The Internet Engineering Task Force has published RFC 7258, which is a bombshell whose title is: “Pervasive Monitoring Is an Attack.” It represents the outcome of a long argument about whether the Internet’s technical architecture should take active countermeasures to fight mass surveillance, which Tim Bray summarizes. I especially like his rejoinder to people who argue against this because there are places where it’s legitimate to monitor communications, like prisons: “We don’t want an Internet optimized for prisons.”
I and lots of others didn’t buy the objections. My own takes are: First, the document carefully steers clear of the motivations for pervasive monitoring, mostly because you can’t figure out what they are. Second, we don’t want an Internet optimized for prisons. Third, if your application doesn’t support privacy, that’s probably a bug in your application. Fourth, the cost of ignoring surveillance exceeds the cost of mitigating it. Finally, the state of Internet privacy suggests that the security people historically haven’t been mean enough.
Of course, if you were paranoid and suspicious, you might feel that some of the resistance is related to the facts that there are people making big money selling surveillance technology, and that other people think Ed Snowden is a traitor and it’s perfectly reasonable for the NSA to know everything about everyone, because if you’re not doing anything wrong why would you want privacy?
Pervasive Monitoring Is an Attack [Tim Bray]
RFC 7258 [IETF]