Large-scale pervasive monitoring (PM) of Internet traffic represents a clear attack against Internet privacy. That is the view stated in a new document from the Internet Engineering Task Force (IETF) representing the consensus of the IETF technical community that the type of widespread (and often covert) surveillance through intrusive collection of communication data we have learned about over the last year represents an attack against the Internet. Further, this new RFC 7258 declares that the IETF will do whatever possible to make this type of large-scale pervasive monitoring more difficult and easier to detect.
This statement doesn’t mean that the IETF hasn’t considered security of its protocols before. On the contrary, the IETF has a long track record of taking security aspects very seriously and its standards already provide mechanisms to protect Internet communications. RFC 3552, issued in 2003, provides comprehensive guidelines for applying these mechanisms in protocol design.
Pervasive monitoring doesn’t introduce new types of technical compromise. But it changes the threat analysis dramatically, by being indiscriminate and very large scale. And that sets additional requirements for the confidentiality of protocol metadata, countering traffic analysis, or data minimisation.
As the document states:
“The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible.”
After explaining more about how pervasive monitoring is an attack on Internet privacy, the document directs authors of Internet standards to do all they can to mitigate such attacks. It helpfully explains what is meant by “mitigation:”
“‘Mitigation’ is a technical term that does not imply an ability to completely prevent or thwart an attack. Protocols that mitigate PM will not prevent the attack but can significantly change the threat… This can significantly increase the cost of attacking, force what was covert to be overt, or make the attack more likely to be detected, possibly later.”
We are very pleased to see the publication of this document. As we outlined in our contribution to the recent STRINT workshop, The Danger Of The New Internet Choke Points, we remain very concerned about the architecture of the overall Internet and how we can strengthen that infrastructure against these type of attacks.
I encourage you all to read RFC 7258. It’s quite short and won’t take that long to read. And then I ask you to please join with all of us in the IETF in making sure that Internet standards are hardened against pervasive monitoring – and then that those improved standards get implemented out in our networks today. Collaborating together as a global community, we can create a more secure and resilient Internet where our privacy is better protected.