[Nsaas] Is it possible for individuals to avoid being monitored by Government agencies?

Linda Dunbar <linda.dunbar@huawei.com> Fri, 29 August 2014 18:24 UTC

Return-Path: <linda.dunbar@huawei.com>
X-Original-To: nsaas@ietfa.amsl.com
Delivered-To: nsaas@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 08C151A6F65; Fri, 29 Aug 2014 11:24:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.869
X-Spam-Status: No, score=-4.869 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.668, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id enllROqD8Igy; Fri, 29 Aug 2014 11:24:42 -0700 (PDT)
Received: from lhrrgout.huawei.com (lhrrgout.huawei.com []) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 427AB1A6ED8; Fri, 29 Aug 2014 11:21:05 -0700 (PDT)
Received: from (EHLO lhreml406-hub.china.huawei.com) ([]) by lhrrg01-dlp.huawei.com (MOS 4.3.7-GA FastPath queued) with ESMTP id BLX58235; Fri, 29 Aug 2014 18:21:03 +0000 (GMT)
Received: from DFWEML704-CHM.china.huawei.com ( by lhreml406-hub.china.huawei.com ( with Microsoft SMTP Server (TLS) id; Fri, 29 Aug 2014 19:21:00 +0100
Received: from DFWEML701-CHM.china.huawei.com ([]) by dfweml704-chm ([]) with mapi id 14.03.0158.001; Fri, 29 Aug 2014 11:20:53 -0700
From: Linda Dunbar <linda.dunbar@huawei.com>
To: "ietf@ietf.org" <ietf@ietf.org>, "nsaas@ietf.org" <nsaas@ietf.org>, Hosnieh Rafiee <hosnieh.rafiee@huawei.com>
Thread-Topic: Is it possible for individuals to avoid being monitored by Government agencies?
Thread-Index: Ac/C2aY9o39tM7ggQpS6YIhOHJvDogA115NA
Date: Fri, 29 Aug 2014 18:20:53 +0000
Message-ID: <4A95BA014132FF49AE685FAB4B9F17F645DDE517@dfweml701-chm>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: http://mailarchive.ietf.org/arch/msg/nsaas/hZ7UMATYwKMm8IzH2PNVaBiZsx8
Subject: [Nsaas] Is it possible for individuals to avoid being monitored by Government agencies?
X-BeenThere: nsaas@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "*NSaaS: Network Security as a Service mailing list*" <nsaas.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/nsaas>, <mailto:nsaas-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/nsaas/>
List-Post: <mailto:nsaas@ietf.org>
List-Help: <mailto:nsaas-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/nsaas>, <mailto:nsaas-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Aug 2014 18:24:44 -0000

Network Security as a Service (NSaaS non-WG)  is for discussing topics related to interfaces and architectures for "Clients/Requesters" to ask for (or negotiate) the network security related functions, that are not physically present at Requesters' premises, as well as the associated attributes.

There is a question on if it is possible for individuals to avoid being monitored by Government agencies. Does anyone know where to check?

Thanks, Linda

-----Original Message-----
From: Nsaas [mailto:nsaas-bounces@ietf.org] On Behalf Of Hosnieh Rafiee
Sent: Thursday, August 28, 2014 11:04 AM
To: nsaas@ietf.org
Subject: [Nsaas] Some thoughts about SAAS


Since security as a service (SAAS) is really a critical role for each customers in different countries and for governments as well, I am thinking about how would be possible to also protect customers from Surveillance agents and monitoring. 

Because if SAAS is offered by a country that its government is known to be a surveillance agent, Is there any particular requirement should be considered in standard architectures to avoid such role? 

If the target customer is a government/or any important company in a country, does it accept to use a SAAS that is located in another country? (fearing of spy)

How to avoid governments to force SAAS vendors/operators to access the detail information about security services so that they can monitor and access customer's data. Are these assumptions only operational issues or it might also impact the standards in this regard?

Nsaas mailing list