|
||
|
||
How do we harden the Internet against the kinds of pervasive monitoring and surveillance that has been in recent news? While full solutions may require political and legal actions, are there technical improvements that can be made to underlying Internet infrastructure? As discussed by IETF Chair Jari Arkko in a recent post on the IETF blog, “Plenary on Internet Hardening”, the Technical Plenary at next weeks IETF 88 meeting in Vancouver, BC, Canada, will focus on this incredibly critical issue. The event will include well-known security researcher Bruce Schneier as well as leaders of the Internet Architecture Board (IAB) and IETF.
The IETF 88 Technical plenary will take place on Wednesday, November 6, 2013, from 9:00-11:30 Pacific Time. If you are unable to attend next week’s meeting in person, there will be a live video stream available at:
There will also be live text transcription as well as the standard audio streams, Jabber chat rooms and conferencing services available for remote participation. Links to background material, such as recent statements by IETF leaders about pervasive monitoring, can be found on that www.ietf.org/live/ page.
The technical plenary session will summarize recent discussions and suggest potential IETF actions to make large-scale monitoring more difficult. The session will include:
1. Introduction (Bruce Schneier) – What we know and what we do not know.
2. Earlier IETF Debates (Brian Carpenter) – The IETF has several cornerstone documents about Internet security and privacy, including RFCs 1984, 3365, 2804, and 6973.
3. Potential IETF Activities (Stephen Farrell) – Summary of the discussion on the perpass mailing list.
4. Open microphone / discussion time.
Bruce Schneier’s participation is not surprising given the widely circulated “call to action” article he wrote in the Guardian on September 5, 2013, that included these pieces:
“This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can—and should—do.”
“We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information. We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems—these will be harder for the NSA to subvert.”
“Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We’ve had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.
To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.”
Schneier’s recent post, The Battle for Power on the Internet, is also well worth a read.
Schneier will be followed by IETF Security Area Director Stephen Farrell who will discuss the activity that has happened on the open, public “perpass” mailing list and what are potential next steps that can be taken within the IETF. The “open microphone” discussion time that will follow should be quite a lively and interactive discussion.
After the technical plenary is over, there will be a Perpass session starting at 1:00pm Pacific where these next steps will be discussed in even greater detail.
The IETF 88 Technical Plenary should be an outstanding event and you are encouraged to follow along at www.ietf.org/live/ . If you use social media, you can also join (and share!) the Facebook event or Google+ event for the plenary and also follow the IETF on Twitter. You can also join the “perpass” mailing list to be more directly involved in (or at least observing) the technical discussions.
It’s very clear that we need to make the Internet more secure against this kind of large-scale pervasive monitoring. Next week’s discussions should be a good step in the right direction. Please do join in and help!
Sponsored byVerisign
Sponsored byRadix
Sponsored byIPv4.Global
Sponsored byVerisign
Sponsored byDNIB.com
Sponsored byWhoisXML API
Sponsored byCSC
A World-Renowned Source for Internet Developments. Serving Since 2002.
As a couple of people have asked me in various channels, I thought I’d mention it here. The Technical Plenary session WILL be recorded and will be posted to the IETF YouTube channel after the event is over.
https://www.youtube.com/user/ietf
http://wnlabs.com/news/SlashDot_integrity_2.php
The public should question the real motives of Eric Snowden and Bruce Schneier as well as NSA
By Richard H.L. Marshall, former Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) and
André Brisson, founder Whitenoise Laboratories Canada Inc.
Washington D.C. USA, Geneva, Switzerland and Vancouver, BC Canada – Almost daily, Mr. Bruce Schneier has generated incessant buzz about privacy and the National Security Agency (NSA) on his blog. From the sheer volume of his self-proclaimed insight and that of his sycophants, he would have us believe, like Chicken Little, that the sky is falling.
It appears that one of the sources of Mr. Schneier’s information are documents leaked by E.Snowden, fugitive American living in Russia and former contractor with Booz Allen Hamilton, and Glenn Greenwald, a journalist who worked with Mr. Snowden. Mr. Schneier’s intentions clearly have nothing to do with his convictions about privacy, as much as business and profit motives. It must be emphasized that blogs are not journalism: they are marketing tools specifically designed to try to sell a product, not to get to the truth.
Weeks of research regarding Mr. Schneier’s claims have highlighted one of the most frustrating problems with the internet age. Because virtually anyone lacking serious journalistic credentials can, and often does, write or post freely on any subject, the resulting sheer volume of information available may lead people to believe that the reporting is even-handed and well-researched. Unfortunately, in many circumstances nothing can be farther from the truth.
We are currently wrestling with the wrongly defined issue of Privacy versus Security. Rather we should be asking ourselves how we balance Privacy AND Security. They are not mutually exclusive.
Balancing privacy and security is one of the most pressing issues of our age, with far-reaching impact on democracy. It is also ever changing and evolving in real time, in response to terrorists, criminals, and dangerous malcontents. Because the very information analyzed and evaluated may result in policy, it absolutely demands that such information be subject to the highest and most stringent scrutiny and as such, deserves to be evaluated and vetted by verified experts, politicians, business leaders, and citizens with proven track records of integrity, honesty, and true concern for the public interest. It should not be done by those with a history of practicing self-interest over privacy and security.
For many weeks, it has been noted that volumes of proselytizing and dissemination of “opinion-as-fact” come from unverified information through Mr. Schneier’s self-promoting blog, other blogs and various online sites, such as gamer’s sites, of unknown, dubious reputation and/or expertise in the critical areas of cryptography and privacy and not from reputable publications as The New York Times or The Washington Post.
Mr. Schneier decries the NSA and mandated law enforcement agencies empowered by our laws. Yet, Mr. Schneier’s track record shows, significantly, that at least twice over the last decade he has turned a blind eye to workable security (but he complains about privacy.) He has actively engaged in disparaging workable security and communications for his own benefit, and most callously, withheld this information from both his readers and his current employers.
As citizens and through our elected officials, we empower politicians with the creation of agencies and tools that are designed to protect us from the aforementioned threats. The system is not perfect, and must be updated and adjusted as times, technology and threats change. But we are all endangered if these various public servants are hobbled and cannot do their job. This is why Bruce Schneier’s style of journalism and lack of scientific integrity is dangerous.
The primary cause for drifting a bit from original mandates of our law enforcement and defense agencies is a product of rapidly changing technology, the sheer volume of communications, and the exploding threats environment. These agencies have been pressured to react faster than policy can adapt. Part of the answer lies in using the improved security technology we have available to combat the fatal flaws of public key and asymmetric network systems and the algorithms that are currently used to encrypt our data. The other part lies in following the existing FISA protocols currently in place and improving them as need dictates to insure that telecommunication providers, law enforcement and intelligence agencies interface with the LAW and follow the spirit of our constitution as intended.
In conclusion, as we best try to answer the most pressing question of our day, “How do we balance between Privacy and Security?” we believe that a key element of serving our democracies is the judicious evaluation of information written by true journalists using properly researched and sourced information and publishing them in reputable publications without hidden agendas. The collective conversation should not ping pong between extreme positions but rather recognize that privacy and security are both demanded by the constitution. With new technologies and considered thinking, privacy and security can be balanced and achieved easily and inexpensively.
Learn more about Bruce Schneier’s current track record through “The Challenge That Black Hat Would Not Take but DEFCON Did” at: http://wnlabs.com/news/challengeDEFCON.php and http://wnlabs.com/news/Schneier_Challenge_Clock.php.
Learn more about Bruce Schneier’s past track record at: http://www.wnlabs.com/WhitenoiseSecurityChallenge/ and The History of Whitenoise Can’t Be Broken
For more information contact Richard H.L. Marshall at E-Mail: .(JavaScript must be enabled to view this email address)
or visit: http://www.wnlabs.com
Mr. Marshall previously was a member of the Senior Cryptologic Executive Service (SCES) and the Defense Intelligence Senior Executive Service (DISES). He was the Director of Global Cyber Security Management, National Cyber Security Division, Department of Homeland Security (DHS) by special arrangement between the Director, National Security Agency (DIRNSA) and the Secretary of DHS. Within DHS he directed the National Cyber Security Education Strategy, the Software Assurance, the Research and Standards Integration, and Supply Chain Risk Management programs. He was previously the Senior Information Assurance (IA) Representative, Office of Legislative Affairs at the National Security Agency (NSA) where he served as the Agency’s point of contact for all NSA Information Security (INFOSEC) matters concerning Congress. He devised the IA legislative strategy, helped shape the passage of the revised Foreign Intelligence Surveillance Act and was a key contributor to the Bush and Obama administration’s Comprehensive National Cyber Security Initiative (CNCI).
André Brisson conceived Whitenoise and founded Whitenoise Laboratories Canada Inc. (WNL) to exploit revolutionary and patented security technology. He was listed by the White House Office of Science and Technology Policy and the first US National Cyber Leap Year Summit as belonging in the top 100 cyber security and cryptography experts.