On Wed, 6 Nov 2013, Dean Willis wrote:
On Nov 5, 2013 7:17 PM, "Nicholas Weaver" <[email protected]> wrote:
On Nov 5, 2013, at 5:12 PM, Dean Willis <[email protected]> wrote:
Wrong. See, the GCHQ has been surveilling US citizens using taps, and
the NSA has been surveilling UK citizens using taps. Both are allowed to
use covert mechanisms to surveil foreigners. Then they trade data sets with
each other.
This is state surveillance, but since it’s quite reasonably “illegal”,
it also requires secrecy. Securing the transit links such that a “legal
order” is required would significantly impact the interception.
Except that its clear that they already HAVE gotten "legal" orders for
such surveillance. E.g. AT&T secret room, GCHQ's deal with Level 3, etc...
There are basically two classes of surveillance that require distinct
analysis:
1) Surveillance that requires collaboration by service providers, generally
through a "legal" framework of compulsion or a less qualified process of
human subversion. Overt, mostly. Typically used within the legal domain of
a state actor or enterprise.
2) Surveillance that can occur without the knowledge or support of the
provider. Illegal within the US, typically launched from outside the domain
of a state actor or enterprise.
Phill made the point during his talk at the BoF yesterday, that (roughly
speaking), we should consider cases where our actions cause attacks to
move from class (2) to class (1) to be victories. This is (to me),
broadly speaking, true, in that it gives the collective us more knowledge
about what is going on.
However, I fear that the knowledge we gain may be more limited that we
would like. In particular, I fear that NSLs or similar things will come
with gag orders so strong that the company's counsel will not be able to
use knowledge of them to alter company policy, or even that the gag will
prevent the engineer being served from contacting the company's counsel.
There are probably technical measures which could help a little, such as
requiring multiple persons to authenticate certain classes of operations,
though I suspect those are out of scope for IETF protocol work.
-Ben Kaduk
(I have received between -1000 and 0 NSLs in the past 30 years.)
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
