Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG

Chris Lewis <ietf@mustelids.ca> Sun, 06 December 2015 06:34 UTC

To: shutup@ietf.org
References: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com>
From: Chris Lewis <ietf@mustelids.ca>
Message-ID: <5663D70D.30707@mustelids.ca>
Date: Sun, 06 Dec 2015 01:34:53 -0500
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.23) Gecko/20090812 Thunderbird/2.0.0.23 Mnenhy/0.7.6.666
MIME-Version: 1.0
In-Reply-To: <6.2.5.6.2.20151205205343.0c75fed0@elandnews.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/shutup/YnZYmc9ZB9XP-sL0nqXXfOf254o>
Subject: Re: [Shutup] Proposed Charter for the "SMTP Headers Unhealthy To User Privacy" WG
Precedence: list

On 12/06/2015 12:24 AM, SM wrote:

> An attack on organization is a security issue; it isn't a privacy
> issue.  The privacy issue is about mail-related metadata which can be
> collected by state surveillance agencies.  Will the proposed working
> group attempt to fix that?

Privacy is only about state surveillance?  That seems to be a, um, 
remarkably narrow definition, and completely ignores the privacy issues 
that people usually get harmed by.  Furthermore, state surveillance 
doesn't need to scrape headers, they just get the providers to reveal 
the contents of their logs, which no amount of header obfuscation can hide.

The NSA didn't get their 5 years worth of universal phone penlogs from 
tapping wires, they did it with taps right into the provider's 
equipment.  No amount of on-the-wire fussing would have done a thing.

This harks back to a big investigation I was involved with in the late 
1970's/early 80's[*], prompted by a huge public uproar over (supposed) 
LE access to medical information from Canada's (Ontario's) health 
insurance programme (and later spread to Workman's Compensation).

Our investigation showed that there were indeed a few (on the order of 
a dozen or two) LE-related incidents, and as far as I remember, not one 
of them involved medical information (they were current address searches 
in order to serve warrants).  The real problem was 3rd party private 
insurers accessing full medical information of thousands of people (we 
proved out more than 5000 incidents with one insurer alone) that could 
result in severe financial or in some cases medical harm.  At least one 
suicide resulted, probably more.  Oh, and yes, some of the access claims 
were entirely bogus (eg: claims of accessing information that didn't and 
couldn't exist) - made up by people who were happy to lie to the 
journalists and get their own tiny bits of fame and a few beers.

The biggest fault with the charter that there is no mandate whatsoever 
to explore/mention/define the risks (of either revealing the information 
or omitting it).

I can see a BCP on privacy protection arising out of this effort, but 
without any serious attempt to give the reader guidance on pro/con, 
it'll do more harm than good.

[*] The Royal Commission of Enquiry into the Confidentiality of Health 
Records in Ontario.  I was the computer security consultant/advisor ro 
the commission.  The first "Krevor Commission".  Most Canadians will 
associate Justice Krevor (Ontario Supreme Court Judge) with the tainted 
blood Commission years later.

We plugged quite a few policy/procedural holes, the Ministry of Health 
got bruised and battered by it, but survived.  A lot of really good 
things happened from that Commission and carried over to other 
jurisdictions and even other countries, I'm quite proud of my minor 
contributions.

Re: [Shutup] Proposed Charter for something Ted Lemon
[Shutup] Proposed Charter for the "SMTP Headers U… Alexey Melnikov
Re: [Shutup] Proposed Charter for the "SMTP Heade… John R Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Alexey Melnikov
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Jim Fenton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Rolf E. Sonneveld
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Newman
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] chained authorizationm, was Proposed… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] chained authorizationm, was Proposed… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Randall Gellens
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ned Freed
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Tony Finch
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen (b)
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… John Levine
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Stephen Farrell
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Simon Josefsson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… John Levine
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Richard Clayton
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Steve Atkins
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Kurt Andersen
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Al Iverson
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Derek J. Balling
Re: [Shutup] [ietf-smtp] Proposed Charter for the… MH Michael Hammer (5304)
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] real life privacy tradeo… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Robert A. Rosenberg
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Dave Crocker
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Chris Lewis
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Ted Lemon
Re: [Shutup] [ietf-smtp] Proposed Charter for the… Hector Santos
[Shutup] Proposed Charter for the "SMTP Headers U… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for the "SMTP Heade… SM
Re: [Shutup] Proposed Charter for the "SMTP Heade… Martijn Grooten
Re: [Shutup] Proposed Charter for the "SMTP Heade… Chris Lewis
Re: [Shutup] Proposed Charter for something John Levine
Re: [Shutup] Proposed Charter for the "SMTP Heade… Robert A. Rosenberg
Re: [Shutup] Proposed Charter for something Dave Crocker
Re: [Shutup] Proposed Charter for something Martijn Grooten
Re: [Shutup] [ietf-smtp] Proposed Charter for som… John C Klensin
Re: [Shutup] Proposed Charter for something Stephen Farrell
Re: [Shutup] Proposed Charter for the "SMTP Heade… Ned Freed
Re: [Shutup] Proposed Charter for the "SMTP Heade… Stephen Farrell
Re: [Shutup] Proposed Charter for the "SMTP Heade… Christian Huitema
Re: [Shutup] [ietf-smtp] Proposed Charter for som… Chris Lewis
Re: [Shutup] Proposed Charter for something Hector Santos