[governance] NSA sabotage of Internet security standards

Suresh Ramasubramanian suresh at hserus.net
Tue Sep 17 21:26:30 EDT 2013


Oversight and restrictions on how such technology is used are of course essential and someone with a legal background could definitely approach this issue from that angle. 

--srs

-------- Original message --------
From: michael gurstein <gurstein at gmail.com> 
Date: 09/17/2013  10:28 PM  (GMT+05:30) 
To: governance at lists.igcaucus.org,'Norbert Bollow' <nb at bollow.ch> 
Subject: RE: [governance] NSA sabotage of Internet security standards 
 
While I agree that there is a significant need for CS expertise in the black arts of cryptography etc.etc. I'm not sure that I agree with the implication that these skills in themselves will somehow ensure freedom from/freedom within surveillance... 

Whatever response it is possible to ultimately achieve re: the Snowden/NSA revelations the final result needs to be one that satisfies/is trustworthy (is worthy for trust) at the political/normative/popular level if we are to move away from a state of surveillance/surveillance state. 

To do this some type of transparent/accountable political superstructure needs to be in place, if nothing else than to act as a translator/buffer between the technical folks and the public and to ensure some degree of transparency/accountability of their (technical) activities.

M

-----Original Message-----
From: governance-request at lists.igcaucus.org [mailto:governance-request at lists.igcaucus.org] On Behalf Of Norbert Bollow
Sent: Tuesday, September 17, 2013 2:32 AM
To: governance at lists.igcaucus.org
Subject: Re: [governance] NSA sabotage of Internet security standards

I wholeheartedly agree with Suresh here. The expertise which is required for this is of a kind that no-one can acquire without spending significant time on learning not only the math which underlies these algorithms and at least the basics of the theory of computational complexity, but also the use of various techniques of cryptoanalysis. 

Greetings,
Norbert

Am Tue, 17 Sep 2013 13:23:41 +0530
schrieb Suresh Ramasubramanian <suresh at hserus.net>:

> ok that last paragraph has a tangible action item
> 
> build up the necessary expertise. or get people with the necessary 
> expertise on board, given that crypto is the sort of thing that normal 
> security practitioners will generally have an applied knowledge of, 
> rather than the indepth knowledge of cryptography required to analyze 
> this issue.
> 
> --srs (iPad)
> 
> On 17-Sep-2013, at 13:02, Norbert Bollow <nb at bollow.ch> wrote:
> 
> > Suresh Ramasubramanian <suresh at hserus.net> wrote:
> > 
> >> This is a bit of a contradiction
> >> 
> >> 1. You +1 norbert saying that international civil society should 
> >> not participate in this process
> >> 
> >> and
> >> 
> >> 2. You hope that untainted top US cryptographers follow their UK 
> >> colleagues.  If the UK colleagues are expected not to participate 
> >> in this process ..
> > 
> > There is of course no contradiction between US cryptographers 
> > participating in US national processes and them at the same time 
> > following the example of UK colleagues in jointly making a clear 
> > political statement.
> > 
> > That said, as soon as an internationally credible review process for 
> > crypto specs has been established, I would certainly hope that some 
> > US cryptographers will be participating there.
> > 
> >> As it is, cryptographers from the USA are very active on this - and 
> >> not all of them are NSA stooges, strange as it may sound in the 
> >> paranoia laden atmosphere here.
> > 
> > I don't think that it is paranoid to think that the percentage of US 
> > cryptographers with true independence from them US surveillance- 
> > industrial complex is probably very small.
> > 
> > Even a tenured professor is not independent in this sense if he or 
> > she for example desires to undertake a research project for which 
> > research funding might conceivably come from such sources.
> > 
> > This relates to the very fundamental question about what is “civil 
> > society”. My view is that only people and organizations are 
> > qualified to be considered “civil society” who are truly independent 
> > of all industry and government interests in regard to the topic 
> > areas on which they engage.
> > 
> > That is not to say that everyone else is “NSA stooges”. Of course 
> > that is not the case.
> > 
> > But civil society in the above mentioned mentioned strongly 
> > independent sense, especially organizations that already have 
> > expertise in regard to Internet governance processes etc, need to 
> > realize now that having political science expertise, even together 
> > with a general understanding of the Internet, is not sufficient for 
> > ensuring that democracy has a future on this planet.
> > 
> > With the NSA's actions, crypto specs have become a key battleground.
> > 
> > For that reason, civil society orgs need to invest in first building 
> > up the necessary expertise for being able to competently engage in 
> > this topic area, and then in doing whatever it takes to get an 
> > internationally credible review process for crypto specs 
> > established.
> > 
> > Greetings,
> > Norbert
> > 
> > --
> > Recommendations for effective and constructive participation in IGC:
> > 1. Respond to the content of assertions and arguments, not to the 
> > person 2. Be conservative in what you send, be liberal in what you 
> > accept
> > 
> > ____________________________________________________________
> > You received this message as a subscriber on the list:
> >     governance at lists.igcaucus.org
> > To be removed from the list, visit:
> >     http://www.igcaucus.org/unsubscribing
> > 
> > For all other list information and functions, see:
> >     http://lists.igcaucus.org/info/governance
> > To edit your profile and to find the IGC's charter, see:
> >     http://www.igcaucus.org/
> > 
> > Translate this email: http://translate.google.com/translate_t
> 




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.igcaucus.org/pipermail/governance/attachments/20130918/0ce34b42/attachment.htm>
-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t


More information about the Governance mailing list