[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Raven] Response to the IETF's questions
On Mon, 11 Oct 1999 15:47:10 -0400, The IESG <iesg-
secretary@ietf.org> wrote:
> The wiretap question has come up in one of these
> working groups, but the IESG has concluded that the
> general questions should be discussed, and conclusions
> reached, by the entire IETF, not just one WG. The key
> questions are:
> "should the IETF develop new protocols or modify
> existing protocols to support mechanisms whose primary
> purpose is to support wiretapping or other law
> enforcement activities"
No. Most emphatically "NO!"
> and
>
> "what should the IETF's position be on informational
> documents that explain how to perform message or
> data-stream interception without protocol
> modifications".
That they have no place in the literature sanctioned,
promulgated or disseminated by the IETF.
Wiretapping and government surveillance are inseparable
from political considerations. Even superficially
ordinary, authorized, supposedly constitutional (where
constitutions even govern) information gathering for
unremarkable law enforcement activities cannot escape the
political.
Official wiretapping in virtually all venues has been
marked by excesses and abuses. The present clamor of law
enforcement for more and better wiretapping seems, if
anything, to represent laziness and the path of least
resistance more than any legitimate requirement for access
to otherwise private information. In the vaunted United
States, home of the much-abused and tattered Fourth
Amendment prohibition against unreasonable searches and
seizures, the standard of privacy _before_ the advent of
any of the current technology was far higher than it is
today. A hundred years ago any two people could walk into
an area empty of other people and where interlopers could
be observed, and have a conversation virtually impossible
for any third party to overhear. Thomas Jefferson and
others used hand ciphers, at least one of which was secure
enough to see use into the 20th century, and they faced no
export restrictions or laws criminalizing the use of
cryptography in any way, shape or form. Law enforcement
fanatics and the politicians who carry their water have
turned the development of and availability of new forms of
communication into an excuse to violate privacy in ways
not even possible during the first 100+ years of the U.S.
Constitution, on the incredible theory that since the new
forms of communication did not exist in 1789 they cannot
be covered by the protections guaranteed by that
Constitution. It would be _far_ more logical and
reasonable to instead extend the identical protections
enjoyed since 1789 to any and all new ways of doing the
same fundamental things -- whether communicating,
publishing, keeping records, or anything else.
There is a distinct trend today in law enforcement to want
to take the easy way, without regard to human or civil
rights or the long term destructiveness of those rights by
institutional programs that undermine privacy and security
of individuals and groups. Worse, there is a strongly
developing trend toward what can only be described as a
unified world police state. Remarkably arrogant demands
for official access to traditionally private information
are routinely appearing today in the two principal
bastions of traditional rights -- the United States and
the United Kingdom -- while extreme surveillance and
control of individuals at a level that would shock
Americans is common in European and other countries where
few to no traditions of privacy or natural rights exist.
In the end, there is no line of demarcation between so-
called "legitimate" wiretapping and other access to
private information and dictatorial, suppressive use of
the same legal and technical mechanisms. The same
wiretapping and eavesdropping techniques and equipment
used (presumably) under court order in the U.S. are
exported and used in suppressive regimes to discover and
gather evidence against dissidents, who may then suffer
torture, imprisonment, even death, in ways and under legal
systems entirely alien to civilized people. Internet
filtering technology whose only acceptable use in the U.S.
might be to wall children off from objectionable material
finds use in censorial regimes to wall off the entire
domestic populace from political material deemed dangerous
to the powers that be. All technology cuts two ways, and
none knows geographical or temporal boundaries to its use.
Not only are "other" regimes demonstrably abusive while
"ours" may not be, a regime that is well-behaved in one
era may turn abusive in the next. If _anyone_ should have
learned that lesson many times over it is the peoples of
Europe.
The question facing the IETF is fundamentally a political
one: whether to become involved in the specification of
the technologies of the police state or to remain aloof.
I suggest that to become involved is to enter upon a
slippery slope into a quagmire of arbitrary issues and
requirements that will take the IETF ever farther from
purely technical issues and deeply into the political. It
is a path from which there is no return. Remaining aloof
is the only viable option. While it does little to solve
the larger problem, at least it doesn't aggravate it, and
leaves it for solution by other bodies, other interest
groups, other constituencies. Better still, the IETF
could take active steps to frustrate Internet wiretapping
and surveillance.
> In addition to the general questions identified above,
> we believe it would be helpful for mailing list comments
> to address the following more specific questions:
> Adding wiretap capability is by definition adding a
> security hole. Considering the IETF's commitment to
> secure protocols, is it a reasonable thing to open such
> a hole to meet these requirements?
No, of _course_ it would _not_ be a reasonable thing. The
Clipper Chip fiasco showed pretty clearly that wiretapping
schemes can be the downfall of otherwise protective
security mechanisms, precisely because they _are_ security
holes. Not only was the security of law enforcement
access keys impossible to guarantee, technical analysis
revealed that the entire scheme was fatally flawed and far
worse than the same security _without_ any provision for
law enforcement access.
> Should the IETF as an international standards
> organization shape its protocols to support
> country-specific legal requirements?
Definitely not. The IETF, merely by doing what most of us
presume it _should_ be doing, is in a unique position to
incorporate incentives for countries to adopt logical,
productive, interoperable, _sane_ mechanisms, and to
incorporate indirect disincentives for countries to swim
against the stream. The only rational bias for the IETF
to apply is one that promotes freedom and privacy through
viable networking and information security. Anything else
invites substantial discord, debate, and the loss of the
IETF's credibility.
The most powerful well that the IETF taps into in
formulating standards is the real-world effect on
uncooperative country's economies. While it may not be
strictly true that "the Internet regards censorship as
damage and routes around it," it certainly _is_ true that
the whole world has entered into a sort of time tunnel
race in which each economic or national group accelerates
exponentially but at different rates, with the result that
any entities who tie themselves down or hold themselves
back find themselves severely outdistanced in a very short
time. In a very real sense, the participants in the
Internet re-route around troublesome or dangerous
countries, leaving those countries lacking the traffic
that is meanwhile carrying business and personal
opportunity, contact, and development elsewhere. The most
productive and widely beneficial policy the IETF could
adopt would be a universal one of promoting sanity and
freedom in the purposes to which its protocols and
standards lend themselves, and frustrating to the degree
technologically feasible the development, discussion,
adoption, promulgation and dissemination of protocols and
standards that particularly lend themselves to abuses of
widely-regarded human and civil rights. Objectivity does
not require or even imply lending one's utility to
destructive forces or insanity.
Suppose feudalism were to return with a vengeance in some
small part of the world. Would it be a properly objective
stance for the IETF to allow itself to be used for the
development of protocols and standards for networking the
mechanisms of human chattel property and life indentures?
Of course not. If Pol Pot were active today and anxious
to bring the Khmer Rouge into the Internet world, would it
be reasonable and "objective" to help him formulate
protocols and standards for the systematic annihilation of
millions of people? That's not as outlandish as it may at
first seem. It's probably only a matter of time before we
see the world's established police states becoming
technologically more advanced and showing up at various
Internet fora to propose and lobby for all manner of
population and dissident control mechanisms to be
implemented in Internet protocols and for entirely new
protocols to be adopted to faciliate the police state. We
can only assume that they will also be enthusiastically in
favor of anything that facilitates "legitimate"
wiretapping, but I think wiretapping is only the tip of
the awful iceberg yet to be seen.
> If the companies who employ the IETF participants and
> deploy the IETF's technology feel that having wiretap
> capability is a business necessity due to the
> regulatory requirements in the countries where they
> want to sell their products, would that make a
> difference to the IETF position on this subject?
No, it should not. IETF is either the arm's-length,
objective body shouldering the grave responsibility for
helping us chart a path into an unknown networked future,
or it is a handmaiden for momentary and purely pecuniary
interests. I suggest that the latter is a trap from which
the IETF, once engaged, will never be able to extricate
itself.
> What is the appropriateness or feasibility of
> standardizing mechanisms to conform to requirements
> that may change several times over the life cycle of
> equipment built to conform to those standards?
None. It is neither appropriate nor feasible. Basic to
this consideration is that the law enforcement objectives
are, viewed from the technological standpoint, arbitrary
and external, neither driven by nor responsive to any of
the technological issues or considerations of network
evolution. If the telcos, the ISPs, and/or the businesses
who choose to cater to such things or cannot escape
dealing with them end up wandering all over a confused
landscape of changing mandates, dictates and requirements,
forming without doubt an ugly patchwork quilt when viewed
globally, that is no reason for the IETF to add legitimacy
to what is intrinsically alien to the technological
objectives and issues it exists to handle. IETF
participation in the mess will only further obscure the
sheer idiocy of legislatures and executive edicts trying
to direct technology for their own intrusive goals.
> When IPv6 was under development, the IETF decided to
> mandate an encryption capability for all devices that
> claim to adhere to those standards. This was done in
> spite of the fact that, at the time the decision was
> made, devices meeting the IPv6 standard could not then
> be exported from the U.S. nor could they be used in
> some countries. Is that a precedent for what to do in
> this case?
The question can be interpreted in two diametrically
opposed ways -- as suggesting that becoming involved in
setting standards for wiretap access would be consistent
with the IPv6 inclusion of encryption, or as suggesting
that resisting the standardization of wiretap access would
be consistent with the IPv6 promulgation of higher levels
of IP security.
NO, it is NOT a precedent for setting wiretapping
standards. The IPv6 inclusion of encryption was in favor
of privacy and security without regard to official
obstacles to its implementation. Inevitably, the standard
will bring pressure to overcome those obstacles and the
locales where the obstacles remain will suffer
economically, as they should. Should the IETF aid and
abet the setting of wiretap standards, that too will
inevitably work to overcome legitimate obstacles and
objections to government surveillance and wiretap
excesses.
YES, it is a precedent for adopting security
specifications into standards even in advance of the wide
availability of the mechanisms to implement those
specifications. With the kind of clever insight
demonstrated in so much of what the IETF has already done
to formulate exceptionally good protocols and standards,
it may be possible to guide standards in directions that
cause worldwide adoption of mechanisms that make it
_more_difficult_ to implement wiretapping. That is what I
recommend.
> Could the IETF just avoid specifying the part of the
> technology that supports wiretapping, presumably
> assuming that some industry consortium or other
> standards organization would do so? Would letting that
> responsibility fall to others weaken the IETF's control
> over its own standards and traditional areas?
If the IETF wants to seriously "wimp out," omission would
be far better than active participation and the setting of
IETF standards. Yes, letting that responsibility fall to
others would certainly weaken the IETF's control of those
areas then subject to substantial independent
specification. The best course of action, though, would
be to actively design protocols and standards to thwart
systematic, automated wiretapping. Legitimate police
should be doing legitimate police work _anyway_, not
fishing in everyone's communications for things they are
too lazy to find in the real world. If we allow them to
fish, that will supplant all other forms of police work.
Worse, the line between following reports of crimes and
other overt evidence and merely snooping to find so-called
"crimes" that are only there if overheard, is one that not
only cannot clearly be drawn, it cannot ever be uniformly
observed.
> If these functions must be done, is it better for the
> IETF to do them so that we can ensure they are done in
> the most secure way and, where permitted by the
> regulations, to ensure a reliable audit capability?
That is equivalent to, "If the functions of running
concentration and death camps must be done, is it better
for us to do them so that we can ensure they are done in
the most secure way.... etc." This is the most inane
question of the lot. It implicitly subscribes to the idea
that if _someone_ will take the job of executioner or
torturer anyway, why not us?
It is not the case that "these functions must be done."
It remains to be seen how the overreaching democratic law
enforcement groups and the torture-and-kill despotic law
enforcement and security groups deal with a lack of
standards for wiretapping and surveillance, with the high
costs of implementation in the absence of standards, and
with the lack of interoperability that will surely result
from the lack of standards. It is safe to say that the
world will be a somewhat safer place as at least some of
those groups modify their positions while others expend
their time, energy and money trying to solve the problem.
Don't make it any easier for them.
Further, to suggest that there is any benefit to ensuring
the "security" or "audit capability" of intrusive, privacy-
destroying measures that at best will be abused in the
more civilized countries and at worst will be used to
persecute and kill dissidents and imagined enemies in the
despotic regimes around the world is ludicrous. The
question implies that a Chinese dissident or free market
participant arrested, tortured and imprisoned for several
decades might somehow be reassured by the knowledge that
IETF-sanctioned security and audit standards made sure
that _only_ the Chinese security apparatus authorized by
Chinese law to listen in on suspected dissidents' traffic
was able to do so, or that a Chinese puppet judge would be
able to subpoena the audit trail to make sure that the
secret police _only_ listened when, where, and to whom
authorized by the local political commissar? Is this a
joke?
> What would the image of the IETF be if we were to
> refuse to standardize any technology that supported
> wiretapping?
Commendable, by any sane standard. On the other hand, the
image of the IETF, if it surrenders principle to the law
enforcement and state security pressures, will be _mud_.
If the IETF allows itself to become the tool of dictators
and tyrants, its usefulness will have ended.
> In the Internet community?
I believe most of the Internet community would applaud a
refusal by the IETF to be drawn into facilitating
invasions of privacy and persecuting people around the
world. In any case, a strong, pro-freedom, pro-privacy
position of the IETF would engender no serious criticism.
A position actively supporting the setting of wiretap
facilitation standards, though, would undoubtedly attract
a large amount of criticism, polarizing the Internet
community where no major issues have ever before polarized
it before with respect to the IETF.
> In the business
> community?
Mixed, but by and large also a positive image.
Unfortunately, and as exemplified by one of the very first
posts to this discussion group, there is a substantial
segment of business what will sell its soul for
opportunity and revenue, or even just the comfort of
security. Unfortunately, that segment is all too willing
to sell our souls as well. If business wants to jump onto
the surveillance and police state bandwagon, they should
have to do it with their own resources, including their
own standards planning, their own insightful and clear-
thinking designers, and their own money. With luck, they
will come up with something as clear and easy to implement
as the SET standard. We gain nothing by yielding to the
temptation to cater to such interests when the mechanisms
at issue are so entirely non-technical, political,
arbitrary, and destructive of human dignity and freedom.
> To the national regulatory authorities?
Why make them any gifts? What would be your image in the
view of the national regulatory authorities be if you
don't stop by every Sunday with a cake and a bottle of
wine? What if you don't invite them to your vacation
homes? What if you don't offer them your daughters for
their pleasure? What if you refuse to help set standards
for the interoperability of death lists and torture
techniques?
If you're seriously going to ask the question you ask
above, then you have to ask all similar questions.
How is assisting in the development and standardization of
wiretapping technology any different than those other
questions? Because it is supposedly "legitimate?" When
was that question settled? As far as I know, and
notwithstanding any laws or court decisions anywhere,
there is continuous and ongoing debate about the
legitimacy of government information gathering activities
and policies of _all_kinds.
Public information is rife with countless documented
instances of abuses and excesses with respect to
governmental wiretapping, eavesdropping, searches and
seizures, even break-ins and burglaries, much of it prima
facie unlawful and actionable under criminal laws, but
virtually never prosecuted. I do not believe you can base
an approach to this issue on the presumed legitimacy of
government wiretapping, because even when and where
seeming nominally to be authorized and within the laws and
court decisions of the country in question, it is _still_
highly debatable and seen by many to be a mechanism so
pregnant with the certainty of abuse that it should not be
allowed in civilized, enlightened countries.
In any case, catering to the decidedly political and non-
technical interests and desires of the national regulatory
authorities is a slippery slope with no visible bottom.
If the IETF is going to cater to national regulatory
authorities whose interests may range from benign to the
most inhuman and destructive, then the IETF may just as
well start taking government paychecks and not pretend to
be an objective, arm's-length technology and standards
body. I believe it would be far better for the IETF to
generally adopt a stance that places the worst of the
national regulatory authorities in a position to either
come around to a sane and civilized way of operating or to
pay a price for their own obstinacy.
Never make life easier for fools, thieves or murderers.
Always try to make their lives an uphill struggle fraught
with obstacles and pitfalls. Living any other way is not
sane.
Regards,
Thomas Junker
tjunker@phoenix.net
The Unofficial Wang VS Information Center
http://www.phoenix.net/~tjunker/wang.html
_______________________________________________
raven mailing list
raven@ietf.org
http://www.ietf.org/mailman/listinfo/raven