Re: [perpass] politics and the ietf

Edward Lopez <elopez@fortinet.com> Thu, 05 December 2013 16:15 UTC

Return-Path: <elopez@fortinet.com>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B07F91AE059 for <perpass@ietfa.amsl.com>; Thu, 5 Dec 2013 08:15:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YrIIEOpSw_15 for <perpass@ietfa.amsl.com>; Thu, 5 Dec 2013 08:15:04 -0800 (PST)
Received: from smtp.fortinet.com (smtp.fortinet.com [208.91.113.88]) by ietfa.amsl.com (Postfix) with ESMTP id 23A0E1AE043 for <perpass@ietf.org>; Thu, 5 Dec 2013 08:15:04 -0800 (PST)
From: Edward Lopez <elopez@fortinet.com>
To: Elijah Sparrow <elijah@bitmask.net>
Thread-Topic: [perpass] politics and the ietf
Thread-Index: AQHO8YtEAe6nJsinukWePesvAXKcyppFxz5b
Date: Thu, 5 Dec 2013 16:15:09 +0000
Message-ID: <91FC9CE1-6C8E-4457-A767-6E8F0CDA730A@fortinet.com>
References: <20131205072546.2740.2142915422.0@crow>
In-Reply-To: <20131205072546.2740.2142915422.0@crow>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-FEAS-SYSTEM-WL: 192.168.221.212
Cc: "perpass@ietf.org" <perpass@ietf.org>
Subject: Re: [perpass] politics and the ietf
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 16:15:06 -0000

Elijah,

I have a sociology background as well, and found resonance in your comments.

As a security technologist, I often tell people that security is not required for productivity.  A new protocol or application can be highly productive without being secure.  A significant challenge is in changing the mindset of participants to incorporate security as a goal of design.

But we have to consider the technical, political, and economic (cost) factors of what we do.  In the discussion of opportunistic encryption, we have to recognize that there is a significant barriers in all three areas.  Encryption everywhere is over-simplistic, and is biased on the idea that the math works.  But we have to remember that just like bad security is equivalent to no security, bad implementations of encryption generate costs and hassles without benefit.

I have heard comments regarding pervasive surveillance as an attack on the Internet, and am concerned about cycles lost in overreaction, analogous to how we perceive the Patriot Act, TSA, and Air Marshals as an overreaction to 9/11.

We applaud the concept of Google searches, but are repelled by the concept of data analytics, which is an inherent byproduct of search engines.  In a decade past we demanded 1Gbps wired to the desktop, but gave it up for 11Mbps of shared wireless, even if it was not secure and subject to surveillance. But the productivity gained by searches and wireless are not in question, and the side effects seen as a reasonable cost/risk at the time

The reality is with the NSA, we have an ultimate peer-review organization. One that is prepared to expend tremendous resources to find and exploit weaknesses in the protocols we design.  It's not that they are smarter (although as Bruce points out, likely a decade ahead in math), but they are more tenacious, and they play dirty.  

Collectively, we need to change our thinking.

Ed Lopez

Sent from my iPhone ... Sorry for any auto-correct errors

> On Dec 5, 2013, at 2:26 AM, "Elijah Sparrow" <elijah@bitmask.net> wrote:
> 
> As an outsider to the IETF, and one-time sociologist, I found the repeated calls in Vancouver 88 and on this list for decisions to be made based solely on technical merit and not political argument to be extremely fascinating.
> 
> There was once a time when the design of a protocol or standard could be done in a manner that benefited nearly everyone who might be touched by it. These days are surely past. Nearly every single debate or question that has come up on this list is deeply political, if for no other reason than whatever decisions are made will create winners and losers, people who benefit from the choice and people who are harmed by the choice.
> 
> In the sweep of history, information capitalism has come to a moment of truth, where the material infrastructure that the IETF and technologists the world around have helped to create has now matured into both an economic engine and a state intelligence system based on mass surveillance. Perhaps the most distinguishing political debate of our time is how the power of the state and of business with respect to citizens and customers has been radically transformed under this new regime of ubiquitous surveillance. Obviously, I feel a particular way about this, but I am just stating the obvious: these issues are deeply political because the fragile balance of powers in liberal democracy and in our capitalist economies have been inexorably rocked by technological changes.
> 
> In this context, the question of "how much encryption" is a technical question that is also deeply intertwined with the major political debates of our day. One only has to note the major headlines around the world about the ietf calls for encryption in http 2.0. How often have ietf meetings garnered such global coverage?
> 
> Scientists and engineers are often forced into political arenas without their desire or foresight. Take, for example, the history of genomics, climate change, or nuclear physics. Historically, the scientists and engineers have clung desperately to the cloak of objective science, even as their work took on increasingly obvious political ramifications. My hope for the internet is that we could perhaps bypass such silliness and embrace the obvious political nature of our work. Being honest with ourselves does not push anyone toward any particular technical or political stance, except that perhaps we can be more transparent in our justifications.
> 
> In the immortal words of Voltaire, and Spiderman, with great power comes great responsibility.
> 
> -elijah
> 
> --
> I prefer encrypted email - https://bitmask.net/key/elijah.
> _______________________________________________
> perpass mailing list
> perpass@ietf.org
> https://www.ietf.org/mailman/listinfo/perpass

***  Please note that this message and any attachments may contain confidential 
and proprietary material and information and are intended only for the use of 
the intended recipient(s). If you are not the intended recipient, you are hereby 
notified that any review, use, disclosure, dissemination, distribution or copying 
of this message and any attachments is strictly prohibited. If you have received 
this email in error, please immediately notify the sender and destroy this e-mail 
and any attachments and all copies, whether electronic or printed.
Please also note that any views, opinions, conclusions or commitments expressed 
in this message are those of the individual sender and do not necessarily reflect 
the views of Fortinet, Inc., its affiliates, and emails are not binding on 
Fortinet and only a writing manually signed by Fortinet's General Counsel can be 
a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. ***