Hi Fred,
At 00:50 27-02-2014, Fred Baker (fred) wrote:
I'm having some problems deciphering this conversation, and the
traffic-peeking draft. What is being alleged, and by whom?
Nothing is being alleged. I mentioned (in the draft) that "It was
the belief of the IETF that "mechanisms designed to facilitate or
enable wiretapping, or methods of using other facilities for such
purposes, should be openly described". That's the IETF angle. As to
why the document was written I consider that an open explanation has
been given. I mentioned "conflict of interest" as it can come out
like I am favoring Cisco out of interest.
Between appendices B and C, I'm not sure I know the difference
between "wiretap" and "lawful intercept", which is now more properly
referred to "lawfully authorized electronic surveillance". If you
want to know what we wrote RFC 3924, it was because RFC 2804 asked
us to. If you want to know why we implemented an intercept solution,
it's because our customers were required by law to deploy one, and
we're their vendor. If you want to know why I got involved, it's
because Johann Bakker, who at the time was holding the pen on the
ETSI specification, told me that it was pushing a model in which
every fiber was split and one end shoved under the intelligence
service's door, which could then take what it liked. I wanted there
to be a warrant before the interception took place, which is
consistent with US law, and I wanted audit trails. Getting them
meant I needed to be involved.
And the point of all of this is...?
I used "wiretap" in the draft as I was referring to the IETF
policy. The "lawful intercept" is more interesting. There is a need
for interception as part of the work on criminal activity in most
countries of the world. The draft references legislation from the
United States and the European Union as that were the only public
references I could use. I avoided Latin America as the material I
found was in Spanish. There is very little material for Africa
online. There was also the language problem for Asia and the
question of which references to choose. The material (authoritative
source) from Russia was not in English.
The point of all this is the tussle (Clark D., Wroclawski J., Sollins
K., Braden R., "Tussle in cyberspace: Defining tomorrow's Internet",
2002.). There is also the matter of understanding IETF decisions
which were taken many years ago. If I look at the RFC outside that
context I could form an incorrect opinion [1] (speaking for myself
and not saying that it should be the right conclusion).
The conclusion from the draft is:
"The end user will usually be at the losing end of the bargain in
a tussle between the end user and government when Internet traffic
wiretapping is a matter of national security."
That would apply to my location. As a thought experiment if everyone
on this mailing list looked into that from his/her own jurisdiction,
would the conclusion be different?
Regards,
S. Moonesamy
1. I personally do not think that you did anything wrong in
publishing that RFC.
_______________________________________________
ietf-privacy mailing list
ietf-privacy@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-privacy