More than a decade ago I was involved in the Internet standards (being on the IAB) and we responded to the RIPA excessive intrusions in the US (and elsewhere) quite robustly - see for example with RFC1984 (so aptly numbered by the late, lamented Jon Postel - see IAB's statement on crypto)).
So then we thought that was that.
Some of us built some cool network monitoring technology (e.g. Endace) which was originally used (innocently) for long term understanding of the evolution of internet traffic characteristics (and led to fine conferences like PAM and IMC (this years conf)
So it became apparent that some agencies in funny big round buildings in the US and UK were buying lots of this kit (esp. when they insisted that companies that built and programmed it only have US citizen employees).
So these, and other worries about wiretap by good and bad agencies led many Cloud service providers (think social media, search, webmail, etc) to turn on HTTPS by default - after all much of the Internet runs over unsecured physical infrastructure, and much of its use is now a big carrier of transactions of financial worth (home shopping, home banking, whole sale information business too), so loss of identity is no joke - we were aware of the threat - or so we thought
We complied with lawful intercept requests - why would we not? we aren't the bad guys - we want to be a contributer to a healthier, wealthier, greener, happier, safer world. THat's the kind of people we are in the Internet Staff.
Now they are not only doubly wasting our money, the unintended consequence of having to harden the net against these hardened criminal nut agencies, is that the bad guys will go dark along with the good, not by default - permanently, ubiquitously, eternally, with forward and backward secrecy.
Not even evidence will be gettable - even with warrants.
Well done, NSA and GCHQ. This happened under your watch, not ours.
well hard
No comments:
Post a Comment