Categories
Building Trust IETF Privacy

Edward Snowden Highlights Identity and Privacy at IETF 93

Sunday night, a group of IETF 93 attendees organized an unofficial, but unique event[1]. Edward Snowden was a surprise (remote participant) guest in a question and answer session after a screening of the documentary Citizenfour. It was movie night at the IETF – a first in all my many years in this community.

The obvious highlight of the evening was the live discussion with Mr. Snowden. It was both interesting and inspirational, especially through the lens of our ISOC work. It included topics ranging from ownership of the Internet to the vital role of specific technologies in improving privacy. All of the discussion was framed in terms closely aligned with our ISOC mission that “the Internet is for everyone” and a safe Internet promotes human rights.

Mr. Snowden discussed who the Internet is for and who controls it. He stated that “governments or countries don’t own the Internet, the public does.” He called on the community to make the Internet safe for everyone all the time, and not to allow others to determine who is safe and who is not. He reminded the IETF that users of the Internet are the ultimate customers of our products. “We should ensure our protocols follow users’ intent.”

Moving on from general topics, the discussion dove into specific technical questions. Middleboxes in particular were a frequent target of criticism with statements like “every middlebox is an increased attack surface.” He talked about the need to secure metadata along with content reminding us of the vital information included in metadata. It is well past time for emerging protocols to properly address the collection and sharing of unnecessary information.

Of particular interest to our work here at ISOC, Mr. Snowden talked about the importance of identity in this space. He talked about the need for anonymous and pseudonymous communications and the ability to separate identity from personas.

Moving further down into the technical details, there was a discussion about IEEE 802 MAC addresses and their role in tracking. Juan Carlos Zuniga mentioned the Wi-Fi privacy experiment that has been conducted at the last few IETFs which has resulted in an IEEE 802 project to define MAC address privacy. Mr. Snowden supported the work by stating, “Burned in long lasting hardware addresses are extremely dangerous.”

As the session was wrapping up, Snowden specifically called out the Cryptech effort as “awesome.” This is an activity that was initiated by conversations within the IETF community to develop an open source hardware crypto module developed in a transparent manner. In fact, just prior to the IETF there was an open workshop on cryptech where participants could install the prototype and use it to sign a DNS zone.

There were standing ovations at the beginning and end and several bouts of spontaneous applause from the appreciative audience. In my decades of IETF participation, I must say it was a first.

Special kudos to Mark Nottingham who arranged the screening, and Daniel Kahn Gillmor who arranged for Edward Snowden’s appearance. You can read more about Mark’s thoughts on the event in his own words by reading his “Snowden Meets the IETF” blog post.

Thank you for a fascinating and inspirational beginning to this week’s IETF.


[1] Editorial note: To explain a bit more, a group of individuals attending IETF 93 got together, requested meeting room space,paid for the screening of the movie and invited people to attend. This was not an official IETF activity although it was at the IETF 93 venue.