IETF Logo Mail Archive

Re: [ietf-privacy] Research Note on NSA/Snowden for EuroParl PRISM inquiry

Caspar Bowden <caspar@PrivacyStrategy.eu> Sun, 29 September 2013 20:23 UTC

Return-Path: <caspar@PrivacyStrategy.eu>
X-Original-To: ietf-privacy@ietfa.amsl.com
Delivered-To: ietf-privacy@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D871521E80C2 for <ietf-privacy@ietfa.amsl.com>; Sun, 29 Sep 2013 13:23:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.499
X-Spam-Level:
X-Spam-Status: No, score=-3.499 tagged_above=-999 required=5 tests=[AWL=0.100, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9kB8C0a9Zj97 for <ietf-privacy@ietfa.amsl.com>; Sun, 29 Sep 2013 13:23:18 -0700 (PDT)
Received: from relay5-d.mail.gandi.net (relay5-d.mail.gandi.net [217.70.183.197]) by ietfa.amsl.com (Postfix) with ESMTP id 5B26421E80BB for <ietf-privacy@ietf.org>; Sun, 29 Sep 2013 13:23:18 -0700 (PDT)
Received: from mfilter10-d.gandi.net (mfilter10-d.gandi.net [217.70.178.139]) by relay5-d.mail.gandi.net (Postfix) with ESMTP id 9F16E41C053; Sun, 29 Sep 2013 22:23:07 +0200 (CEST)
X-Virus-Scanned: Debian amavisd-new at mfilter10-d.gandi.net
Received: from relay5-d.mail.gandi.net ([217.70.183.197]) by mfilter10-d.gandi.net (mfilter10-d.gandi.net [10.0.15.180]) (amavisd-new, port 10024) with ESMTP id bxGvnIrjHFMN; Sun, 29 Sep 2013 22:23:05 +0200 (CEST)
X-Originating-IP: 178.197.239.73
Received: from [10.137.2.12] (73-239.197-178.cust.bluewin.ch [178.197.239.73]) (Authenticated sender: caspar@PrivacyStrategy.eu) by relay5-d.mail.gandi.net (Postfix) with ESMTPSA id A6FFD41C05A; Sun, 29 Sep 2013 22:22:59 +0200 (CEST)
Message-ID: <52488C1C.20601@PrivacyStrategy.eu>
Date: Sun, 29 Sep 2013 21:22:52 +0100
From: Caspar Bowden <caspar@PrivacyStrategy.eu>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130805 Thunderbird/17.0.8
MIME-Version: 1.0
To: Avri Doria <avri@acm.org>
References: <52457A8E.9090105@casparbowden.net> <524830AA.8080409@PrivacyStrategy.eu> <52483A3D.5060104@cs.tcd.ie> <52485F4A.8070805@PrivacyStrategy.eu> <52486B4B.2050408@cs.tcd.ie> <F3F87902-31AD-4DDC-8E2E-EE4F15F2E241@acm.org>
In-Reply-To: <F3F87902-31AD-4DDC-8E2E-EE4F15F2E241@acm.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: ietf-privacy@ietf.org
Subject: Re: [ietf-privacy] Research Note on NSA/Snowden for EuroParl PRISM inquiry
X-BeenThere: ietf-privacy@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Internet Privacy Discussion List <ietf-privacy.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-privacy>
List-Post: <mailto:ietf-privacy@ietf.org>
List-Help: <mailto:ietf-privacy-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-privacy>, <mailto:ietf-privacy-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Sep 2013 20:23:25 -0000

On 09/29/13 20:44, Avri Doria wrote:
> Another big reason. Your own government can act on the information in 
> many more ways that a foreign governments. As an example:, what do I 
> care what info Iran collects on me, as long as I am not planning to go 
> to Iran and it does not affect anyone I know in Iran. But if my 
> government gets itself in a twist on my talking to people in Iran, you 
> bet I care about the surveillance. Of course no spying ever on anyone 
> is the Good. But that is also the Unlikely. No matter how many laws, 
> treaties or covenants are inked. 

True, but if you are a European campaigning against global warming, or 
Iraq war, or other US foreign polic, then you have US as adversary more 
than own govt. (modulo that govt. and FVEY etc.)

>>
>>> 2) the "political" purposes in the defn. of FII I point at would be
>>> illegal in EU (they don't exist in corresponding EU laws, and the
>>> Belgacom/GCHQ case will be a real test case on this point). The fact is
>>> that it is not illegal (in US) for the US to do that to (say) Belgium,
>>> but is it is illegal for one European state to do that to another
>>> (political spying rather than "genuine" national security)
>>>
>>> This is an incredibly important point which I still not think is widely
>>> understood (especially by people in US)
>>>
>>>> There could be jusrisdictional reasons for that
>>>> maybe (not that I'd understand those) but I don't think such a
>>>> recommendation really touches on pervasive monitoring at all unless
>>>> you're under the misaprehension that .eu governments are all far too
>>>> nice for that kind of thing or something. Can you explain that one?
> Does it matter, really who may or may not end up invading clouds' privacy with surveillance - either legally or roguishly.  Isn't making it as difficult as possible at as many layers as possible the goal?

But for "the Cloud" as massively parallel computation (or plain vanilla 
IaaS or SaaS) - THERE IS NO TECHNICAL DEFENCE (homomorphic is 
commercially useless)

> Wouldn't the question be how to make private really difficult to 
> surveil cloud arrangements for various groupings, whether divided 
> along state lines, regional lines or community lines? 

There is no technical defence. If the Cloud provider can see plaintext 
then they are vulnerable to laws like FISA .702

> And legislation can punish efforts that go beyond acceptable 
> infraction levels. And International treaties can set limits and 
> conditions for international action/sanction in respect to actions 
> that go beyond agreed upon infraction levels. 

That's why my recommendation is a (EU - gotta start somewhere) full 
Treaty binding on US (but whether one can believe in that is another - 
important - problem)

CB

v2.23.0 | Report a Bug | By Email