[AusNOG] Metadata retention... it's now (almost) a thing

Mark ZZZ Smith markzzzsmith at yahoo.com.au
Sun Nov 2 16:55:30 EST 2014






>________________________________
> From: Paul Wilkins <paulwilkins369 at gmail.com>
>To: "ausnog at ausnog.net" <ausnog at lists.ausnog.net> 
>Sent: Sunday, 2 November 2014, 14:15
>Subject: Re: [AusNOG] Metadata retention... it's now (almost) a thing
> 
>
>
<snip>
>
>Given the substantial costs of compliance, the lawyers are going to have a lot of fun with this.
>

Wait a few years, and the IETF will be causing them much greater problems that the lawyers ...

"Pervasive Monitoring Is an Attack"
http://tools.ietf.org/html/rfc7258

(note, not only an RFC, but also a Best Current Practice (BCP), and the IETF have only had 188 of those since 1969).

People might also want to review my presentation from Ausnog last year, specifically the consequences to middleboxes, keeping in mind that middleboxes would be used for this sort of surveillance:

"The Rapid Rise of the Mobile Multihomed Host, and What It Might Mean to the Network"
http://www.users.on.net/~markachy/The_Rapid_Rise_of_the_MMHH.pdf

(I realised it at the time, but chose to not to put it in. At least one person has since realised the same thing and mentioned it to me.)

It would seem MPTCP is now available in OS X Yosemite too:

https://twitter.com/secvalve/status/524318556167495680

And if you're using a Linux distro that uses udev, install the 'macchanger' utility, and add the following udev rule somewhere - new random MAC addresses on every boot:

--
# Randomise when interface added
# ENV{INTERFACE_OLD} check is there to avoid changing MAC addr on interface
# rename/move. Seems to be the only way to distinguish a truly new verses
# renamed/moved interface
ACTION=="add", SUBSYSTEM=="net", ENV{INTERFACE_OLD}=="", RUN+="/usr/bin/macchanger -r $env{INTERFACE}"
--


As for (factory) MAC addresses being globally unique, and therefore accurate analogues for an individual ...

https://www.ietf.org/mail-archive/web/ipv6/current/msg17105.html


Finally, why do I think this pervasive monitoring is wrong?

It seems to me that collecting everybody's Internet metadata changes a fundamental assumption about the country's citizens. It changes us all from either being considered possible criminals (which we all fundamentally are) or actual criminals to being assumed to be either probable criminals or actual criminals. Most of us are not probable or actual criminals, which is why society has survived and evolved, as most citizens do and can be trusted to do the right thing for and by society.

Changing the default trust assumption about the honest citizens, by collecting their metadata by default, is changing a fundamental assumption that has resulted in society's advancement. That is why I think collecting citizen's metadata by default is wrong. Collecting metadata by default (or more generally collecting "criminal evidence" by default) doesn't happen in real life, so it also shouldn't happen on the Internet.


More information about the AusNOG mailing list