Thursday, November 07, 2013


More than  a decade ago I was involved in the Internet standards (being on the IAB) and we responded to the RIPA excessive intrusions in the US (and elsewhere) quite robustly - see for example with RFC1984 (so aptly numbered by the late, lamented Jon Postel - see IAB's statement on crypto)).

So then we thought that was that.

Some of us built some cool network monitoring technology (e.g. Endace) which was originally used (innocently) for long term understanding of the evolution of internet traffic characteristics (and led to fine conferences like PAM and IMC (this years conf)

So it became apparent that some agencies in funny big round buildings in the US and UK were buying lots of this kit (esp. when they insisted that companies that built and programmed it only have US citizen employees).

So these, and other worries about wiretap by good and bad agencies led many Cloud service providers (think social media, search, webmail, etc) to turn on HTTPS by default - after all  much of the Internet runs over unsecured physical infrastructure, and much of its use is now a big carrier of transactions of financial worth (home shopping, home banking, whole sale information business too), so loss of identity is no joke - we were aware of the threat - or so we thought

We complied with lawful intercept requests - why would we not? we aren't the bad guys - we want to be a contributer to a healthier, wealthier, greener, happier, safer world. THat's the kind of people we are in the Internet Staff. 

And so, now having stirred the IETF with one big swizzle stick, the NSA and their cronies are going to reap the whirlwind - BUT, this won't just be that they can't wiretap anymore (we did that mostly with HTTPS going on by default, although we can harden systems (like my institution has just done) against MITM attacks too, better - no, we are going to make the WHOLE net and CDN and Cloud go dark - you know why this is BAD, dear #nsa morons? because it means you wont even be able to catch genuine bad guys any more - if you'd cooperated with us instead of attacking us, we wouldn't have had to have done this.

Now they are not only doubly wasting our money, the unintended consequence of having to harden the net against these hardened criminal nut agencies, is that the bad guys will go dark along with the good, not by default - permanently, ubiquitously, eternally, with forward and backward secrecy.

Not even evidence will be gettable - even with warrants.

Well done, NSA and GCHQ. This happened under your watch, not ours.

well hard

No comments:

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home