Category Archives: Internet

IETF’s Habermasian Resolve to Work Against Pervasive Monitoring

The IETF has issued RFC 7258, aka Best Current Practice 188, “Pervasive Monitoring Is an Attack”. This is an important document. Here’s a snippet of the intro:

Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.

The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community’s consensus and establishes the technical nature of PM.

The term “attack” is used here in a technical sense that differs somewhat from common English usage. In common English usage, an attack is an aggressive action perpetrated by an opponent, intended to enforce the opponent’s will on the attacked party. The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties.

The conclusion is simple, but powerful: “The IETF will strive to produce specifications that mitigate pervasive monitoring attacks.”

I can’t help but see this as a shining example of the IETF living up to its legitimate-rule-making potential, as I described in my 2003 Harvard Law Review article Habermas@discourse.net: Toward a Critical Theory of Cyberspace.

Below, I reprint my abstract: Continue reading

Posted in Internet, Surveillance, Writings | Leave a comment

Quoted on WSJ Editorial Page

pig-flyThis doesn’t happen very often — well, ever, actually — a staff writer on the Wall Street Journal Editorial page just quoted favorably from one of my articles.

Lest the quote make me sound like more of a jingo than I actually am, let me explain the context. The US Department of Commerce (DoC) has been gradually extricating itself from management of the Internet domain name system (DNS). Until a few weeks ago, the major recent step in that distancing process was the so-called “Affirmation of Commitments” between the DoC and the Internet Corporation for Assigned Names and Numbers (ICANN) which I wrote about in Almost Free: An Analysis of ICANN’s ‘Affirmation of Commitments’, 9 J. Telecom. & High Tech. Law 187 (2011). That paper updated my original ICANN paper, Wrong Turn in Cyberspace: Using ICANN to Route Around the APA and the Constitution, 50 DUKE L.J. 17 (2000), in which I explained the complicated web of relationships between DoC, ICANN, and other major players.

But ten days ago, everything changed again — sort of. In response to international political pressure that intensified after the Snowden revelations, the DoC announced that it planned to let go of its major remaining lever over ICANN, control of the so-called IANA function, as soon as the international community could craft a suitable transition plan. ICANN of course rushed to suggest that the transition should be to ICANN, but DoC (via the NTIA) has quite properly suggested that this isn’t quite what it had in mind.

Governments around the world are thought to prefer a system like the ITU or the UN (although not those bodies themselves) which are primarily controlled by governments on a one-sovereignty, one-vote system. And now we come to the part of this which I oppose. As accurately quoted by the WSJ, I believe it would be a mistake to give despots a say over the communications of democracies. Thus a fully world-wide international body dominated by governments seems like the wrong tool to me. It could be international but non-governmental. It could be run by a committee of democracies. We could give the whole thing to Canada (my favorite, but alas unlikely solution). Fortunately the US government has clarified its original remarks by saying it isn’t signing a blank check, and there are also ambiguities in what exactly got promised. So everything remains to be decided. But there are many interest groups that want this to happen as quickly as possible — before the US changes its mind, and before opposition groups wanting structural separation from ICANN or more accountability get organized. So we could be in for a wild ride.

Posted in ICANN, The Media | Leave a comment

I Was on NPR Today

I was interviewed on the Takeaway recently, and they played the sequence today. The subject was ICANN’s expansion of the gTLD space. The other speaker was Cyrus Namazi, vice president of Domain Name System Services at ICANN.

For some reason I sounded really hoarse….

Posted in ICANN, The Media | Leave a comment

A Dark Side of the Cloud

Mammatus-storm-clouds_San-AntonioI am mostly OK with cloud-based services that keep a master set of my files so long as I have a complete set on my hard drive too. That’s how Dropbox works. I give up some privacy — if Dropbox gets a subpoena or a National Security Letter they’ll give up my data and I’ll never know, plus the stuff is no doubt scanned in transit by You Know Who. But I get a lot of convenience, plus the security of being able to recover accidentally deleted files. And if something is really private, I could just keep it off the Dropbox.

Where I draw the line is cloud-only services like Google Drive or Box.com. This ITworld article, How Box.com allowed a complete stranger to delete all my files illustrates why.

Photo Copyright (c) 2009 Derrich, licensed under the Creative Commons Attribution-Share Alike 3.0 Unported license.

Posted in Internet | 2 Comments

Pretty Evil

Google has joined ALEC.

Posted in Internet, Politics: US | 3 Comments

Is .kosher Kosher?

Harold Feld is always worth reading. Usually he posts on telecoms; today he has a great read on the issues surrounding the application to ICANN for .kosher. Surprisingly, the issues include the role of he US government in bringing concerns to ICANN, and whether objections to .kosher will get the same hearing as objections to .halal.

See Is Sauce for the .Halal Goose Sauce for the .Kosher Gander At The ICANN Meeting In Durban? for the full scoop.

Posted in ICANN | 1 Comment

DRM, HTML5, and You

EFF just took its first act as a full member of the World Wide Web Consortium (W3C): it filed an objection to the W3C’s plans to put Digital Rights Management (DRM) into HTML5, the next version of the HTML standard. In a statement EFF said,

DRM standards look like normal technical standards but turn out to have quite different qualities. They fail to implement their stated intention – protecting media – while dragging in legal mandates that chill the speech of technologists, lock down technology, and violate property rights by seizing control of personal computers from their owners.

You can learn more at EFF’s Why the HTML5 Standard Fight Matters.

I am particularly concerned about this issue because I see a link between DRM and the undermining of anonymity — the heart of most DRM is identifying who is accessing content, and that creates systems which either directly make anonymity more difficult, or map the way for others to implement those systems.

OBDisclosure: I’m a proud member of the EFF Advisory Board.

Posted in Internet, Law: Copyright and DMCA | Leave a comment