On 8 Nov 2013, at 9:44 pm, Jorge Amodio <[log in to unmask]> wrote:


Yes we should get ready for an alien invasion and for when they take over the root zone.

Part of my point is that ICANN does more than simply run the root zone. We do a lot of things. Pervasive surveillance is a factor in many of them. I've heard it discussed, as a genuine policy concern, in some issues already - for example, in discussions about the proposals for replace WHOIS from the EWG. It should feature in discussion of proxy and privacy services as well - WG just announced.

BTW I'd be more worried about the massive data collection of corporations without ANY oversight and much less security and privacy for your data, this is a MUCH bigger problem than the NSA surveillance.

For a start, simply because a bigger problem exists, does not mean the first is not. 
But for another, corporate data collection 

Also critical is for example the harassment and persecution of people with a dissent opinion in places like China.

Absolutely. And surveillance is not restricted to the NSA - if he help protect people from the NSA and its allies, we help protect them from other state based surveillance as well. 

DNSSEC does no provide any other solution besides a certification that you are getting an authoritative and legit response to your queries.

DNSSEC is the underlying technology of DANE, which is a technology that can replace Certificate Authorities as trust anchors for encryption, which in turn helps mitigate problems of state subversion of CAs to eavesdrop on allegedly secure https streams. 


There has been in the past many proposals and developments for strong encryption and more robustness and support for security, but the industry and providers didn't consider the extra load and investment necessary, and the problem here is not the NSA sniffing traffic.

One reason why industry was not keen on strong crypto everywhere was the lack of a pervasive surveillance threat. Now we have a pervasive surveillance threat. Reports out of ie IETF currently seem to indicate there is a distinct change of mood about the importance of crypto everywhere. 


There is no absolute security on any system, you can implement the strongest encryption and security methods and exploits will always look for the weakest link, that in many cases has been proven to be the human factor. As I said before, it only takes a badly paid technician or a corrupt government official, and you can add a disgruntled employe with a dissenting opinion, which Snowden is a vivid case, to break the highest levels of security we can imagine.

Sure, but if we are specifically trying to defeat pervasive, ubiquitous surveillance, then it is enough to make it more difficult by an order of magnitude or too - and I think that is genuinely achievable. Surveillance will still exist, but if it becomes difficult enough that it requires either serious corruption, or warrants, then we will have made a big difference. 

Regards

David


-Jorge

On Nov 8, 2013, at 7:19 AM, David Cake <[log in to unmask]> wrote:


On 8 Nov 2013, at 5:18 pm, Andrei Barburas <[log in to unmask]> wrote:
None of you can tell me that they are surprised and/or outraged by the fact that governments spy on their own people. That's what SECRET services do; that's why they were founded and that's their mission.

Scale matters. There is a very big difference between spying on some people, and spying on all of them. While I believe in privacy, I accept that governments will, on occasion, present what seems, at least from the govt point of view, a compelling reason to invade that privacy - which is a roundabout way of saying that I can live with warrants, and authorised covert surveillance of certain targets. 
I find the argument that 'we all knew governments spied, so the Snowden revelations don't matter' bemusing. It seems to me to be similar to saying 'we know criminal gangs exist, so we shouldn't be surprised to find them running the state, without interference from police or government'. Scale and pervasiveness matter. 
And the scale changes the problem we need to solve in the Internet governance world. If some people are surveilled, it would be enough to have provided the tools for them to counter-surveillance. If virtually everyone is surveilled illegally all the time, then we need to ensure that counter-surveillance is provided to everyone, all the time. 
It is certainly true that this may not obviously be an issue of prime concern to ICANN (and thus by extension, NCSG). But the threat of surveillance should be something we now consider as part of practically every technical decision we make. DNSSEC may prove to be an important trust anchor for cryptography, avoiding problems related to CAs. We need to ensure that many of our standard, routine, protocols have crypto baked in (now that we have seen that the surveillance state agencies will intercept both bulk data transfer (as often takes place between eg registries and escrow), and highly privileged information). There may not be a single huge issue that arises from the Snowden leaks - but it should change the way we think about illegal surveillance, and how it figures into our decision making throughout. 

Regards

David