Re: [perpass] perens-perpass-appropriate-response-01

Nicholas Weaver <> Wed, 04 December 2013 20:44 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 444A51AE1AA for <>; Wed, 4 Dec 2013 12:44:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Z_R0bdVgL8tN for <>; Wed, 4 Dec 2013 12:44:01 -0800 (PST)
Received: from rock.ICSI.Berkeley.EDU (rock.ICSI.Berkeley.EDU []) by (Postfix) with ESMTP id 6F6F11AD8F5 for <>; Wed, 4 Dec 2013 12:44:01 -0800 (PST)
Received: from localhost (localhost.localdomain []) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 952532C404B; Wed, 4 Dec 2013 12:43:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at ICSI.Berkeley.EDU
Received: from rock.ICSI.Berkeley.EDU ([]) by localhost (maihub.ICSI.Berkeley.EDU []) (amavisd-new, port 10024) with LMTP id TSDdU7lxcVnh; Wed, 4 Dec 2013 12:43:58 -0800 (PST)
Received: from ( []) (Authenticated sender: nweaver) by rock.ICSI.Berkeley.EDU (Postfix) with ESMTP id 1F6312C4003; Wed, 4 Dec 2013 12:43:58 -0800 (PST)
Content-Type: multipart/signed; boundary="Apple-Mail=_270281A6-D8E9-43C7-B9B1-3A0D1FEE0BD5"; protocol="application/pgp-signature"; micalg=pgp-sha512
Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\))
From: Nicholas Weaver <>
In-Reply-To: <>
Date: Wed, 4 Dec 2013 12:43:57 -0800
Message-Id: <>
References: <> <> <> <> <> <> <> <> <>
To: Bruce Perens <>
X-Mailer: Apple Mail (2.1510)
Cc: Stephane Bortzmeyer <>,, Nicholas Weaver <>, Theodore Ts'o <>, Jacob Appelbaum <>
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 04 Dec 2013 20:44:03 -0000

On Dec 4, 2013, at 12:29 PM, Bruce Perens <> wrote:

> On 12/04/2013 11:55 AM, Jacob Appelbaum wrote:
>> Dear Bruce,
>> Why do you dignify these actions as 'law enforcement' or even as
>> 'national defense' when we're discussing illegal spying?
> Because some of them are in my interest. And yours.
> We have a nasty part of government that thinks it is in an an endless war. Every liberal nation, historically, discontinues its nice rights and protections during wartime.

Unfortunately this nasty part of government is not just targeting the nutcases, but practically everybody, using insanely intrusive methods and setting series of insanely dangerous precedents.

How do you think the US would react to word that, say, the French or Chinese hacked AT&T (using packet injection, weaponizing the wiretaps), in order to practice covert surveillance upon senators and businessmen in the US?  "Ballistic" wouldn't begin to describe the reaction.  Not to mention the obvious economic targets [1] as well.

Yet now the NSA has said, "hey, its OK".  So if there is a reason for France, or China, or Russia, or Israel, or well anybody to not let their intelligence services off the leash?  

We know that the Chinese haven't been doing packet injection in the past (because we've caught their intrusions in the past, and they've been through phishing/watering hole), but they will in the future.  Because hey, why not?

Universal encryption is needed, NOW, not to limit the damage of surveillance but to reduce the huge attack surface that is now laid bare for the world.  

Your adversary is all countries which your traffic traverses except your own.

[1] The NSA is quite happy to say they don't give the information to US companies, but its quite clear that a non-trivial amount of espionage is to further US economic interests.  IMO, its a waste.  What good is hacking Petrobras if you do NOT give the data to Exxon/Mobil?

>> Pervasive surveillance, censorship and malware is a serious threat regardless of your feelings about the NSA.
> And will continue to be so after all web transactions are encrypted. You're not going to actually solve any problems.

Yes, because unencrypted traffic is a huge open attack vector, which is now open-season.  Enjoy...

Nicholas Weaver                  it is a tale, told by an idiot,                full of sound and fury,
510-666-2903                                 .signifying nothing