Re: [TLS] Please discuss: draft-housley-evidence-extns-00<

[Martin Rex <martin.rex@xxxxxxx>]

home_pw@xxxxxxx wrote:
> 
> I'm convinced the term "corporate wiretapping" is proper, 
> 
> In purer circles, TLS Evidence might be called a "mandatory 
> data retention" scheme, to be enforced in the 
> router/loadbalancer infrastructue when your company gets a 
> subpoena demanding evidence retention, for example. And, one 
> should assume every company will be forced there anyways, 
> within 5 years, via best practices policy, to be enforced by 
> the insurers.

I thought about the EU data protection act a little further,
and I'm convinced that in case that the signature identifies
an individual subject, then persisting the TLS Evidence data
is probably almost always going to be illeagal within the entire EU.

See
http://europa.eu.int/ISPO/legal/en/dataprot/protection.html
and
http://www.e-dialog.com/pdf/2003_12_EU_%20Data_%20Protection_%20Act%20POV.pdf



Although it is possible to ask each individual subject for permission
of storing the data, there are so many formal requirements that
a blind capture of the communication stream at the network level
will make it difficult to impossible to even obtain a formally
correct confirmation of user consent before persisting the
data.  A list of issues:

    - the subject's consent must be obtained before persisting the data

    - the subject's consent must be absolutely voluntary, asserting any
      kind of pressure on the subject is a criminal offense

    - the consent agreement must contain a DETAILED list of the
      information that is to be persisted, a description of exactly
      what is going to be done with it, how long it is going to be
      kept, whether and exactly which third party will have access
      to the data and for what specific purpose.

    - the subject may revoke the consent to store/persist the data
      at any time with no reason given,
      with the effect that all recordings of the data must be DELETED
      all third parties that were authorized to receive this data
      must be notified of the revocation of the consent agreement
      and also DELETE all records of the data.

    - everyone who stores/persists the data must provide detailed
      information on what data/records is/are kept if the subject
      asks for it.

With the signature on the raw data, it is impossible to delete
unnecessary data without invalidating the signature/evidence.

The EU data protection act also has a requirement that persistance of
data that can be linked to an individual subject MUST be minimized.

TLS-Evidence covering a HTTP GET can easily violate this rule by
containing a "User-Agent:" header identifying a users OS make&release
and Browser Make&version, and potentially worse, an off-site
HTTP-Referer when deep-linking was used to get here.  For the
business transaction, a trace&signature of the transaction (request)
at the application level will not contain User-Agent: and Http-Referer:
so TLS Evidence is clearly inappropriate technology.

Producing a formally correct consent agreement to properly identify
such details are really challenging, but they're impossible without
interpreting/decoding the entire contents of the recorded (raw) data.

Obtaining the consent agreement with a detailed listing of what
data is going to be persisted will be impossible without significant
changes to the (communication architecture) of an application.


-Martin

_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls