»RFC 1984 Or why you should start worrying about encryption backdoors and mass data collection«
2019-10-10, 12:30–13:00, S1 Disco Room

RFC 1984 : What are RFCs and why do they matter? What is happening in the world now with mass surveillance? Also peacocks.

In 1996 Brian E. Carpenter of IAB and Fred Baker of IETF wrote a co-statement on Cryptographic Technology and the Internet. This RFC wasn't a request for a technical standard, it was a statement on their concerns about Governments trying to restrict or interfere with Cryptography. They felt that there was a need to offer "All Internet Users an adequate degree of privacy"

Since that time successive Governments around the world have sought to build backdoors into social media to access more citizen and visitor data. As of July 2019, the AG of the United States William Barr stated: “Some argue that, to achieve at best a slight incremental improvement in security, it is worth imposing a massive cost on society in the form of degraded safety,” i.e For security Americans should accept weakened encryption. The head of the FBI also claimed that weakened encryption wouldn't break it.

In Australia the metadata retention laws have been abused against journalists with 58 searches carried out by the AFP. In 2015 ACT police carried out 115 metadata searches. UK officials have a cavalier attitude to the EU SIS database which tracks undocumented migrants, missing people, stolen cars, or suspected criminals.

IETF Session 105 mentioned privacy and concerns with the mass collection of data. While the IAB and IESG were worried about US export controls on cryptography there is an argument for RFC 1984 to be updated to include the unnecessary mass collection of data and to use it as a term for IT professionals, privacy advocates and the public to rally behind.

I propose a brief history of Governments around the world wanting to weaken encryption as RFC 1984 warned us about.

We live in a time where citizens put data into commercial, healthcare and Government systems to access services, some services are only accessible online. From CCTV to Facebook people have little understanding of why mass collection of data is dangerous. There is little scrutiny of who can access that data, from Scotland to the US.

My fathers is an example of a private man who doesn't use social media because they wanted his cell phone number, but he doesn't mind the CCTV being put up in his street. I want to talk about how open Surveillance is only a small part of the picture when profiling citizens. It still counts as personal data, when combined with metadata and the actual data that people put into social media. Businesses who use CCTV have to put up signs to warn the public they are recording. So called anonymized data still contains identifiers that can tie to individuals.

Let's talk about Ovid and peacocks. Let's explore how to expand the RFC to cover recent developments in Surveillance Capitalism with Governments accessing that data, but not securing it. We need to make it clear weakened encryption, the mass collection and careless retention of data isn't acceptable. We need to update and implement RFC 1984.