IETF Logo Mail Archive

Re: [perpass] Howdy!

Yoav Nir <ynir@checkpoint.com> Mon, 02 September 2013 20:24 UTC

Return-Path: <ynir@checkpoint.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F13F421F9D0E for <perpass@ietfa.amsl.com>; Mon, 2 Sep 2013 13:24:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.48
X-Spam-Level:
X-Spam-Status: No, score=-10.48 tagged_above=-999 required=5 tests=[AWL=-0.196, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, SARE_MILLIONSOF=0.315]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xnq6-v1FHZmE for <perpass@ietfa.amsl.com>; Mon, 2 Sep 2013 13:24:50 -0700 (PDT)
Received: from smtp.checkpoint.com (smtp.checkpoint.com [194.29.34.68]) by ietfa.amsl.com (Postfix) with ESMTP id BA0AE21F9D0D for <perpass@ietf.org>; Mon, 2 Sep 2013 13:24:49 -0700 (PDT)
Received: from IL-EX10.ad.checkpoint.com ([194.29.34.147]) by smtp.checkpoint.com (8.13.8/8.13.8) with ESMTP id r82KOl4n027609; Mon, 2 Sep 2013 23:24:47 +0300
X-CheckPoint: {5224F40F-10-1B221DC2-1FFFF}
Received: from DAG-EX10.ad.checkpoint.com ([169.254.3.173]) by IL-EX10.ad.checkpoint.com ([169.254.2.246]) with mapi id 14.02.0347.000; Mon, 2 Sep 2013 23:24:47 +0300
From: Yoav Nir <ynir@checkpoint.com>
To: Dean Willis <dean.willis@softarmor.com>
Thread-Topic: [perpass] Howdy!
Thread-Index: AQHOp/avvVIFHENAPEWCE6HrojFNK5mysreA
Date: Mon, 02 Sep 2013 20:24:47 +0000
Message-ID: <453E9A60-9959-4219-8EA5-54708565B1C2@checkpoint.com>
References: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com>
In-Reply-To: <CAOHm=4ujOYTHO63EFWMYJBgxUWq00zezYKAJ8B4Vgf_C=xRRVg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.20.48]
x-kse-antivirus-interceptor-info: protection disabled
Content-Type: text/plain; charset="iso-8859-1"
Content-ID: <663978D85C3DD54CA21E273508ABC4B4@ad.checkpoint.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "<perpass@ietf.org>" <perpass@ietf.org>
Subject: Re: [perpass] Howdy!
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "The perpass list is for discussion of the privacy properties of IETF protocols and concrete ways in which those could be improved. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Sep 2013 20:24:55 -0000

On Sep 2, 2013, at 7:08 PM, Dean Willis <dean.willis@softarmor.com> wrote:

> St. Peter redirected me here, which list had escaped my attention. I'm hoping it's a raging hotbed of subversive or at least somewhat paranoid activity.

Half of us are subversive; the other half are spooks spying on the subversive element. The question is, do you know which is which?

> Because we really ought to be quite worried by now.
> 
> And yes, this is really just a test message to see if I can hear myself.

Yeah, you can hear yourself. Also, *they* can hear you. OK. That's not too difficult on a public mailing list with a public archive.

We can't each and every one of us defeat the well-funded, well-equipped, and well trained adversaries who are willing to go to great lengths to spy on us. At worst, they can break into your home ([1]). But that kind of expense doesn't scale. Even the TLAs don't have the resources to do this to billions or even millions of people. 

If we can raise the bar so that their resources are only enough to spy on, say, 100,000 people, then I (please forgive me for being so self-centered), and probably you, are off the hook. There's likely to be at least 100,000 people who are perceived to be more dangerous to whatever country's national security. Yeah, it still sucks to be number 99.999 on this list of alleged criminals and terrorists, but it's way better for the rest of us.

So the question remains, do we have the ability to allow private communications between parties, such that the protection won't stand out? Can we allow anonymous or pseudonymous public speaking that won't be traceable by technological means? Can we make it so that Internet-based services default to private?

Pretty much no constitution or declaration of rights protects people against surveillance. That is because surveillance used to be so expensive, that it was never abused or done on a large scale. Compare that to the US 3rd amendment, prohibiting the quartering of soldiers in private houses. Nobody would prohibit this today, because it's just not done anymore, but it probably was in those days. Perhaps the right to be free from mass surveillance, both governmental and private without due process should be codified in national constitutions, but that is not something that the IETF has any say in. 

Yoav

[1] http://www.foreignpolicy.com/articles/2013/07/16/the_cias_new_black_bag_is_digital_nsa_cooperation

v2.23.0 | Report a Bug | By Email