Of Trust, The NSA, And Poisoning The Banquet
from the nobody-but-us dept
Two of the sharpest commentators on the implications of Snowden's leaks are the security expert Bruce Schneier, and the science fiction writer Charlie Stross. By an intriguing coincidence, both have recently written highly-readable columns that not only discuss the same issue -- the damage the NSA has wrought on the Internet -- but even employ the same key metaphor. In his "Internet Subversion," Schneier writes:
What we trusted was that the technologies would stand or fall on their own merits.
His metaphor for what this has produced is striking:
We now know that trust was misplaced. Through cooperation, bribery, threats, and compulsion, the NSA -- and the United Kingdom's GCHQ -- forced companies to weaken the security of their products and services, then lie about it to their customers.This mistrust is poison.
He points out the terrible consequences of that weakened security:
There is a term in the NSA: "nobus," short for "nobody but us." The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. But that is hubris. There is no way to determine if or when someone else will discover a vulnerability. These subverted systems become part of our infrastructure; the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret.
In his own piece, "The Snowden leaks; a meta-narrative," Stross picks up on that theme, and emphasizes one particularly important implication:
At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden's) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden -- who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent -- to rampage through their internal information systems.
Stross then turns to the same metaphor that Schneier employed:
The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.
These two posts on the same topic are part of a growing awareness that the harm caused by spy agencies subverting key elements of the Internet is not only a much more serious problem than many people realize, but a long-term one that will be very hard to fix. It looks like we'll be forced to swallow the NSA's poison for a while yet.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, charlie stross, infrastructure, nsa, poison, surveillance, trust
Reader Comments
Subscribe: RSS
View by: Time | Thread
Once again, I must quote Isaac Asimov
"It's a poor atom blaster that won't point both ways."
[ link to this | view in thread ]
Thing is
[ link to this | view in thread ]
[ link to this | view in thread ]
Life Mimics Fantasy
"I think you all know why I've called this meeting. It's no secret that an intruder has been embarrassing all of you in an effort to fight me, and what really blows my mind is that I used the singular, didn't I? I didn't say an army of enemies had breached our defenses and was rushing toward my fortress. No! I didn't say that, did I? I said AN intruder! An! One! One guy!"
http://www.youtube.com/watch?v=uc9d3zEt97g
[ link to this | view in thread ]
Re: Life Mimics Fantasy
[ link to this | view in thread ]
Banquet
[ link to this | view in thread ]
[ link to this | view in thread ]
The uses of the Internet have evolved, but the core idea and philosophies developed from a bunch of folks who had no idea that their protocols would form the basis of so much commerce and would be a target for criminals. More's the shame that folks haven't adapted to reality, but that's the problem with a system that's successful and has to support legacy systems. We've been putting bandaids on things that worked well enough in the past rather than redoing the architecture in a more robust manner. Look at the adoption of IPV6 and how that's still a clusterfark despite a real need for change.
[ link to this | view in thread ]
They are correct
[ link to this | view in thread ]
[ link to this | view in thread ]
But of course, the USTR and the government itself doesn't think that way. After all, it's not their money.
[ link to this | view in thread ]
Re:
Like most innovations, it seems, that start with government research, while the scientists most often (?) look to and innovate for the -good- of mankind, their extraordinary accomplishments are then farmed out too frequently to other depts or contractors for development into weapons of some sort.
There are probably many scientists who have thought of J. Robert Oppenheimer's (mis)quotation upon seeing the destructive force he helped to unleash: “I am become death, the destroyer of worlds.”
Not all reimagined innovations are as obviously deadly as the atomic bomb, but I'd imagine similar thoughts go thru other scientists' minds upon seeing the evolution of their own accomplishments.
At this point and age, I'm finding I really kinda miss the old BBS I ran for years.
[ link to this | view in thread ]
Re: Life Mimics Fantasy
[ link to this | view in thread ]
If I could re-write just one line
Because, the problem is the NSA got to order $10Bn of takeout every year and not wash dishes or eat leftovers.
Guess they didn't expect Snowden to slip some of that tasty Fort Meade dog food into their lasagna. Yum-yum !
[ link to this | view in thread ]
Re: Banquet
The worst part of this is that what we're eating now was previously eaten by the NSA.
[ link to this | view in thread ]
Organized Crime loves a pussy president.
Actually, according to the nature of such organizations, we will have to swallow their poison until they are forced to disband completely. They will never willingly stop using the tools they have discovered that make spying as easy as pie.
Even legislation that prohibits this type of activity will merely force the security industry to go underground and become more secretive, or shop out the process to other agencies that normally do not work that side of the street and will thus be unsuspected of doing so - for a time.
Considering how useless the Obama administration has proven itself to be in this matter (like so many others), it appears there is no-one in a position to control - let alone disband - this runaway security train.
I doubt also that even a candidate who successfully runs for POTUS, would, once in office, react any differently than Obama has. Its hard to fight against someone who has access to your deepest secrets and darkest deeds.
At least one segment of the population will be happy to hear this though. Organized Crime loves a pussy president.
[ link to this | view in thread ]
The true poison is ... no one trusts them anymore. And while NSA gets all the bad press , the moment any working group sits down , the first thing they're going to be told is that the entire Five Eyes (USA , Canada , England , Austrialia , New Zealand) were in on it. And probably every nation in the world does this.
And now ... no one trusts anyone.
And now , your only security is making your own computers, and cell phones , in your own country , for your own use. Trusting anyone else to do it , buying anyone elses equipment , is folly . (USA NSA sold canada some "secure phones" that canada is just now finding out are all bugged and NSA is listening on everything they say)
It isn't that no one wants NSA phones anymore.
No one wants anyone elses phones but their own.
[ link to this | view in thread ]
Re:
Isolated from the rest of the world by distrust, americans might become more amenable to the idea that all non-americans are the enemy of the USA, and thus must be spied upon relentlessly, at any cost (to US citizen's rights).
One other aspect of this is the reverse.
Other nations, allies included, will no longer feel any guilt about spying on the USA by any means possible and will in fact see it as being absolutely necessary.
A shitty situation, and we owe it all to the NSA and a couple generations of pussy presidents for hire.
[ link to this | view in thread ]