IETF declares war on surveillance

The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: "Pervasive Monitoring Is an Attack." It represents the outcome of a long argument about whether the Internet's technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it's legitimate to monitor communications, like prisons: "We don't want an In­ter­net optimized for prisons."

I and lots of oth­ers didn’t buy the ob­jec­tion­s. My own takes are: First, the doc­u­ment care­ful­ly steers clear of the mo­ti­va­tions for per­va­sive mon­i­tor­ing, most­ly be­cause you can’t fig­ure out what they are. Se­cond, we don’t want an In­ter­net op­ti­mized for pris­on­s. Third, if your ap­pli­ca­tion doesn’t sup­port pri­va­cy, that’s prob­a­bly a bug in your ap­pli­ca­tion. Fourth, the cost of ig­nor­ing surveil­lance ex­ceeds the cost of mit­i­gat­ing it. Fi­nal­ly, the state of In­ter­net pri­va­cy sug­gests that the se­cu­ri­ty peo­ple his­tor­i­cal­ly haven’t been mean enough.

Of course, if you were para­noid and sus­pi­cious, you might feel that some of the re­sis­tance is re­lat­ed to the facts that there are peo­ple mak­ing big mon­ey sell­ing surveil­lance tech­nol­o­gy, and that oth­er peo­ple think Ed Snow­den is a traitor and it’s per­fect­ly rea­son­able for the NSA to know ev­ery­thing about ev­ery­one, be­cause if you’re not do­ing any­thing wrong why would you want pri­va­cy?

Pervasive Monitoring Is an Attack [Tim Bray]

RFC 7258 [IETF]