>, <mailto:ideas-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ideas/>
List-Post: <mailto:ideas@ietf.org>
List-Help: <mailto:ideas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ideas>, <mailto:ideas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Sep 2017 16:04:57 -0000

Hello,

I still have deep concerns about the identity concepts in IDEAS and
the potential for abuse and breaking users' fundamental privacy and
anonymity.

I find the last paragraph is section 4.1 of
draft-ccm-ideas-identity-use-cases-01 to be particularly worrisome.
Reading this, I don't see how it's not describing a global database of
individual users' identities on the Internet that governments will be
able access at their discretion .

A key sentence is:

"to convey an authorized network entity who is behind a given
(ephemeral) IDf that is visible on the wire."

The "who" could be construed as meaning individuals here. "authorized
network entity" could mean anyone in the path including governments
that would assume they are self-authorized to track users.

The rest of the lines in the paragraph mentions "legitimate need to
know" and " Legitimate parties include ... regulatory authorities".
What is legitimate is subjective-- what one party considers a
legitimate need to know, another may not. Regulatory authority pretty
much means government.

I believe the identity effort has good intentions and there may be
real benefits. Perhaps the idea is that a policy will be articulated
on who the authorized parties are and what the authorized uses of the
data. The obvious problem with that is that IETF, nor anyone else, can
enforce policy across the Internet. Besides that, it's almost becoming
a daily occurrence that databases with personally identifying
information is hacked-- a global database of Internet users would be
subject to similar attacks.

It seems to me that the only guaranteed way prevent misuse of identity
is to either build the mechanism such that misuse is provably
impossible, or to not build a mechanism at all.

In any case, I suggest the following be added to the charter:

"IDEAS will not create a protocol, mechanism, or database that records
or disseminates identities of individuals or any other personally
identifiable information. IDEAS will not create any mechanism that
could allow a third party in communications to track packets back to
individual users."

Thanks,
Tom