Hello,
At 22:34 05-12-2015, Chris Lewis wrote:
Privacy is only about state surveillance? That seems to be a, um,
remarkably narrow definition, and completely ignores the privacy
issues that people usually get harmed by. Furthermore, state
surveillance doesn't need to scrape headers, they just get the
providers to reveal the contents of their logs, which no amount of
header obfuscation can hide.
It is indeed a narrow definition. I am limiting my discussion of the
proposed charter to what has previously been discussed on the perpass
mailing list [1] and on this mailing list. It is up to the
participant working for provider which was asked to reveal the
contents of its logs to argue for including that aspect in the
proposed charter if the participant wishes to do so.
The NSA didn't get their 5 years worth of universal phone penlogs
from tapping wires, they did it with taps right into the provider's
equipment. No amount of on-the-wire fussing would have done a thing.
That is not mentioned in RFC 7258.
The biggest fault with the charter that there is no mandate
whatsoever to explore/mention/define the risks (of either revealing
the information or omitting it).
I can see a BCP on privacy protection arising out of this effort,
but without any serious attempt to give the reader guidance on
pro/con, it'll do more harm than good.
I am still trying to understand the problem(s) which the proposed
working group might work on. I am unable to say anything useful
about the above at the moment.
Regards,
-sm
1. https://www.ietf.org/mail-archive/web/perpass/current/maillist.html
_______________________________________________
Shutup mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/shutup
