July 21, 2015

Snowden to the IETF: Please make an internet for users, not the spies

Snowden to the IETF: Please make an internet for users, not the spies

NSA whistleblower Edward Snowden has urged the world’s leading group of internet engineers to design a future net that puts the user in the center, and
so protects people’s privacy.

Speaking via webcast to a meeting in Prague of the Internet Engineering Task Force (IETF), the former spy talked about a range of possible changes to the
basic engineering of the global communications network that would make it harder for governments to carry out mass surveillance.

The session was not recorded, but a
number
of
<a href=“https://twitter.com/richsalzattendees
live-tweeted the confab. It was not an official IETF session, but one organized by attendees at the Prague event and using the IETFs facilities. It followed
a screening of the film
Citizenfour,
which documents the story of Snowden leaking NSA files to journalists while in a hotel room in Hong Kong.

Who is the Internet for, who does it serve, who is the IETFs ultimate customer?” Snowden asked, rhetorically. The answer was users, not government and
not business.

But, he said, the current internet protocols were leaking too much data about users. We need to divorce identity from persona in a lasting way,” he argued,
highlighting how the widespread use of credit cards online was connecting identity to online activity.

If it’s creating more metadata, this is in general a bad thing.” Instead, protocols should follow users’ intent.” He argued that DNS queries should be
encrypted — as well as actual content — so that encryption, rather than surveillance, was the norm. People are being killed based on metadata,” he noted.
Snowden appeared to have a good understanding of how the internet’s protocols work, and pointed to a
new protocol
called SPUD that combines transport protocols to reduce the number of middleboxes” that data needs to travel through when users interact online.

Snowden noted that the network path was the best place for spies to get access to information and that each middlebox provided another potential point
of attack, but also warned that SPUD could make the core UDP internet protocol a new channel for leaking metadata about users’ intents.”

He also argued that having identifiable long lasting” hardware addresses was extremely dangerous,” as it connects people to, say, a MAC address when
they use wireless internet connections, which can put an immediate flag on their identity and location.

Snowden’s speech was met with a standing ovation. Which is hardly surprising — the IETF and internet engineers in general tend to have a strong independent
streak, and many are still embarrassed by the fact that the NSA managed to crack a number of key internet protocols developed by the IETF and even subvert
some of its working groups in their bid to develop new standards that would give the spooks easy access.

One of the IETFs first responses to the Snowden revelations was the creation of a new RFC document, which currently serves as best current practice.”
In
RFC 7258,
the organization notes that Pervasive Monitoring Is a Widespread Attack on Privacy” and The IETF Will Work to Mitigate Pervasive Monitoring.”


articles Internet


Previous post
Rumor: Hulu Considering Ad-Free Tier On July 16, The Wall Street Journal reported that Hulu was considering offering an ad-free tier to their
Next post
GOP contenders embrace criminal justice reform Republican presidential candidates are turning their sights on criminal justice reform, indicating