Re: [Pearg] [hrpc] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?

Stephen Farrell <stephen.farrell@cs.tcd.ie> Thu, 05 January 2023 17:16 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: pearg@ietfa.amsl.com
Delivered-To: pearg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 09C14C14CE51; Thu, 5 Jan 2023 09:16:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.999
X-Spam-Level:
X-Spam-Status: No, score=-6.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7HNVaaFJUd7g; Thu, 5 Jan 2023 09:16:08 -0800 (PST)
Received: from EUR04-DB3-obe.outbound.protection.outlook.com (mail-db3eur04on2122.outbound.protection.outlook.com [40.107.6.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8DB84C1516F2; Thu, 5 Jan 2023 09:16:06 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SzZ62DGqGtYSkrmyKhrH6cWedlCy0aL14NK3qOOMT5Hq2c9+x2aRBKpJU5A8dq/k3XPtJ8u4j5Gk1POZzjiQyp5UoMgIWWdb37Q36e9EJG6CU7HNoHeGjrzzU9QhqgUUV3Z5JIwi/wyZ2h11NKoPOUe3p5U9mFScrOvwoxgsLAYCG0685dZvzyJXBzRzHveifrm6vR0Dxtnqp1oKcH4jV2wJUoyvCA/QolM4Gys4t2JkKoeYveODoXOSA7Oez7qjyLCyztT/kLL2mNfAcuJ9yBibWtupyz5+FZnKYxWc9Lad1uP5awqBs2HiQN8MiJXwMZGThL49LuiDRV1XW1pJZA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nJDfsl5++GXsQPxPfhc187soUaa90KXW8bnkMpJbRRw=; b=f/1h3yZcTCA4R01Af+mDlmtEF4BlYSH5n5jWtowQEvSSY5NUnQWvlxVvXoYZ952vv2j7Esy4G/gRzCHHVRuvTvseEc8tp0aOIR9850ERO+EXz7DLVQmf9KEgSJKgEY9oUKZHuWrWIhLQY2GB0yO77txslROGU8ixrfQVtG9cC11hdHQwhnkCfpqpBZw3FJYWOgjCESla45DK2hW0OuKXj+Ej0wMX7xdXocqD9ORgONzBrUML9ckALHeYgLOz2A3iaMr/jUamvbut6LnQfu4fh4MRaLmZf9Wtu6HN+7Sg9XhoPhRnJCv3sIFXQ9ncuKhTfLrG5k+e9Z9JCENFRKikwA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=nJDfsl5++GXsQPxPfhc187soUaa90KXW8bnkMpJbRRw=; b=G5wPfHxAFCY9QmTfUH9OEhEkRgmNVlqNKZcySD7HuBKTqbmcPENA2zReG3FhWJ4BPR/eYMmBq4nfE7QGA4xNUoms674ZCApD8Y1fpdPl08bQ4Yz+Qt89/Hkx5xbiQVS/VaMaHnQSWfbf6I5n3V0rkOjQL8iz536tGIfVvVGuyro/wvDmtZYvFsFJMwlfAt7MeILHarbgOJUAo2ROf0+HDkR7WWoPH/VAi1ecXV/FYQx/ZasOSI/6u0aeFa0uh2Hl5UpvbVzViXLJUMTqbpeKPxaBFMwRtp9Vgam3HeXu5LaNFSYwlLWqGRfnJs8yKrAF9dtl5ZQR62Rm71L7gyrrFg==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by VI1PR02MB6319.eurprd02.prod.outlook.com (2603:10a6:800:197::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5944.19; Thu, 5 Jan 2023 17:15:59 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::1a3d:b78f:f41:afd4]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::1a3d:b78f:f41:afd4%4]) with mapi id 15.20.5944.019; Thu, 5 Jan 2023 17:15:59 +0000
Message-ID: <b76ef435-9f61-42f8-a688-42f41163ec52@cs.tcd.ie>
Date: Thu, 05 Jan 2023 17:15:58 +0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.4.2
Content-Language: en-US
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>, "ietf@ietf.org" <ietf@ietf.org>, "hrpc@irtf.org" <hrpc@irtf.org>, "pearg@irtf.org" <pearg@irtf.org>, saag <saag@ietf.org>
References: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
In-Reply-To: <HE1PR0701MB305098F652DBC34E3C40810B89F49@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------UxAuj6A0JO5YtcSshYUFLw7d"
X-ClientProxiedBy: DUZPR01CA0024.eurprd01.prod.exchangelabs.com (2603:10a6:10:46b::11) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|VI1PR02MB6319:EE_
X-MS-Office365-Filtering-Correlation-Id: 10b45e1d-5699-4966-6096-08daef4083c7
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: jQrmXW2w/ZNbRq4J9NUW27lzN8gkgOx6jwA9EWbxbfwOkOxnSeYp+JDomuAuSSa5DAcZHOY225c3Rcs4MfCwrLP0YqMvMjTG0FONKSqoNxHyz2N77+IPntkup9o68y1INi2Ep2lNRqwYDcHxmbN3BqqewAeHu/M5MJIO+yEoMYxakN2ZfnKCvk+YSoFX0V/AhkmCn3XRVJAqKz+S9IJqe2XqdYFxsmjolP9Rk3Mj0bF71visHdeDo7bqjUGp+7CONRsSOq8nkWcWXQ3kf8AW8JVMnIrczPeti0URE33z/MpWFSBlu6ueOgw6U8yqPepYfbsCJlhudjZr6X7j5JoJrVF+Y2htU2xvKKh7186+JUnkrXWkLLY1ezH2Qi65spgCN/o4cIZbCRBeC7awSkSSljxxHZcZdxpUh0Svlvhkt8qsvyS7uTTg6wPSaRdQylYymOOV+srp29YSQ2FZ/oWveIdi9rV5Q3JtMbPGuYITfwO7N2mvZ8hNXqpWamLoq2+d73JE9j6xmnbiKTVmCIwnVMWBJR+regYqfd8z5z4xZ9qd1TcBMru9235sx0wCEPwLJ2el32cPt2gtxiJymR4AEHBoBm6NU75/XvWh5zv3zsUfr4kSejabIp9GEbdueHWx2J6dnCuhIvPyjgwJYn77Bi6BgVgye5pdBpGuWkduVjSFaulneNc3V8bIYOnf1p6eKimYviePh7oq4EH0kr4k6/HPFjbdcGlD5r9PyEY3BoI=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(4636009)(366004)(376002)(136003)(346002)(396003)(39860400002)(451199015)(31686004)(6506007)(316002)(66946007)(6512007)(33964004)(186003)(110136005)(2906002)(44832011)(5660300002)(235185007)(478600001)(6486002)(45080400002)(41300700001)(21480400003)(31696002)(86362001)(83380400001)(2616005)(66476007)(786003)(38100700002)(8676002)(36756003)(8936002)(41320700001)(66556008)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: uCfUvsX2Pcalh4CFj6354WGnqcqVGXw0HNMBWCcqyH2ieHKzuVAO7rc/5E2ozY1Rr2TP6gr0IIM7Qm/KV7NwBFNUFaQYbNJRzBXYTlxGmX+Bn9hSEBkbeFgrgD08OASNVAyqzbn2Zb0w1+iYb1aEp58sHvazWVvvSzZxF0GgceeLbOGwRGltEWH9qbLGL1nib0jhMV/W6SQOEEy8LHHdF26wLZagCVybglhGR2JbCF4oWdmTeKJ4apim0r8c2TnQ81P9L+DIA2Nynxdb78nhT/8hM+a5DUMuOHzOtfgb1mELqEZSWUiesqKKSeL8aA/tzNQ+AosQerb/VhH3sUR04UgZGAUhei1LlXSlh+J+o/uIYxacnA5ZtyDrNZwR7MAq0CEuItyqEaDM+qf/jnJul+t9nOzqZF4rk5esetmck8HvbOnv/aDmbwYSfdPb207RWWR+CFvZMXdjV6DD6a+k8szRkjoUYjZqQMQ94s7J1438CTRZ1BYDyscEiHR3yzp9DF518nSyVjPqaOGW2BM6te1mclRPFhIiR065YMmkeFZrtZ8O1VSr8GCtguzHjMn9xmz5+2ta96+tqA0nP1yJz6XoqSUe8QEt55rtHiDwTUUjTk4USKLBCIS8fNXActpoc0JZAoVu+RsbD/5btCIIz8inazSZK1CXGnOUC8n7klLYDX7Pt/uFfctMdXbSFL4kkHIDqkrxoa4wbejDevIiPJrQxPnIPEr7wMxMQs4WFIu+Z41pO/TNgIkjWd54JBcC6TBwzSz4aRyJtRP+Fayoamx5JPHjNhPazDmpqmYPRF4DzV+dt8+vBRaVXO9LCD+gWFTk8IAVuKAeT4RBpkXRGd8IoDNRWwcuGybEiXgZGS5fyvEM4tBCgGc3dZAZcs7K59nh34LoipxZYFNrj5PQb5J+oila/2Q/YSkmNLSwKOJf0HdOMY7huMKoIjWF8fVogj6QGUJMRM0bXGAObaBlGtoHc9HGpY5KKl8SrruxblYRfFY6dau9NqQe2H/rbrebihQsR+BIDG2Bznltp1AFsyvW03PZVv6VIsV1VxY49B/FNiTGB4OnlMUnetvkw1agRa/DsJCdr6sEipgGAYkckDft+PAuGCbC4EtjXXtD8w798mgZ92fu8q9OjZHZRDxveFlvOdmWOFhSmwTXXkbOaTPHqMjqNstTVz5R6gjQCYoStZryV9cnq85AxGjneNm7QfU9AelhDmqy54EPxRaDwM1+GI2x2e/wuGl41iuCZX4ABSgW45c2oGyW1+TEew02rP5INIFYmocNrtfGBgl2sgfMuRNa0Lr98COOQcBGRNuDD7xrlBBKtOwFbNsk1BcXG6DwtkdzDUqndpO3LSc/ZXy9y5wixFmmIjrL2jUdd8nTxKkk3zPSA6aK92x1/NcmX8F+nkza92AWu2EKbc3bAGNq7L9yc87Fx3k+YFrUlya1FuydhpfrRgHmI04MHoItSwK+UVVKkPt4bM4l7EfIcK6GU38lcmgjUyIE3CdyitlL/7aXQmaO/iDDMBw1kquzzyeG0jk2MtmdSXpIvzREIstDWpVpcXPIB3KjRbH8YLWaegFRYe8icj9DEyCscaA2f9B+moTREGuy3N2iBUDzb2YfqGAG3aZBWCOvUvkjxZ/VKrg1aPo/PudbMCYkIBKB
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: 10b45e1d-5699-4966-6096-08daef4083c7
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2023 17:15:59.6204 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eaxmnA6zMAhv4qBjx4bhtAcwFSL4z8ZvoUUll6yoHxFsqzkXnCI8EtQMrcDXl5MU
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR02MB6319
Archived-At: <https://mailarchive.ietf.org/arch/msg/pearg/HxOCVaAp55rMIXvv30F9QQg_y6g>
Subject: Re: [Pearg] [hrpc] Ten years after Snowden (2013 - 2023), is IETF keeping its promises?
X-BeenThere: pearg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Privacy Enhancements and Assessment Proposed RG <pearg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/pearg>, <mailto:pearg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pearg/>
List-Post: <mailto:pearg@irtf.org>
List-Help: <mailto:pearg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/pearg>, <mailto:pearg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jan 2023 17:16:13 -0000

Hiya,

I think John is correct that it'd be good for the IETF
to review what we've achieved and what else is feasible
to do now, a decade since the Snowden revelations. I'd
guess such a review would turn up some protocol changes
and gaps that could be filled, so doing that over this
year seems timely.

I'm sure we'll see yet more people say the sky is falling
if/as we enable better confidentiality, but that's always
been the case, and always wrong.

And I'd echo Viktor and Ekr in that I do think we
collectively managed to move the needle in a good way
over that decade.

I do think considering whether we could do better wrt
endpoint security would be worth trying (again), e.g. if
we could agree/document some recommendations/BCPs about
reasonable telemetry, that could be a win. (So-called
"telemetry" being one of the ways in which surveillance
capitalism abuses people's data). That said, I'm not so
sure we have the same level of community engagement we
had back in 2013/2014, when lots of people were actually
quite annoyed at details and scope of the surveillance
being revealed. And it is true that many aspects of what
goes on on endpoints is not something where we have much
impact.

To touch on another point raised: I think a lot of the
recent and upcoming EU legislation/regulation does look
promising (e.g. if it eventually motivates IM interop),
but don't at all buy the arguments that we should do
nothing about what some call "policy" and others think
is just sensible engineering that considers at least a
bit of the related environment and some ethics. But a
lot of that is regurgitated argument anyway:-)

Lastly, given some of the arguments here will be repeats
of earlier ones, it might make sense to have this discussion
on the still-extant perpass@ietf.org list (if e.g. the
ADs figured that was a good plan). I think it'd be useful
for people looking back at this round of the usual arguments
in 2033.

Cheers,
S.