The US Government Has Betrayed The Internet; It's Time To Fix That Now
from the no-more-messing-around dept
With the latest shocking revelations concerning the NSA's ability to break encryption, Bruce Schneier has made an excellent point. In pursuit of trying to find a few needles, the US government has basically betrayed the core of the internet -- and it's time for engineers to fix it. Now. Basically what's come out today is that the NSA has purposely been massively weakening internet security for its own good on the ridiculous belief that only it would find and use these vulnerabilities.Schneier makes two important calls in his article. First, he calls on those who actually helped out in placing these backdoors into today's technologies to come out and reveal the details. Second, he says that the internet technology and security community needs to come together right now to rethink core internet infrastructure to build solutions that are done right, with real security in mind. Encryption is still viable and powerful, but it needs to be done correctly.
We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.As we've written a few times now, a bunch of attempts have sprung up lately to build secure communications offerings, but this goes way beyond that. This is a problem going back to core internet infrastructure, and it needs to be rethought and re-implemented in an open way that can be reviewed by anyone and where it's much more difficult for the NSA to hide or to sneak in "covert" operatives whose roles are to subvert the security.
We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.
Of course, in the short run this is also going to give extra ammo to foreign governments who want greater control over the internet themselves (not always with good intentions). It's going to be important to resist that kind of control as well. Instead, the focus needs to be on rethinking this in a manner so that no party is in full control and can subvert the system.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, engineers, internet, internet infrastructure, nsa, nsa surveillance, security
Reader Comments
Subscribe: RSS
View by: Time | Thread
So...
We're on web 3.0 right now, right?
[ link to this | view in chronology ]
Re: So...
In their opinion, they were nice enough to let the rest of the world use it, but it's still theirs and they feel they can do whatever they want with it.
[ link to this | view in chronology ]
Re: Re: So...
How's that for an insightful comment.
[ link to this | view in chronology ]
Re: Re: Re: So...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
Your idea is over a century old....
http://en.wikipedia.org/wiki/Beale_ciphers
[ link to this | view in chronology ]
Requires a moral and legal fix, NOT more technical.
The internet is designed for spying, and facilitated by javascript that allows extracting identifying data. -- Guess which corporation is surely the biggest user of javascript? That's right: Google.
So long as information on the internets can be "monetized" without moral and legal restraints, there's no hope. Nearly everyone getting money from internet traffic is literally paid off to SPY on users, so it's only going to increase.
Worse than being censored on the net is being advertised. You can escape censorship with your ideas intact; advertising explicitly has the goal of changing you.
[ link to this | view in chronology ]
Requires a moral and legal fix, NOT more technical.
The internet is designed for spying, and facilitated by javascript that allows extracting identifying data. -- Guess which corporation is surely the biggest user of javascript? That's right: Google.
So long as information on the internets can be "monetized" without moral and legal restraints, there's no hope. Nearly everyone getting money from internet traffic is literally paid off to SPY on users, so it's only going to increase.
Worse than being censored on the net is being advertised. You can escape censorship with your ideas intact; advertising explicitly has the goal of changing you.
[ link to this | view in chronology ]
Re: Requires a moral and legal fix, NOT more technical.
[ link to this | view in chronology ]
Re: Re: Requires a moral and legal fix, NOT more technical.
i'm guessing right about the first time the nsa bent them over and lubed up...
[ link to this | view in chronology ]
Re: Re: Requires a moral and legal fix, NOT more technical.
Actually, it's now "Don't get caught." And they're about as good at that as they were the the not-evil bit.
[ link to this | view in chronology ]
Re: Requires a moral and legal fix, NOT more technical.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
Those of us who have carefully observed Stallman's pronouncements over time have noted that -- almost without exception -- what he says is at first considered crank-grade lunacy.
Then it happens, and nearly everyone (a) is astonished that it took place and (b) forgets that Stallman saw it coming twenty years out.
For my part, I figured out nearly 30 years ago that any software which wasn't open source could not be trusted, should not be trusted, would not be trusted. I credit Stallman in part for opening my eyes to that. I wish more of my contemporaries had listened.
[ link to this | view in chronology ]
Re: Re:
Until we have a true private mesh network that doesn't rely on any public infrastructure, can anything traveling over wires the gov't/corp's control or monitor be considered secure?
[ link to this | view in chronology ]
Re: Re: Re:
The reason the government doesn't want Huawei bidding on communications infrastructure is the government is afraid they will do the same things that they are doing with respect to spying.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
Windows XP has 45M lines of high level code. Good luck meddling in it in assembly..
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
R.I.P. Windows
By purchasing Nokia’s smartphone division, Microsoft has killed its signature strategy.
http://www.slate.com/articles/technology/technology/2013/09/microsoft_nokia_deal_a_grea t_idea_that_came_too_late_and_killed_windows.html
[ link to this | view in chronology ]
Control is not security
National Security Agency is more accurately named National Control Agency.
[ link to this | view in chronology ]
Cisco likely sold out
[ link to this | view in chronology ]
Re: Cisco likely sold out
[ link to this | view in chronology ]
Re: Re: Cisco likely sold out
[ link to this | view in chronology ]
Re: Re: Re: Cisco likely sold out
[ link to this | view in chronology ]
Re: Re: Re: Cisco likely sold out
[ link to this | view in chronology ]
here's the plan...
[ link to this | view in chronology ]
trusting trust
I agree with Schneier that not only the protocol stack for the Internet should be an open implementation, but whatever OS as well. That means that Microsoft and Apple will have to change or be supplanted by variations of Unix. There is one thing that Schneier did not address and that is probably because he was writing to a general audience. The tools used to build a protocol stack, or OS, or hardware logic also need to be open. If you use a subverted C compiler to compile your own instance of Linux, the software still cannot be trusted.
I wrote a comment (anonymously, I didn't realize I wasn't logged in) to an earlier post on Techdirt today mentioning Ken Thompson's seminal paper on computer security; "Reflecting on Trusting Trust". If you haven't read this and are distrustful of the NSA, then read it now.
[ link to this | view in chronology ]
Re: trusting trust
[ link to this | view in chronology ]
Re: trusting trust
Even more so today.
[ link to this | view in chronology ]
Internet Governance
[ link to this | view in chronology ]
Bit of Irony Here
[ link to this | view in chronology ]
civil wars
[ link to this | view in chronology ]
This post will be censored by Techdirt
Now then, my point:
Perhaps Mike it's time for you to change your view of the internet. You think that a system that is based on you handing your information to any number of intermediary parties, to be stored on other people's networks, systems, and software as entirely private and confidential. You seem to want a level of privacy that exceeds what you would get on your phone, by sending mail, courier, or talking in a public place. You appear to want the enter world, the whole planet, to be a "private" conversation.
It just doesn't work like that.
Encrypting something and then handing it to a third party doesn't make it secure, it just makes it harder for people to read. Adding deadbolt locks to your front door does not suddenly make your house impossible to break into, it just makes it harder. For those determined to get in, they will. Encrypting your messages but passing them through public third party means does not assure you any more privacy than just that.
The internet isn't broken, just your view of it.
[ link to this | view in chronology ]
Re: This post will be censored by Techdirt
So maybe your real problem isn't that Masnick et all are wrong, or have unrealistic expectations, but that you have an unwarranted level of pessimism.
[ link to this | view in chronology ]
Re: This post will be censored by Techdirt
[ link to this | view in chronology ]
Avoid RC4-128
[ link to this | view in chronology ]
Re: Avoid RC4-128
[ link to this | view in chronology ]
I disagree entirely here. The Internet cannot be betrayed. The Internet is a tool.
WE THE PEOPLE have been Betrayed. End of story.
[ link to this | view in chronology ]
Too Late! Internet Company Selling all the Keys!
SELLING QUOTE: "Easily Acquire Login usernames and passwords from Google or Gmail login, Yahoo Mail login, ebay login etc. will all be captured by the HTTPS/SSL Interceptor."
"Over 100 Systems Sold!"
Total Network Forensic Solutions from Decision Group - 2012
The Company http://www.edecision4u.com/HTTPS-SSL.html
http://www.edecision4u.com/E-DETECTIVE.html
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Who's the enemy again?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Could it be true?
Could the sleeping giant actually be stirring?
Is the "Classified Enemy" of the US Government and its Organized Corporate Masters actually beginning to realize that its under assault by its own government and the combined forces of the wealthiest citizens on earth??
Now that would be something to witness.
The sheer anger of the masses, once they discover the extent of the betrayal should rival the energy put out by the sun.
Nah. It could never happen here.
It would interfere with the football season....
[ link to this | view in chronology ]
Core weakness of the Internet
Whether it's terrorism or pornography or preserving the status of its elite, all governments feel entitled to do this and commercial enterprises are vulnerable.
Every web site host has to have censorship rules to avoid prosecution.
Until an international standard of rights is established, any hope of restraining governments from this behavior is futile.
[ link to this | view in chronology ]