[Chapter-delegates] An additional thought on cybersecurity

Fred Baker fred at cisco.com
Mon May 7 05:25:10 PDT 2012 

I'm comfortable with this statement.

Let me raise a question that you may consider important in a future statement. 

As you know, I am one of the authors of:

https://tools.ietf.org/html/rfc3924
3924 Cisco Architecture for Lawful Intercept in IP Networks. F. Baker,
     B. Foster, C. Sharp. October 2004. (Format: TXT=40826 bytes) (Status:
     INFORMATIONAL)

and contributed to the development of

https://tools.ietf.org/html/rfc2804
2804 IETF Policy on Wiretapping. IAB, IESG. May 2000. (Format:
     TXT=18934 bytes) (Status: INFORMATIONAL)
and
https://tools.ietf.org/html/rfc1984
1984 IAB and IESG Statement on Cryptographic Technology and the
     Internet. IAB, IESG. August 1996. (Format: TXT=10738 bytes) (Status:
     INFORMATIONAL)

We posted RFC 3924 because RFC 2804 asked us to, and I got involved in 3894's development because of a basic concern for accountability; laws are on the books in many countries regarding LAES, and I wanted to ensure that the tools built in response to such legislation contained audit capabilities and other safeguards. The concern was raised when a colleague working in another SDO told me about the LAES tool he was writing into that draft, which basically split every fiber in the country and let law enforcement "take what they want". I don't disparage law enforcement, but I note that it is composed of human beings. Abuses of the capabilities will happen in an imperfect world, and not having the capabilities hasn't avoided criminal behavior either. We avoid abuses, or discover and correct them, primarily when there is a consistent requirement for probable cause, judicial oversight, targeted investigations, audit trails, and public accountability for the use of the tools.

It might be of value to make a separate public statement to that effect.

On May 7, 2012, at 3:47 AM, Markus Kummer wrote:

> Dear all,
> 
> Many thanks for your feed-back. Please find below a revised version, taking onboard Olivier's suggestion and mentioning that whatever happens in the US in Internet matters will have an impact on the rest of the world. Like Olivier, I don't know the US political system well enough to assess whether this argument will get any traction with US Congressmen, but it seems certainly worthwhile making the point.
> 
> My attention was also drawn to some more intricacies of US politics: apparently, the Senate may take up a different cybersecurity bill and may not use CISPA as a starting point. The revised version therefore refers  more generically to "cybersecurity legislation" when talking about what the Senate will be considering,
> 
> I hope the statement will be issued later today.
> 
> Best regards
> Markus
> 
> 
> 
> Quote: The Internet Society (ISOC) is concerned about cybersecurity legislation currently under consideration in the United States.  The proposed Cyber Intelligence Sharing and Protection Act (CISPA) was passed last week by the House of Representatives and cybersecurity legislation may go to the Senate floor this month. CISPA aims to provide more effective channels of communication across different federal agencies and private entities in relation to online threats. While the Internet Society recognizes the need for national security, it is concerned about the potentially broad scope of CISPA and the consequent impact this legislation might have on users' rights, especially in relation to online privacy. We are also concerned that the draft bill might bypass existing legal and private contractual obligations to protect Internet users' privacy, and lacks judicial oversight. Furthermore, placing burdensome security roles on intermediaries may, as an unintended consequence, have
>  a negative impact on innovation, service delivery, and, ultimately, future investment and economic growth. Lastly, we are also concerned that the United States, given its leadership role in Internet technology, may give the wrong signal to other governments and invite them to adopt measures or pass legislation that could harm the open and free Internet.
> 
> The Internet Society expresses its hope that the U.S. Senate will address privacy considerations and protect citizens' rights and civil liberties in any future cybersecurity legislation. Unquote.
> 
> _______________________________________________
> Chapter-delegates mailing list
> Chapter-delegates at elists.isoc.org
> https://elists.isoc.org/mailman/listinfo/chapter-delegates

More information about the Chapter-delegates mailing list