On Oct 20, 2013, at 4:21 AM, Ted Hardie <[email protected]<mailto:[email protected]>> wrote:
Like most folks involved in this list, I have a personal response to the current situation and some thoughts on how it will impact my or our work in the future. Since I expect we will pretty short of mic time in Vancouver for thoughts like these, I decided to write them out. http://tools.ietf.org/html/draft-hardie-perpass-touchstone-00 is the result. It's quite short but a quick summary is this: Pervasive monitoring induces self-censoring which harms the Internet and its users. At the scale of the modern Internet, that means it harms humanity. We can and should change our approach to Internet engineering and system design to deal with this. There will be costs for that, but we should pay them. It helps me, personally, to focus on a single user when asking whether a system or protocol is appropriate in the current environment. The draft lays out why. regards, Ted Hardie Hi, Ted In your draft, you propose we ask ourselves a question about any protocol we design, and that question can be something like "Can a gay kid in Uganda use this safely?" IMO nothing we do here can yield an unqualified "yes" answer to that question. Nothing here relates to public statements such as personal blogs or Internet Drafts. Those are obviously public and the authors are identified, and the state apparatus can read them just fine, regardless of how secure we make them. So there are two kinds of communications that we would seek to protect. public statements made anonymously, and private statements made either person-to-person or within a small group. You can't avoid any kind of monitoring, pervasive or otherwise, without having both encryption and authentication. This is regardless of whether the encryption and authentication are with the communications peer or with an anonymizer. Encryption and authentication with a middlebox (such as using a web-based mail service with TLS) is not sufficient, as the privacy of the communications depends on both the trustworthiness of the intermediary and strength of the authentication that the intermediary performs. I think it would be naive to expect an intermediary providing a web service to resist the government. So we're left with mandatory mutual authentication. And that's the issue. We (meaning the people who work on Internet infrastructure) have never been able to deploy an identity management system good enough that everyone will use it. I am not familiar enough with Ugandan politics to know to what extent the anti-gay laws are enforced or investigated. Most European countries and US states had such laws for decades without the police ever expending any resources to catch the criminals. But from what I've read in Wikipedia, the human rights situation is pretty grim for gays. So although it's tempting to think that using a US-based service like GMail would be safe from the local government, I don't think that's good enough to merit an unqualified "yes" answer to your question. The thing about pervasive monitoring, is that even if it was set up to catch terrorists, once the system is in place, it's very tempting to use the collected information to fight crime. If the Ugandan government has decided to investigate a specific person, they can big his phone, install spyware on his computer, and follow him around. They will find evidence. The best we can do is to make our protocols such that pervasive surveillance is impossible. We can only hope, that if surveillance resistance is made such that the US government has the resources to spy on 10,000 people while Uganda has the resources to spy on 9 people (based on the ratio of national budget expenditures), that the Ugandan government will not waste its precious 9 "slots" on tracking down homosexuals. So while I don't think we can make any particular protocol safe for a suspect, we can make it so that the average person feels safe enough to risk private communications as long as they believe they are "under the radar". Ideally, the steps to reach that goal would be enough to obscure the few who do use strong person-to-person authentication. But even with strong person-to-person authentication, a gay Ugandan would still have to avoid discussing anything that is illegal in Uganda with people he's not familiar enough with, for fear they are government agents. There can be no online support group helping teenagers, and there can be no Internet dating sites. Nothing we do can make that happen. Yoav
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
