On 15/10/2013 06:57, Brian Trammell wrote: ... >>> Additionally, all this is context dependent as there all >>> kinds of bases for exactly this kind of activity that are >>> operational, commercial, and legal. It would also be >>> interesting to see a definition of "network." Radio >>> networks have been subject to constant monitoring >>> for many decades. Fast forwarding to SDNs and Cloud >>> Computing services, renders most of these this efforts >>> irrelevant. >> Huh? I don't get what you mean. > > I'm also confused, but I'm going to take a guess. > > If by "cloud computing" you mean that protocols are being replaced by > services, then yes, this is a problem. Nothing we can do on the network can > protect against "PRISM"-class surveillance activities, by which I mean at > least one endpoint of the communication (in this case, your email provider) > cooperates with the observer.
A realisation I had while watching "Terms and conditions may apply" on Sunday is that it's even worse. Given the weak privacy protection on the social networks, a very large amount of traffic analysis and personal behaviour analysis is possible without needing the cooperation of even one endpoint. You just scrape stuff off the social network, squirt it through HADOOP, and out comes a list of targets worthy of detailed investigation. That is definitely part of today's threat model. I'd say we actually have a hierarchy of threats to consider, starting with 'big data' analysis of publicly available data and ending with traditional personally targetted wiretapping. Brian C _______________________________________________ perpass mailing list perpass@ietf.org https://www.ietf.org/mailman/listinfo/perpass
