@SteveBellovin nice writeup! I agree that metadata needs to be much better protected than it is today.
[The top header lines look interspersed incorrectly, on my Android with FF.]
@SteveBellovin @rsalz mobile-friendlier version: https://www.ietf.org/archive/id/draft-farrell-tenyearsafter-00.html
Thanks for this Steve.
This memo contains the thoughts and recountings of events that transpired during and after the release of information about the NSA by Edward Snowden. There are four perspectives: that of someone who was involved with sifting through the information to responsibly inform the public, a security area director of the IETF, a human rights expert, and of a computer science and law expert. The purpose of this memo is to provide some historical perspective, while at the same time offering a view as to what security and privacy challenges the technical community should consider.
@kennwhite @SteveBellovin @rsalz
A small aside on Schneier's essay: The NSA really f-ed up by calling their packet injector "QUANTUM". One reason I think he was able to get the Guardian to publish that is I saw mention of QUANTUMINSERT, thought it smelled of packet injection, and wrote it up on the "War is Boring" Medium page by Ackerman (tried to get it in Wired first).
And I had forwarded a pointer to Schneier, and his article in the Guardian pointed to it in "here is how it works"
@kennwhite @SteveBellovin @rsalz
They really made two mistakes on QUANTUM.
1) Named it QUANTUM (a meaningful name) rather than something like BANANARAMA or PUPPYKITTY or another such nonsense name.
2) "Weaponize the Internet backbone? Sure. 'Shoot' exploits at NATO allies critical systems? Sure. Actually build it right? Nope, sorry, classification rules get in the way": they amazingly slowed down race condition attacks by a bunch of diodes etc in the system for classification reasons.
Brian Sniffen
Steve Bellovin
James M.
Kenn White
Nicholas Weaver
Think For Yourself
rsalz
Alex Strasheim