On Sep 10, 2013, at 8:03 PM, Scott Brim <[email protected]> wrote:
> On Mon, Sep 9, 2013 at 12:39 PM, Peter Saint-Andre <[email protected]> wrote: >> We'll want to use the high-bandwidth time wisely, and we know that >> security-related discussions (well, all discussions) can easily go off >> track. Staying focused on the core issues, and on problems that might >> have engineering solutions, will be paramount. > > This is a scope question. How do we decide what to focus on? I > suggest that we start by saying it's not security, and it's not > surveillance, it's privacy, i.e. the ability to control the flow of > one's personal information (there's your definition, Dave). Yep. > Security is too large a scope, Absolutely. > while surveillance is too small. A key difference between "privacy" and "privacy against pervasive surveillance" is that most models of privacy (including that in 6973) implicitly or explicitly assume that the attacker has a specific target in mind, and that the object of the game is identifying that target; in pervasive surveillance, this is not the case. This is indeed one of the reasons it's above and beyond (targeted) lawful intercept in terms of the threat it presents. Practically speaking, being uninteresting is no defense (not that it's ever really a _good_ defense, "but I have nothing to hide" notwithstanding). Nor is being indistinguishable, if k-anonymity merely means you're lumped into a k-member group, such that that k-member group has defining characteristics that themselves may prove to be interesting. So, "privacy", but with a focus on pervasive surveillance as the specific threat. Best regards, Brian > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
