> <i>"How do they accomplish their goals with project BULLRUN? One way is that United States National Security Agency (NSA) participates in Internet Engineering Task Force (IETF) community protocol standardization meetings with the explicit goal of sabotaging protocol security to enhance NSA surveillance capabilities." "Discussions with insiders confirmed what is claimed in as of yet unpublished classified documents from the Snowden archive and other sources." (page 6-7, note 8)</i><p>There's long been stories about meddling in other standards orgs (both to strengthen and to weaken them), but I don't recall hearing rumors about sabotage of <i>IETF</i> standards.
Article references Russias SORM system which provides not only FSB but the police and tax agencies with basically fully access to everything on the internet including credit card transactions, this stuff started in 1995 and was penetrated by the NSA<p>> Under SORM‑2, Russian Internet service providers (ISPs) must install a special device on their servers to allow the FSB to track all credit card transactions, email messages and web use. The device must be installed at the ISP's expense.<p>originally there was a warrant system but it seemed quite liberal and they don’t bother with the secret court system “oversight” like the US:<p>> Since 2010, intelligence officers can wiretap someone's phones or monitor their Internet activity based on received reports that an individual is preparing to commit a crime. They do not have to back up those allegations with formal criminal charges against the suspect. According to a 2011 ruling, intelligence officers have the right to conduct surveillance of anyone who they claim is preparing to call for "extremist activity."<p><a href="https://en.wikipedia.org/wiki/SORM?wprov=sfti1" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/SORM?wprov=sfti1</a><p>Then in 2016 a counter terrorism law was passed and it sounds like they ISPs/telecoms are required to store everything for 6 months and it merely has to be requested by “authorities” (guessing beyond just the FSB) without a court order<p>> Internet and telecom companies are required to disclose these communications and metadata, as well as "all other information necessary" to authorities on request and without a court order<p><a href="https://en.wikipedia.org/wiki/Yarovaya_law?wprov=sfti1" rel="nofollow noreferrer">https://en.wikipedia.org/wiki/Yarovaya_law?wprov=sfti1</a><p>> Equally troubling, the new counterterrorism law also requires Internet companies to provide to security authorities “information necessary for decoding” electronic messages if they encode messages or allow their users to employ “additional coding.” Since a substantial proportion of Internet traffic is “coded” in some form, this provision will affect a broad range of online activity.
So if governments are sniffing on high entropy traffic, could we just send normal seeming (SSH or whatever) packets with the payload coming from /dev/urandom? Would that be a denial of service?