Dog.ma resolves, but isn’t interesting. Opti.ma is parked, which almost seems appropriate.
Enig.ma doesn’t resolve, which also seems appropriate, and it isn’t available. And neither are mag.ma and dra.ma.
Look.ma exists but is boring.
Ma.ma doesn’t resolve and isn’t available. Nor is Kar.ma.
Nor even meh.ma.
OK, back to work now.
The IETF has issued RFC 7258, aka Best Current Practice 188, “Pervasive Monitoring Is an Attack”. This is an important document. Here’s a snippet of the intro:
Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.
The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community’s consensus and establishes the technical nature of PM.
The term “attack” is used here in a technical sense that differs somewhat from common English usage. In common English usage, an attack is an aggressive action perpetrated by an opponent, intended to enforce the opponent’s will on the attacked party. The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties.
The conclusion is simple, but powerful: “The IETF will strive to produce specifications that mitigate pervasive monitoring attacks.”
I can’t help but see this as a shining example of the IETF living up to its legitimate-rule-making potential, as I described in my 2003 Harvard Law Review article Habermas@discourse.net: Toward a Critical Theory of Cyberspace.
Below, I reprint my abstract: Continue reading
This doesn’t happen very often — well, ever, actually — a staff writer on the Wall Street Journal Editorial page just quoted favorably from one of my articles.
Lest the quote make me sound like more of a jingo than I actually am, let me explain the context. The US Department of Commerce (DoC) has been gradually extricating itself from management of the Internet domain name system (DNS). Until a few weeks ago, the major recent step in that distancing process was the so-called “Affirmation of Commitments” between the DoC and the Internet Corporation for Assigned Names and Numbers (ICANN) which I wrote about in Almost Free: An Analysis of ICANN’s ‘Affirmation of Commitments’, 9 J. Telecom. & High Tech. Law 187 (2011). That paper updated my original ICANN paper, Wrong Turn in Cyberspace: Using ICANN to Route Around the APA and the Constitution, 50 DUKE L.J. 17 (2000), in which I explained the complicated web of relationships between DoC, ICANN, and other major players.
But ten days ago, everything changed again — sort of. In response to international political pressure that intensified after the Snowden revelations, the DoC announced that it planned to let go of its major remaining lever over ICANN, control of the so-called IANA function, as soon as the international community could craft a suitable transition plan. ICANN of course rushed to suggest that the transition should be to ICANN, but DoC (via the NTIA) has quite properly suggested that this isn’t quite what it had in mind.
Governments around the world are thought to prefer a system like the ITU or the UN (although not those bodies themselves) which are primarily controlled by governments on a one-sovereignty, one-vote system. And now we come to the part of this which I oppose. As accurately quoted by the WSJ, I believe it would be a mistake to give despots a say over the communications of democracies. Thus a fully world-wide international body dominated by governments seems like the wrong tool to me. It could be international but non-governmental. It could be run by a committee of democracies. We could give the whole thing to Canada (my favorite, but alas unlikely solution). Fortunately the US government has clarified its original remarks by saying it isn’t signing a blank check, and there are also ambiguities in what exactly got promised. So everything remains to be decided. But there are many interest groups that want this to happen as quickly as possible — before the US changes its mind, and before opposition groups wanting structural separation from ICANN or more accountability get organized. So we could be in for a wild ride.
I was interviewed on the Takeaway recently, and they played the sequence today. The subject was ICANN’s expansion of the gTLD space. The other speaker was Cyrus Namazi, vice president of Domain Name System Services at ICANN.
For some reason I sounded really hoarse….
I am mostly OK with cloud-based services that keep a master set of my files so long as I have a complete set on my hard drive too. That’s how Dropbox works. I give up some privacy — if Dropbox gets a subpoena or a National Security Letter they’ll give up my data and I’ll never know, plus the stuff is no doubt scanned in transit by You Know Who. But I get a lot of convenience, plus the security of being able to recover accidentally deleted files. And if something is really private, I could just keep it off the Dropbox.
Where I draw the line is cloud-only services like Google Drive or Box.com. This ITworld article, How Box.com allowed a complete stranger to delete all my files illustrates why.
Photo Copyright (c) 2009 Derrich, licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.