Home » Privacy and Technology

Category Archives: Privacy and Technology

Privacy, Technology and the IETF

After the Snowden revelations of pervasive monitoring , the IETF (Internet Engineering Task Force), one of the primary technical SDOs (Standards Development Organizations) for the Internet, came to rough consensus on a the need to react to the evidence of NSA pervasive monitoring of the Internet.  The effort to start the work began at the IETF-88 meeting help in Vancouver in November 2013.  A full discussion of this is well captured in the blog by the IETF chair.  A few excepts from this blog:

IETF Security Area Director Stephen Farrell said that pervasive surveillance represents an attack on the Internet. And the rest of us agree. Such pervasive surveillance requires the monitoring party to take actions that are indistinguishable from an attack on Internet communications. So we are willing to work to address it, just like any other threat.

What happens next? I want to be clear that this is a long-term effort. Not a reaction to specific revelations, but a wholesale upgrade to our view what the threats in the Internet are and how they need to be addressed. And the updates will be hard work.  And technology does not have solutions for all problems. But we will be working on general IETF-wide principles on how to address the new threats, thinking about the ways to use technologies such as TLS or opportunistic encryption. And, we will be working on the specific protocols and application areas (HTTP, XMPP, etc).

As this fit plans to do work on enhancing the online privacy of LGBTQIA community members once the .gay TLD is assigned to the community, dotgay LLC decided to get involved in the work.

At IETF-89, held in Vancouver, also documented by IETF Chair Jari Arkko in his blog, the work on protecting Internet protocols from privacy attacks continued.    A new effort was started during this meeting to review existing protocols for privacy vulnerability.  Sponsored by dotgay LLC, I am involved in trying to coordinate this work.   There is also an opportunity for any technically inclined members of the dotgay-community to get involved if they wish.

The effort involves a team of folks gathered together to go do privacy reviews of existing protocol documents (RFCs.) focusing on pervasive monitoring.  A meeting was held to kick the process off.  Several people volunteered to begin reviews on some of the more criticial protocols, such as TCP (Transmission Control Protocol), DNS (Domain Name System), and the DHCP (Dynamic Host Configuration Protocol).  The work is being tracked on an IETF wiki.  Discussions are ongoing on the IETF Privacy email list.  Readers who are technically inclined and privacy concerned are welcome to join in on the discussion, and to read and comment of the protocol review. And to join in on the reviewing.

 

 

 

 


 

dotgay-community.org participation in the IETF meetings is sponsored by dotgay LLC

Attending Internet Engineering Task Force on behalf of dotgay

The Internet Engineering Task Force (IETF) is holding its 88th meeting (IETF88) in Vancouver CA.  The IETF is the organization that defines many, if not most, of the standards used by the protocols on the Internet.

Based on the NSA/PRISM revelations the IETF is focusing a large part of its meeting on ways to protect Internet users and systems from pervasive monitoring.  Given the danger many of the LGBTQI live under in many countries today, this a fortunate circumstance.  At this meeting, every protocol commonly in use on the Internet is being discussed and its privacy liabilities noted.

One example of the type of solution being explored:

While many protocols have a method by which they can be used securely, very few use them consistently.  When a person living under repressive regime makes use of these security measures, this often marks that user as doing something “interesting,” inviting a knock on the door from the authorities to find what sort on “interesting” behavior they are concerned with.  the approach being discussed at IETF88 is to require all protocols to be setup to always use security.  This would mean that members of the community living under repressive regimes could use privacy enhancing applications without putting a target on their backs.

dotgay LLC is committed to producing a technical solution for our registrants and users that protects their privacy and will continue to track and contribute to the efforts being made at the IETF.  After dotgay LLC succeeds at obtaining the .gay TLD, it is committed to creating privacy enhanced services for the gay community.  As more becomes known about the IETF privacy enhancements, this site will describe the work being done and dotgay LLC’s response to the work.  It should also be mentioned that Neustar, the Registry Service provider for dotgay LLC that will provide the technical services for the dotgay Registry is among the leaders in the work being done by the IETF.

dotgay LLC is committed to the security and privacy of the gay community use of the Internet.