The IETF has issued RFC 7258, aka Best Current Practice 188, “Pervasive Monitoring Is an Attack”. This is an important document. Here’s a snippet of the intro:
Pervasive Monitoring (PM) is widespread (and often covert) surveillance through intrusive gathering of protocol artefacts, including application content, or protocol metadata such as headers. Active or passive wiretaps and traffic analysis, (e.g., correlation, timing or measuring packet sizes), or subverting the cryptographic keys used to secure protocols can also be used as part of pervasive monitoring. PM is distinguished by being indiscriminate and very large scale, rather than by introducing new types of technical compromise.
The IETF community’s technical assessment is that PM is an attack on the privacy of Internet users and organisations. The IETF community has expressed strong agreement that PM is an attack that needs to be mitigated where possible, via the design of protocols that make PM significantly more expensive or infeasible. Pervasive monitoring was discussed at the technical plenary of the November 2013 IETF meeting [IETF88Plenary] and then through extensive exchanges on IETF mailing lists. This document records the IETF community’s consensus and establishes the technical nature of PM.
The term “attack” is used here in a technical sense that differs somewhat from common English usage. In common English usage, an attack is an aggressive action perpetrated by an opponent, intended to enforce the opponent’s will on the attacked party. The term is used here to refer to behavior that subverts the intent of communicating parties without the agreement of those parties.
The conclusion is simple, but powerful: “The IETF will strive to produce specifications that mitigate pervasive monitoring attacks.”
I can’t help but see this as a shining example of the IETF living up to its legitimate-rule-making potential, as I described in my 2003 Harvard Law Review article Habermas@discourse.net: Toward a Critical Theory of Cyberspace.
Below, I reprint my abstract:
In the spirit of Jurgen Habermas’s project of linking sociological observation with legal philosophy, this Article analyses the Internet standards processes – complex nongovernmental international rulemaking discourses. It suggests that the Internet Engineering Task Force (IETF) standards discourse – a small, slightly formalized, set of cooperative procedures that make the other Internet discourses possible – is a concrete example of a rulemaking process that meets Habermas’s notoriously demanding procedural conditions for a discourse capable of legitimating its outcomes. As evidence, the Article offers a social and institutional history of the IETF’s Internet Standards process; and argues that participants in the IETF are engaged in a very high level of discourse, and are self-consciously documenting it. Identifying a practical discourse that meets Habermas’s conditions removes the potentially crushing empirical objection that Habermas’s theory of justice is too demanding for real-life application, although it does not prove its truth.
Habermas’s work provides a standpoint from which social institutions can be critiqued in the hopes of making them more legitimate and more just. Armed with evidence that Habermasian discourse is achievable, the Article surveys other Internet-based developments that may approach his ideal or, as in the case of the Internet Corporation for Assigned Names and Numbers (ICANN), that already claim a special form of legitimacy. This Article finds most of these other procedures wanting and argues that the existence of even one example of a functioning Habermasian discourse should inspire attempts to make other decisions in as legitimate and participatory a manner as possible.
Habermas seeks not only to define when a rulemaking system can claim legitimacy for its outputs, but also to describe tendencies that affect a modern society’s ability to realize his theory. Speaking more as a sociologist than a philosopher, Habermas has also suggested that the forces needed to push public decisionmaking in the directions advocated by his philosophy are likely to come from a re-energized, activist, engaged citizenry working together to create new small-scale communicative institutions that over time either merge into larger ones or at least join forces. Like Habermas’s idea of a practical discourse, this may sound fine in theory but is difficult to put into practice. New technology may, however, increase the likelihood of achieving the Habermasian scenario of diverse citizens’ groups engaging in practical discourses of their own. Technology may not compel outcomes, but it certainly can make difficult things easier.
A number of new tools such as slash servers, blogs, wiki webs, community filtering tools and e-government initiatives show a potential for enabling not just discourse, but good discourse. While it is far too soon to claim that the widespread diffusion and use of these tools, or their successors, might actualize the best practical discourse in an ever-wider section of society, it is not too soon to hope – and perhaps to install some software.