On 12/06/2015 02:48 AM, SM wrote:
Hello,
At 22:34 05-12-2015, Chris Lewis wrote:
Privacy is only about state surveillance? That seems to be a, um,
remarkably narrow definition, and completely ignores the privacy
issues that people usually get harmed by. Furthermore, state
surveillance doesn't need to scrape headers, they just get the
providers to reveal the contents of their logs, which no amount of
header obfuscation can hide.
It is indeed a narrow definition. I am limiting my discussion of the
proposed charter to what has previously been discussed on the perpass
mailing list [1] and on this mailing list. It is up to the participant
working for provider which was asked to reveal the contents of its logs
to argue for including that aspect in the proposed charter if the
participant wishes to do so.
The NSA didn't get their 5 years worth of universal phone penlogs from
tapping wires, they did it with taps right into the provider's
equipment. No amount of on-the-wire fussing would have done a thing.
That is not mentioned in RFC 7258.
I don't see how that matters.
Also, as others have remarked, legal/regulatory log access is
out-of-scope for the IETF (a legal/regulatory issue not a technical
one), so how could RFC7258 mention it? Out of scope is out of scope,
whether the provider wants to include it or not.
I'll also note that the second page of RFC7258 specifically states:
"The motivation for PM can range from non-targeted nation-state
surveillance, to legal but privacy-unfriendly purposes by commercial
enterprises, to illegal actions by criminals."
IOW: if this is about pervasive monitoring (perpass), you can't leave
out 2/3rds of the actors (and far more than 2/3rds of the demonstrated
risk) and expect to have any useful validity.
By limiting us to the actors who don't care about headers, knowing you
can't include log access in whether you want to or not, this WG is
completely without a purpose. Or was that your point? ;-)
_______________________________________________
Shutup mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/shutup
