Comments below.

-Jorge

> On Nov 8, 2013, at 9:02 AM, David Cake <[log in to unmask]> wrote:
> 
> 
>> On 8 Nov 2013, at 9:44 pm, Jorge Amodio <[log in to unmask]> wrote:
>> 
>> 
>> Yes we should get ready for an alien invasion and for when they take over the root zone.
> 
> 	Part of my point is that ICANN does more than simply run the root zone. We do a lot of things. Pervasive surveillance is a factor in many of them. I've heard it discussed, as a genuine policy concern, in some issues already - for example, in discussions about the proposals for replace WHOIS from the EWG. It should feature in discussion of proxy and privacy services as well - WG just announced.

FYI, ICANN does not "run" the root zone. Regardless of being the current contractor for the IANA functions.

> DNSSEC is the underlying technology of DANE, which is a technology that can replace Certificate Authorities as trust anchors for encryption, which in turn helps mitigate problems of state subversion of CAs to eavesdrop on allegedly secure https streams. 

DANE has been proposed as an authentication mechanism based on DNSSEC, while it may facilitate the establishment of secure connections it does not inherently make the more secure.

>> There has been in the past many proposals and developments for strong encryption and more robustness and support for security, but the industry and providers didn't consider the extra load and investment necessary, and the problem here is not the NSA sniffing traffic.
> 
> 	One reason why industry was not keen on strong crypto everywhere was the lack of a pervasive surveillance threat. Now we have a pervasive surveillance threat. Reports out of ie IETF currently seem to indicate there is a distinct change of mood about the importance of crypto everywhere. 
> 

Surveillance and filtering (not just threats) have been going on for long time, if you take a look at several polls people are concerned but the majority does not care, which it translates into economics for service providers. On the other hand not the IETF, ICANN or any amount of technology will solve a problem that's a political problem. It will be extremely naive to assume that the "other side" will not have the resources or capabilities to counter whatever technology based approach you can envision, which it does not mean we don't have to keep working to make the Internet more secure or more private.

>> There is no absolute security on any system, you can implement the strongest encryption and security methods and exploits will always look for the weakest link, that in many cases has been proven to be the human factor. As I said before, it only takes a badly paid technician or a corrupt government official, and you can add a disgruntled employe with a dissenting opinion, which Snowden is a vivid case, to break the highest levels of security we can imagine.
> 
> 	Sure, but if we are specifically trying to defeat pervasive, ubiquitous surveillance, then it is enough to make it more difficult by an order of magnitude or too - and I think that is genuinely achievable. Surveillance will still exist, but if it becomes difficult enough that it requires either serious corruption, or warrants, then we will have made a big difference. 

Collection of data will take the path of lowest resistance, put as many roadblocks as you wish but once again given the mandate and the funding, your efforts will be fruitless. 

If you take some time to go through some of the embassy cables disclosed by wikileaks, particularly from developing countries, you will be surprised to find that the "serious" corruption it is just an amicable lunch or round of golf with the US ambassador.

-J