IETF Logo Mail Archive

Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain...

Rob Stradling <rob.stradling@comodo.com> Tue, 17 November 2015 14:58 UTC

Return-Path: <rob.stradling@comodo.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2FB8A1A8BB3 for <perpass@ietfa.amsl.com>; Tue, 17 Nov 2015 06:58:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zef3pN7B7_1Z for <perpass@ietfa.amsl.com>; Tue, 17 Nov 2015 06:58:43 -0800 (PST)
Received: from mmextmx1.mcr.colo.comodoca.net (mmextmx1.mcr.colo.comodoca.net [IPv6:2a02:1788:402:c00::c0a8:9cd5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 83BDE1A8AF8 for <perpass@ietf.org>; Tue, 17 Nov 2015 06:58:42 -0800 (PST)
Received: (qmail 5983 invoked by uid 1004); 17 Nov 2015 14:58:40 -0000
Received: from ian.brad.office.comodo.net (HELO ian.brad.office.comodo.net) (192.168.0.202) by mmextmx1.mcr.colo.comodoca.net (qpsmtpd/0.84) with ESMTP; Tue, 17 Nov 2015 14:58:40 +0000
Received: (qmail 18176 invoked by uid 1000); 17 Nov 2015 14:58:40 -0000
Received: from and0004.comodo.net (HELO [192.168.0.58]) (192.168.0.58) (smtp-auth username rob, mechanism plain) by ian.brad.office.comodo.net (qpsmtpd/0.40) with (AES128-SHA encrypted) ESMTPSA; Tue, 17 Nov 2015 14:58:40 +0000
To: Robin Wilton <wilton@isoc.org>, Joseph Hall Lorenzo <joe@cdt.org>
References: <20151104132852.GA30149@laperouse.bortzmeyer.org> <CABtrr-UBM9xvsPOx8+V5a8s1Y0d8+KmpidvcwZqh81KVyGcW_g@mail.gmail.com> <2F62068C-93EA-4F65-B975-9D9E0534A103@isoc.org> <CABtrr-WpUNKZ4m5p4f0ZR0wNDr=XpQwqBZzQQ-WMJ9VfXcNDig@mail.gmail.com> <6CD67975-65C7-48F5-8BCB-CA5E2CC7C365@isoc.org>
From: Rob Stradling <rob.stradling@comodo.com>
Message-ID: <564B409B.3020408@comodo.com>
Date: Tue, 17 Nov 2015 14:58:35 +0000
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <6CD67975-65C7-48F5-8BCB-CA5E2CC7C365@isoc.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/perpass/5N1iUekWyiPXf97QD5hbyR5qLSo>
Cc: perpass <perpass@ietf.org>, Stephane Bortzmeyer <bortzmeyer@nic.fr>
Subject: Re: [perpass] [dns-privacy] We'll have stakeholders in Great Britain...
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Nov 2015 14:58:46 -0000

Nice article from the Beeb:
http://www.bbc.co.uk/news/technology-34842854

Some great quotes...

'Cybercrime consultant Prof Alan Woodward says the availability of 
encrypted systems makes the security agencies crackdown "absolutely 
pointless".'

'And Prof Woodward says: "There are more power outages caused by 
squirrels than by cyber-terrorists."'

On 05/11/15 13:28, Robin Wilton wrote:
> Have you heard the English expression “dog’s breakfast”?
>
> R
>
>
> On 5 Nov 2015, at 05:45, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>
>> I should also point out, on a different part of the Bill, section 189,
>> "Maintenance of technical capability" requires non-UK
>> providers/companies to provide access to cleartext. e.g., this part
>> reaches non-UK folks:
>>
>> "An obligation specified in regulations under this section may be
>> imposed on, and a technical capability notice given to, persons
>> outside the United Kingdom (and may require things to be done, or not
>> to be done, outside the United Kingdom)"
>>
>> :/
>>
>> On Thu, Nov 5, 2015 at 2:08 PM, Robin Wilton <wilton@isoc.org> wrote:
>>> It’s very hard to work out exactly what UK policymakers think they are aiming for here… quite possibly because their own understanding is less than perfect.
>>>
>>> In the parliamentary debate yesterday, the Home Secretary repeatedly referred to retention of “the first page or device accessed by a user”.
>>>
>>> I don’t think I know what that means.
>>>
>>> I also wonder, for instance, how that would work in a “portal”-style environment, where a single “landing page”  could contain dynamic content elements.
>>>
>>> Nor is it clear to me whether, once I visit a site, my CSP would have to log the “first connection” my browser gets to each embedded third-party-served element on that page (e.g. ads, ssh sessions etc… etc…).
>>> If it does, there’s potential for this measure to result in volumes of data that are so large as to be increasingly unusable. (Obviously, as a privacy-concerned citizen, if the interceptors drown in data, I can see an upside in that ;^)   )
>>>
>>> I will be looking at the detail of the Bill over the coming days, and no doubt ISOC will be publishing some analysis, comments and conclusions.
>>>
>>> Yrs.,
>>> Robin
>>>
>>> Robin Wilton
>>> Technical Outreach Director - Identity and Privacy
>>> Internet Society
>>>
>>> email: wilton@isoc.org
>>> Phone: +44 705 005 2931
>>> Twitter: @futureidentity
>>>
>>> On 5 Nov 2015, at 04:34, Joseph Lorenzo Hall <joe@cdt.org> wrote:
>>>
>>>> (moving a thread from Stephane on dns-privacy here to perpass)
>>>>
>>>> I wanted to highlight for perpass the draft UK Bill [1] that dropped yesterday.
>>>>
>>>> It includes the following language in Section 71(9) that ISPs, on
>>>> notice, will need to retain the following for one year (and, yes, some
>>>> of this is completely crazypants and totally unclear how to map these
>>>> concepts onto technical concepts):
>>>>
>>>> ----
>>>>
>>>> (9) In this Part “relevant communications data” means communications
>>>> data which may be used to identify, or assist in identifying, any of
>>>> the following—
>>>>
>>>>     (a) the sender or recipient of a communication (whether or not a person),
>>>>     (b) the time or duration of a communication,
>>>>     (c) the type, method or pattern, or fact, of communication,
>>>>     (d) the telecommunication system (or any part of it) from, to or
>>>> through which, or by means of which, a communication is or may be
>>>> transmitted,
>>>>     (e) the location of any such system, or
>>>>     (f) the internet protocol address, or other identifier, of any
>>>> apparatus to which a communication is transmitted for the purpose of
>>>> obtaining access to, or running, a computer file or computer program.
>>>>
>>>> In this subsection “identifier” means an identifier used to facilitate
>>>> the transmission of a communication.
>>>>
>>>> ----
>>>>
>>>> While the press before had highlighted this bill would require
>>>> retaining "web browsing history" it seems both somewhat worse, and
>>>> potentially Netflow data for what seems like all an ISPs subscribers.
>>>>
>>>> Wondering if others have thoughts.
>>>>
>>>> best, Joe
>>>>
>>>> [1]: https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/473770/Draft_Investigatory_Powers_Bill.pdf
>>>>
>>>> ---------- Forwarded message ----------
>>>> From: Stephane Bortzmeyer <bortzmeyer@nic.fr>
>>>> Date: Wed, Nov 4, 2015 at 10:28 PM
>>>> Subject: [dns-privacy] We'll have stakeholders in Great Britain...
>>>> To: dns-privacy@ietf.org
>>>>
>>>>
>>>> http://www.bbc.com/news/uk-politics-34715872
>>>>
>>>> The bill will force companies to hold "internet connection records"
>>>> for 12 months so they can be requested by authorities.
>>>>
>>>> Such data would consist of a basic domain address,
>>>>
>>>> _______________________________________________
>>>> dns-privacy mailing list
>>>> dns-privacy@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/dns-privacy
>>>>
>>>>
>>>> --
>>>> Joseph Lorenzo Hall
>>>> Chief Technologist
>>>> Center for Democracy & Technology
>>>> 1634 I ST NW STE 1100
>>>> Washington DC 20006-4011
>>>> (p) 202-407-8825
>>>> (f) 202-637-0968
>>>> joe@cdt.org
>>>> PGP: https://josephhall.org/gpg-key
>>>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>>>>
>>>> _______________________________________________
>>>> perpass mailing list
>>>> perpass@ietf.org
>>>> https://www.ietf.org/mailman/listinfo/perpass
>>>
>>
>>
>>
>> --
>> Joseph Lorenzo Hall
>> Chief Technologist
>> Center for Democracy & Technology
>> 1634 I ST NW STE 1100
>> Washington DC 20006-4011
>> (p) 202-407-8825
>> (f) 202-637-0968
>> joe@cdt.org
>> PGP: https://josephhall.org/gpg-key
>> fingerprint: 3CA2 8D7B 9F6D DBD3 4B10  1607 5F86 6987 40A9 A871
>
>
>
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass
>

-- 
Rob Stradling
Senior Research & Development Scientist
COMODO - Creating Trust Online
Office Tel: +44.(0)1274.730505
Office Fax: +44.(0)1274.730909
www.comodo.com

COMODO CA Limited, Registered in England No. 04058690
Registered Office:
   3rd Floor, 26 Office Village, Exchange Quay,
   Trafford Road, Salford, Manchester M5 3EQ

This e-mail and any files transmitted with it are confidential and 
intended solely for the use of the individual or entity to whom they are 
addressed.  If you have received this email in error please notify the 
sender by replying to the e-mail containing this attachment. Replies to 
this email may be monitored by COMODO for operational or business 
reasons. Whilst every endeavour is taken to ensure that e-mails are free 
from viruses, no liability can be accepted and the recipient is 
requested to use their own virus checking software.

v2.23.0 | Report a Bug | By Email