On 09/29/13 15:33, Stephen Farrell wrote:
I've only skimmed the recommnedations/conclusions so far but have
two comments. (I'll read the rest later, honest:-)
thanks for feedback
- I don't see why a "euro cloud" (section 3.1) would be any less
surveilled, e.g. by .eu governments on their own behalf of on behalf
of their partners.
There's two reasons
1) most people in a democracy prefer to be spied on by their own govts.
not a foreign govt (rather not be spied on at all obviously)
2) the "political" purposes in the defn. of FII I point at would be
illegal in EU (they don't exist in corresponding EU laws, and the
Belgacom/GCHQ case will be a real test case on this point). The fact is
that it is not illegal (in US) for the US to do that to (say) Belgium,
but is it is illegal for one European state to do that to another
(political spying rather than "genuine" national security)
This is an incredibly important point which I still not think is widely
understood (especially by people in US)
There could be jusrisdictional reasons for that
maybe (not that I'd understand those) but I don't think such a
recommendation really touches on pervasive monitoring at all unless
you're under the misaprehension that .eu governments are all far too
nice for that kind of thing or something. Can you explain that one?
It is "niceness" actually, to the extent European human rights law
prohibits this (really, it does)
If they do it, they are breaking the law (ECHR)
- I think you could add a recommendation to work with the Internet
community on better technical solutions that can perhaps dramatically
increase the costs for pervasive monitoring.
I agree but it;s hard to put that in legislation ? ("work with the
Internet community"). Best I could get was the free-software recommendation
That's not a purely
cryptographic thing, and is something on which work is being done
e.g. here in the IETF. Note, nobody's claiming that changes made in
the IETF can fully "fix" this problem, but there are things we can
do that can help if they get deployed.
BTW, I think it'd be useful for us as well if the IETF had a way
to learn more about the non-technical reactions to all this stuff,
any ideas there welcome.
Happy to help with that any way I can
Caspar
_______________________________________________
ietf-privacy mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-privacy
