The Internet Engineering Task Force has issued a new RFC 7258 that is titled "Pervasive Monitoring Is an Attack".
IETF debated last year the group's position in regards with Pervasive Monitoring, and this RFC seems to be the first step: it proposes the official inclusion of the Pervasive Monitoring in the list of recommendations of RFC 3552 (namely: "Guidelines for Writing RFC Text on Security Considerations") so that future protocol specifications and/or updates superseding older RFC will address pervasive monitoring specifically.
From the RFC text:
Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.
The IETF community's technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88 Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community's consensus and establishes the technical nature of PM.
Engineering problem addressed by engineering means? Good chances solutions will emerge.
(Score: 1) by cyrano on Monday June 30 2014, @08:01PM
It's IETF - not IEFT...
The quieter you become, the more you are able to hear. - Kali [kali.org]
(Score: 2) by paulej72 on Monday June 30 2014, @08:43PM
Fixed. Thanks for letting us know.
Team Leader for SN Development
(Score: 1, Redundant) by takyon on Monday June 30 2014, @08:06PM
This news is from May 14th.
[SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
(Score: 2) by Sir Garlon on Monday June 30 2014, @08:06PM
Yeah but it's still news to me, so I'm glad to see it.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
(Score: 5, Insightful) by tathra on Monday June 30 2014, @08:58PM
so just because its more than a couple days old, we should forget about it entirely? what do you think would've happened if nobody would've spread news about SOPA simply because it was "a few weeks old"?
information doesnt deteriorate with age. complaining about it being "old news" disincentivizes people from posting anything except currently-this-very-minute kind of things, regardless of relevance or interest. do you want us to devolve into twitter or something?
(Score: 0) by Anonymous Coward on Tuesday July 01 2014, @09:11AM
Actually it does, however it does so quite slowly. Any Neanderthal surveillance plans would be old news by now.
(Score: 0) by Anonymous Coward on Tuesday July 01 2014, @12:45PM
The usefulness may vanish, but the information itself is still valid. Neandertal surveillance plans could give us good insights into their intelligence and thought processes, however they'd be less than worthless to any competing Neandertal tribes.
(Score: 2) by jasassin on Monday June 30 2014, @08:25PM
Tor works (slowly). It doesn't work well (if at all) for large files. Something anonymous that worked for large files. Like torrent combined with Tor.
jasassin@gmail.com GPG Key ID: 0xE6462C68A9A3DB5A
(Score: 1, Funny) by Anonymous Coward on Tuesday July 01 2014, @05:34AM
If there were only a way to rent more Tor bandwidth just when you needed it.
Tor rents for torrents!
(Score: 5, Insightful) by tathra on Monday June 30 2014, @09:03PM
how about we just call it what it is - stalking - and be done with it? stalking is already illegal in most places, and has that "ewww" factor that comes with it, like how calling copyright infrigement "theft" has the "depriving another person of their property" stuff attached to it that gets people to be against it just by the association.
(Score: 1) by mverwijs on Monday June 30 2014, @09:29PM
> It means that, if asked, there needs
> to be a good answer to the question "Is pervasive monitoring relevant
> to this work and if so, how has it been considered?"
"if asked". I'm smelling a lot of 'if' coming of this plan...
(Score: 1, Interesting) by Anonymous Coward on Monday June 30 2014, @11:47PM
It's a socio-political problem, and IETF has taken a position to advocate engineering approaches to mitigate the problem.
(Score: 2, Interesting) by Anonymous Coward on Tuesday July 01 2014, @05:37AM
> It's a socio-political problem, and IETF has taken a position to advocate engineering approaches to mitigate the problem.
It is both. For people who have traffic routed through jurisdictions where they don't get a vote, it is an engineering problem. For the people with votes in this jurisdictions it is a political problem.
(Score: 3, Interesting) by kaszz on Tuesday July 01 2014, @07:44AM
It's useful because you can specify in a protocol description that it's designed in the X way to mitigate all known types of attack. Like Pervasive Monitoring (PM). It's about defining this activity as hostile and something that can be labeled.
Perhaps one should intentionally distribute bits along multiple paths and encrypt links them selfs through certain jurisdictions.
(Score: 4, Informative) by geb on Tuesday July 01 2014, @11:29AM
Part of the legal justification for monitoring, certainly in the UK and I think in the US too, was that the internet is public space, and people should not have any expectation of privacy when communicating publically.
Building a system such that privacy is an expectation eliminates that argument.