On 09/29/13 20:44, Avri Doria wrote:
Another big reason. Your own government can act on the information in
many more ways that a foreign governments. As an example:, what do I
care what info Iran collects on me, as long as I am not planning to go
to Iran and it does not affect anyone I know in Iran. But if my
government gets itself in a twist on my talking to people in Iran, you
bet I care about the surveillance. Of course no spying ever on anyone
is the Good. But that is also the Unlikely. No matter how many laws,
treaties or covenants are inked.
True, but if you are a European campaigning against global warming, or
Iraq war, or other US foreign polic, then you have US as adversary more
than own govt. (modulo that govt. and FVEY etc.)
2) the "political" purposes in the defn. of FII I point at would be
illegal in EU (they don't exist in corresponding EU laws, and the
Belgacom/GCHQ case will be a real test case on this point). The fact is
that it is not illegal (in US) for the US to do that to (say) Belgium,
but is it is illegal for one European state to do that to another
(political spying rather than "genuine" national security)
This is an incredibly important point which I still not think is widely
understood (especially by people in US)
There could be jusrisdictional reasons for that
maybe (not that I'd understand those) but I don't think such a
recommendation really touches on pervasive monitoring at all unless
you're under the misaprehension that .eu governments are all far too
nice for that kind of thing or something. Can you explain that one?
Does it matter, really who may or may not end up invading clouds' privacy with
surveillance - either legally or roguishly. Isn't making it as difficult as
possible at as many layers as possible the goal?
But for "the Cloud" as massively parallel computation (or plain vanilla
IaaS or SaaS) - THERE IS NO TECHNICAL DEFENCE (homomorphic is
commercially useless)
Wouldn't the question be how to make private really difficult to
surveil cloud arrangements for various groupings, whether divided
along state lines, regional lines or community lines?
There is no technical defence. If the Cloud provider can see plaintext
then they are vulnerable to laws like FISA .702
And legislation can punish efforts that go beyond acceptable
infraction levels. And International treaties can set limits and
conditions for international action/sanction in respect to actions
that go beyond agreed upon infraction levels.
That's why my recommendation is a (EU - gotta start somewhere) full
Treaty binding on US (but whether one can believe in that is another -
important - problem)
CB
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
