Delivery-Date: Mon, 26 Jan 2015 03:02:35 -0500
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_MED,RP_MATCHES_RCVD,T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham
	version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id 3ABD71E0AB2
	for <archiver@seul.org>; Mon, 26 Jan 2015 03:02:33 -0500 (EST)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 6A70A3244F;
	Mon, 26 Jan 2015 08:02:28 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 66BE6326A6
 for <tor-talk@lists.torproject.org>; Mon, 26 Jan 2015 08:02:25 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uV3u3d9VLyOs for <tor-talk@lists.torproject.org>;
 Mon, 26 Jan 2015 08:02:25 +0000 (UTC)
Received: from mail-oi0-x232.google.com (mail-oi0-x232.google.com
 [IPv6:2607:f8b0:4003:c06::232])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (not verified))
 by eugeni.torproject.org (Postfix) with ESMTPS id 46B6B32403
 for <tor-talk@lists.torproject.org>; Mon, 26 Jan 2015 08:02:22 +0000 (UTC)
Received: by mail-oi0-f50.google.com with SMTP id h136so6044706oig.9
 for <tor-talk@lists.torproject.org>; Mon, 26 Jan 2015 00:02:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:sender:in-reply-to:references:date:message-id:subject
 :from:to:content-type;
 bh=gDg2uq0TmJVDCeEX2PKGTWnSa/NMGZqceNupm5SfeWQ=;
 b=wl2U6Yq4CInA2oqTSnyIcZixIJvIQuTuG/yMwReob//75CdOqXVFf3ZQKYYUuoS01J
 uzWdA6MIYTnRm55NxIg4yCBmZyRe9brFnJcUrOOx5C78gfatwB9KoHZXC1tR96zkn1FZ
 QLKU80iXddXbobgiwvnLI3yKmxyLZNC623AwwYVBol9bBfPFLhqvVEJZBqb6UzmIKNNO
 K6BOteoj7mU5V4SD89+5UtmwixTpDP5ug8H/s0r1nurHFAuUTvTL4vK4Y69hyfCZfZWb
 vfQsI+cX8pTxAb7iHXDwikvAiyOkJdhW0yiyADO5UVoV/Kw8v8FGjK3TdceR+xMIt7pN
 n6IQ==
MIME-Version: 1.0
X-Received: by 10.182.165.202 with SMTP id za10mr11857956obb.8.1422259339990; 
 Mon, 26 Jan 2015 00:02:19 -0800 (PST)
Received: by 10.182.204.74 with HTTP; Mon, 26 Jan 2015 00:02:19 -0800 (PST)
In-Reply-To: <54C5E285.8020406@ahmia.fi>
References: <54C5E285.8020406@ahmia.fi>
Date: Mon, 26 Jan 2015 19:02:19 +1100
X-Google-Sender-Auth: KNNC9cU5PrX9-10C-7a_pB5Cftw
Message-ID: <CAOsGNSQT86XBfhPZq-Lmf43iwpTD8wGvn2eyEzJyZ+5hVWnuyA@mail.gmail.com>
From: Zenaan Harkness <zen@freedbms.net>
To: tor-talk@lists.torproject.org
Subject: Re: [tor-talk] surveillance discussion in Finland
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

> "The purpose would be to collect vital information to protect national
> security against serious international threats. These could be military
> or civilian in nature."
>
> "Military and civilian authorities in charge of national security should
> be granted powers to conduct cross-border intelligence to respond to
> changes in the security environment."

> Ministry of Transport and Communications published their counter report
> that very strongly points out that MITM attack to cross-border Internet
> connections is technically problematic, unethical, ineffective and would
> not necessarily yield the desired information.

Pesky ethics eh?

What non-technical grounds besides "it's not ethical" result in "we
should not have mass surveillance at all"?

I'd like to see "the people don't consent", but sadly sheeple almost
always tacitly consent, given a gradual enough deployment time frame
and approach.

Where does the will of "we the people" ever prevail? Only where enough
people stand/ oppose/ speak up in ways which are effective, which
rarely occurs.


> With Electronic Frontier Finland we published our similar view:
>
> My opinion and Electronic Frontier Finland opinion is that the MITM part
> is problematic. The other parts of the report do not create that kind of
> privacy or human right issues,

What about the "it's not ethical" part? Or is "it's not ethical" just
code for "the people would probably object if they had a genuine say/
vote, but they don't so we can ignore the will of the people"?

> are technically doable, not waste tax
> money and do not break the Finnish Constitution.

A technical foundation for why it's not OK is a good start I guess.
But can be overcome with legislation - surely the Finnish Constitution
permits of "national security" against "terrorists"?


> There are a lot of good points in the intelligence report, for instance,
> they clearly state that they do not want any encryption keys from the
> companies nor want backdoors to any commercial systems. Furthermore,

Ahem. What they want or what is legislated for now, is just the thin
edge of the wedge, surely?


> there would be a strict guidelines and demand for the court warrant and
> independent oversee.

Slippery slope, the sliding wedge. Why would the medium-term outcome
for Finland be any different to USA/NSA?


> MITM attach can be called a mass surveillance even if it tries to target
> some traffic. The obvious problems are:
>
> 1) This is very ineffective surveillance. Real bad guys can secure and
> hide their communication. Even HTTPS encrypted Facebook chat hides their
> communication in this case!

These two points don't properly go together - "Facebook" is a corp.,
data retention can be required to be national-local, by legislation,
and legislated MITM. Facebook might respond by officially closing the
door on Finland?


> 2) Of course, the most problematic part is that this kind of
> surveillance is unethical and illegal in any EU country.

Why illegal?


> Moreover, it
> would require a change to the Finnish Constitution where "The secrecy of
> correspondence, telephony and other confidential communications is
> inviolable.". Fortunately, it is hard to change the constitution.

Well that does sound very good. But that's Finland constitution, not
EU constitution right?

Either way, a good foundation for Finland.


> 3) A report promised to address how to solve a national level security
> issues like large DDOS and spyware produced by another state. However,
> mass surveillance is not an effective way to solve these problems.

Effective will usually be trumped by "constitutionally lawful
legislation", although as we see with USA, power-hungry entities
legislate regardless of constitutionality over the longer term.


> 5) Is it even technically possible to build this system? The report says
> that it is still illegal to read any messages that are not related to
> national level threads.

["threads" = "threats" I assume.]

Ahh, so Finnish constitution does permit of violating inviolability of
personal communication in the name of "national security"!

In that case, the proposed legislation should be easy for Finnish
parliament to pass.


> How the hell they are going to just read the
> communication of the bad guys? Not to mention again that basic HTTPS is
> enough to secure communication.

You are indeed optimistic.


> I am optimistic.

I don't share your optimism. Problems can easily be legislated away,
and "the people" will nearly always lap it up. E.g. "suitable
administrative processes must be in place to ensure that
non-applicable communications are deleted and forgotten when viewed as
part of an investigation".


> Don't worry, we will stop this nonsense. When another
> ministry, mainstream media and the Constitution are against something it
> is likely to fail.

Are these three coming together in Finland, in this case?

Good luck Finland!
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

