Fogbugzd's Favorite Techdirt Posts Of The Week

from the rebuilding-the-internet dept

Sat, Sep 7th 2013 12:00pm — fogbugzd

By J. Evan Noynaert, Assistant Professor of Computer Science, Missouri Western State University

This was a short week at Techdirt thanks to the Labor Day holiday in the United States. Even though it was a short week, we may eventually see it as a pivotal week in the emerging NSA revelations. We started seeing some push-back against the scope of the snooping when we saw the author of the Patriot Act, Jim Sensenbrenner, and members of the Church Commission tell a court that the NSA had gone too far. Even more surprising is that they did it in support of an ACLU lawsuit (and Sensenbrenner's brief was with the EFF); the NSA/FISA scandal is making strange bedfellows. The government continues to face push-back from other sources. Some of these were symbolic, such as the Brazilian President's threat to cancel a US visit over NSA spying. She also backed it up with a threat to cancel four billion dollars worth of contracts with US companies. That is just the sort of thing that tends to get real attention in Washington these days.

And apparently the scandal is getting some attention in the Obama administration as well as in the NSA itself. The NSA review board is now accepting comments on aspects of the scandal that the rest of the NSA won't even acknowledge. The White House CIO seemed to be refuting the claims that we shouldn't worry because "just metadata was collected" He gave a great explanation about how much can be revealed by "just metadata," especially if you collect vast quantities of it. Even President Obama got in on the act by wavering ever so slightly. True, he is still in denial about many aspects of the situation, but the acknowledgment that we may need some changes is at least a glimmer of hope. So the administration as a whole seems to be entering the schizophrenic phase of policy development. It is going to be interesting in the coming weeks to see how they resolve the issue. We can hope that they come down on the side of openness, but there is still a great danger that they will manage to gag the dissenters and go back to stonewalling.

I had a real dilemma when Mike asked me to write this week's favorites. I didn't have a favorite post for my "Favorite Posts" post. Then I awoke to my salvation. Mike published "Online Security isn't Over; It's Just Beginning." It is the call to arms that we need. Mike quoted Micah Lee:

Giving up and deciding that privacy is dead is counterproductive. We need to stop using commercial crypto. We need to make sure that free software crypto gets serious security and usability audits.

If we do this right we can still have privacy in the 21st century. If we give up on security because of this we will definitely lose.

The NSA scandal should be a wake-up call to everyone involved in technology (basically everyone). There are things we can do now. We should probably start by assuming that every commercial cryptography product has been compromised. Every commercial operating system is suspect. The NSA seems to have gotten backdoors introduced into just about every major commercial security product including many that are not US based companies. We have to assume that if NSA can get in, then so can others. Apparently one of the NSA's surprises when they bugged the UN was that the Chinese were already there. Perhaps the most troubling thing about the NSA's methods is that they preferred to have backdoors installed in the software. An NSA backdoor makes life simple for the NSA. But backdoors almost always compromise the security of the software overall. Backdoors can often be opened by others; they are one more lock that can be picked by an intruder. Backdoors also tend to be patches on existing security systems. Given the fine-tuning that goes on in the design of security systems, tacking on a backdoor often involves some sloppy methods that give attackers additional soft spots that can be exploited.

If people start turning their backs on commercial security solutions they will probably have to embrace some of the excellent open source security solutions. It is much harder if not impossible to build backdoors into software that the open source community obsesses over as it goes line-by-line through the code. But that's not to say that open source is fully safe. I will admit to being one of the conspiracy nuts who has been concerned that the NSA has influenced the development of some protocols and has managed to sneak in some subtle tells and weaknesses. The open source community needs to revisit all of its software systems and look for hidden weaknesses and vulnerabilities. Techdirt has been calling for rebuilding the Internet since at least 2003. This brings me to my penultimate favorite article of the week, "The US Government Has Betrayed the Internet; It's Time to Fix That Now." The title aptly sums up our current situation. The US Government has betrayed the Internet as well as the Constitution, the Bill of Rights, American Citizens, and our allies. The easiest to repair of all those betrayals is the Internet. As technology leaders we can start that process now. Ironically, the NSA has served up the perfect opportunity to make it very difficult to spy on the Internet.

So it will be interesting to see what will come in the week ahead. One thing that surprised me as I looked back through the week's posts, we hadn't heard from Team Prenda, and it felt like we really needed that kind of comic relief. Thankfully, just as I was finishing this post, Team Prenda delivered.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

10 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 7 Sep 2013 @ 12:21pm

If only we could make the government look like open source, with multiple agencies competing for something and if one becomes crazy it is forked and another is created in its place.

Can't we just open source the government instead of having it go proprietary and hide all that shite?
[ link to this | view in chronology ]
Anonymous Coward, 7 Sep 2013 @ 2:42pm

one of the biggest problems is that the courts, either willingly or under orders, are doing their best to aid the security forces by stopping things from being released to the public. considering the role they are supposed to play, ie, upholding the law, it appears they are more prepared to aid the government in implementing a 'Police State'!
[ link to this | view in chronology ]
Anonymous Coward, 7 Sep 2013 @ 2:48pm

another extremely frightening thing is how the security forces are able to get operating systems makers and software manufacturers to build 'back doors' for them to use. if the makers refused, they were seriously threatened! that is absolutely disgraceful behaviour!

'we want to be able to spy on all your customers.
we wont help you!
you will do as you're told or you will be forced out of business!'

how can you even think about trusting those politicians, those agencies or the government ever again? instead of looking after the people, they are totally fucking them! even now, they cant speak a true word, especially the likes of Clapper, Rogers and Feinstein!
[ link to this | view in chronology ]
Anonymous Coward, 7 Sep 2013 @ 2:57pm

dont forget the USG has been ably assisted by the UKG! it has the same contempt for it's people! it seems to me that we would all feel safer, even if we actually weren't, if all these so called security agencies were just disbanded! i would hope though, that the various heads were sued, unlike the top bankers!

i cant understand how someone can be sent to prison for uploading/downloading a couple of movies but bankrupt a country and all you get is a telling off and not even lose your job or have to repay anything! i guess it shows who is the more powerful. a country can do without having any money but cant do without having movies to watch. strange that!!
[ link to this | view in chronology ]
Yeah Right, 7 Sep 2013 @ 6:14pm

I hope Mike is taking a look at Google in all of this. I've been a fan of him for ages, the tech industry's collusion is too important to expose.
[ link to this | view in chronology ]
Skeptical, 7 Sep 2013 @ 6:22pm

Denial
"Even President Obama got in on the act by wavering ever so slightly. True, he is still in denial about many aspects of the situation, but the acknowledgment that we may need some changes is at least a glimmer of hope."

The president is not in denial. He's merely paying lip service to privacy concerns without committing to significant changes in the NSA's programs.

He said: "I think there are legitimate questions that have been raised about the fact that as technology advances and capabilities grow, it may be that the laws that are currently in place are not sufficient to guard against the dangers of us being able to track so much."

So there are "legitimate questions" which he does nothing to address and which stem not from the NSA's current surveillance programs but from those the NSA may adopt "as technology advances and capabilities grow". He also doesn't question whether the NSA should be "able to track so much" in the first place: He thinks the government should be able to keep track of everything, with only policy to prevent them from abusing such capabilities.

"We promise not to use these privacy-shattering technologies against you" is no longer an acceptable answer to the domestic surveillance problem.
[ link to this | view in chronology ]
Anonymous Coward, 7 Sep 2013 @ 8:27pm

typo s/he
Brazilian President should be She, not He.
[ link to this | view in chronology ]
- Anonymous Coward, 8 Sep 2013 @ 2:59am
  
  Re: typo s/he
  You are mistaken there was no typo there.
  [ link to this | view in chronology ]
Anzablazer, 8 Sep 2013 @ 9:43am

Fascist
Fascist Authoritarian Police State. They will never release control now that they have it.
[ link to this | view in chronology ]
Anonymous Coward, 8 Sep 2013 @ 11:17am

Note to the Pesident
Do you wonder what happened to you creditability and public support? Every time you, your fellow politicos and underlings lie your stock takes another dive, it is now the equivalent of a penny stock and rapidly headed for delisting. There is no value left, you have spent all reserves and amassed an unrecoverable credibility deficit. It is time for you and your entire administration and supporting hacks to resign. You have violated your oath of office, The Constitution and committed uncounted crimes against the entire population of the USA. You can spin this all you want but WE GET IT!
[ link to this | view in chronology ]