| Online: | |
| Visits: | |
| Stories: |
| Story Views | |
| Now: | |
| Last Hour: | |
| Last 24 Hours: | |
| Total: | |
Pervasive Monitoring Is an Attack
That’s the title of RFC 7258, also known as BCP 188 (where BCP stands for “Best Common Practice”); it represents Internet Engineering Task Force consensus on the fact that many powerful well-funded entities feel it is appropriate to monitor people’s use of the Net, without telling those people. The consensus is: This monitoring is an attack and designers of Internet protocols must work to mitigate it.
Concretely, quoting from the RFC (PM stands for Pervasive Monitoring): “Those developing IETF specifications need to be able to describe how they have considered PM, and, if the attack is relevant to the work to be published, be able to justify related design decisions.”
The back story · Since the pervasive-surveillance story broke in June 2013, it’s reasonable to wonder why the IETF is putting this stake in the ground in May of 2014. The IETF works by “rough consensus”, and the path to this particular consensus was particularly rough. The resistance was vociferous, and fell into some of these baskets:
- “This is politics. The IETF doesn’t/shouldn’t do politics.”
- “There are legitimate reasons to monitor Internet traffic.” (For example, in businesses and prisons.)
- “I work in an area where privacy technologies can’t be used.” (One example is ham radio).
- “Privacy technologies will drive up the cost of deploying, managing, and using the Net.”
- “The IETF Security Area Directors were mean to me in the past, got in the way of publishing important work, and this will give them another club to beat me with.”
Source: http://philosophers-stone.co.uk/wordpress/2014/05/pervasive-monitoring-is-an-attack/
