Elijah, I have a sociology background as well, and found resonance in your comments.
As a security technologist, I often tell people that security is not required for productivity. A new protocol or application can be highly productive without being secure. A significant challenge is in changing the mindset of participants to incorporate security as a goal of design. But we have to consider the technical, political, and economic (cost) factors of what we do. In the discussion of opportunistic encryption, we have to recognize that there is a significant barriers in all three areas. Encryption everywhere is over-simplistic, and is biased on the idea that the math works. But we have to remember that just like bad security is equivalent to no security, bad implementations of encryption generate costs and hassles without benefit. I have heard comments regarding pervasive surveillance as an attack on the Internet, and am concerned about cycles lost in overreaction, analogous to how we perceive the Patriot Act, TSA, and Air Marshals as an overreaction to 9/11. We applaud the concept of Google searches, but are repelled by the concept of data analytics, which is an inherent byproduct of search engines. In a decade past we demanded 1Gbps wired to the desktop, but gave it up for 11Mbps of shared wireless, even if it was not secure and subject to surveillance. But the productivity gained by searches and wireless are not in question, and the side effects seen as a reasonable cost/risk at the time The reality is with the NSA, we have an ultimate peer-review organization. One that is prepared to expend tremendous resources to find and exploit weaknesses in the protocols we design. It's not that they are smarter (although as Bruce points out, likely a decade ahead in math), but they are more tenacious, and they play dirty. Collectively, we need to change our thinking. Ed Lopez Sent from my iPhone ... Sorry for any auto-correct errors > On Dec 5, 2013, at 2:26 AM, "Elijah Sparrow" <[email protected]> wrote: > > As an outsider to the IETF, and one-time sociologist, I found the repeated > calls in Vancouver 88 and on this list for decisions to be made based solely > on technical merit and not political argument to be extremely fascinating. > > There was once a time when the design of a protocol or standard could be done > in a manner that benefited nearly everyone who might be touched by it. These > days are surely past. Nearly every single debate or question that has come up > on this list is deeply political, if for no other reason than whatever > decisions are made will create winners and losers, people who benefit from > the choice and people who are harmed by the choice. > > In the sweep of history, information capitalism has come to a moment of > truth, where the material infrastructure that the IETF and technologists the > world around have helped to create has now matured into both an economic > engine and a state intelligence system based on mass surveillance. Perhaps > the most distinguishing political debate of our time is how the power of the > state and of business with respect to citizens and customers has been > radically transformed under this new regime of ubiquitous surveillance. > Obviously, I feel a particular way about this, but I am just stating the > obvious: these issues are deeply political because the fragile balance of > powers in liberal democracy and in our capitalist economies have been > inexorably rocked by technological changes. > > In this context, the question of "how much encryption" is a technical > question that is also deeply intertwined with the major political debates of > our day. One only has to note the major headlines around the world about the > ietf calls for encryption in http 2.0. How often have ietf meetings garnered > such global coverage? > > Scientists and engineers are often forced into political arenas without their > desire or foresight. Take, for example, the history of genomics, climate > change, or nuclear physics. Historically, the scientists and engineers have > clung desperately to the cloak of objective science, even as their work took > on increasingly obvious political ramifications. My hope for the internet is > that we could perhaps bypass such silliness and embrace the obvious political > nature of our work. Being honest with ourselves does not push anyone toward > any particular technical or political stance, except that perhaps we can be > more transparent in our justifications. > > In the immortal words of Voltaire, and Spiderman, with great power comes > great responsibility. > > -elijah > > -- > I prefer encrypted email - https://bitmask.net/key/elijah. > _______________________________________________ > perpass mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/perpass *** Please note that this message and any attachments may contain confidential and proprietary material and information and are intended only for the use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any review, use, disclosure, dissemination, distribution or copying of this message and any attachments is strictly prohibited. If you have received this email in error, please immediately notify the sender and destroy this e-mail and any attachments and all copies, whether electronic or printed. Please also note that any views, opinions, conclusions or commitments expressed in this message are those of the individual sender and do not necessarily reflect the views of Fortinet, Inc., its affiliates, and emails are not binding on Fortinet and only a writing manually signed by Fortinet's General Counsel can be a binding commitment of Fortinet to Fortinet's customers or partners. Thank you. *** _______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
