Of Trust, The NSA, And Poisoning The Banquet

from the nobody-but-us dept

Two of the sharpest commentators on the implications of Snowden's leaks are the security expert Bruce Schneier, and the science fiction writer Charlie Stross. By an intriguing coincidence, both have recently written highly-readable columns that not only discuss the same issue -- the damage the NSA has wrought on the Internet -- but even employ the same key metaphor. In his "Internet Subversion," Schneier writes:

What we trusted was that the technologies would stand or fall on their own merits.

We now know that trust was misplaced. Through cooperation, bribery, threats, and compulsion, the NSA -- and the United Kingdom's GCHQ -- forced companies to weaken the security of their products and services, then lie about it to their customers.
His metaphor for what this has produced is striking:
This mistrust is poison.
He points out the terrible consequences of that weakened security:
There is a term in the NSA: "nobus," short for "nobody but us." The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. But that is hubris. There is no way to determine if or when someone else will discover a vulnerability. These subverted systems become part of our infrastructure; the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret.
In his own piece, "The Snowden leaks; a meta-narrative," Stross picks up on that theme, and emphasizes one particularly important implication:
At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden's) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden -- who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent -- to rampage through their internal information systems.
Stross then turns to the same metaphor that Schneier employed:
The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.
These two posts on the same topic are part of a growing awareness that the harm caused by spy agencies subverting key elements of the Internet is not only a much more serious problem than many people realize, but a long-term one that will be very hard to fix. It looks like we'll be forced to swallow the NSA's poison for a while yet.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, charlie stross, infrastructure, nsa, poison, surveillance, trust


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Rich Kulawiec, 15 May 2014 @ 12:15pm

    Once again, I must quote Isaac Asimov

    (as I've done many times before on the this same subject) He wrote about a very similar issue over 60 years ago:

    "It's a poor atom blaster that won't point both ways."

    link to this | view in thread ]

  2. icon
    ChurchHatesTucker (profile), 15 May 2014 @ 12:47pm

    Thing is

    They don't see it as their banquet. The only "us" is them.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 15 May 2014 @ 12:53pm

    Hey, with everyone being so critical of the NSA these days we should keep in mind that they are the one government agency that truly listens the the American public.

    link to this | view in thread ]

  4. icon
    CK20XX (profile), 15 May 2014 @ 1:31pm

    Life Mimics Fantasy

    Edward Snowden may be no Clark Kent, but the emphasis on him being one guy is really ticklish the more I think about it. Only video game protagonists are able to topple empires single-handedly like that.

    "I think you all know why I've called this meeting. It's no secret that an intruder has been embarrassing all of you in an effort to fight me, and what really blows my mind is that I used the singular, didn't I? I didn't say an army of enemies had breached our defenses and was rushing toward my fortress. No! I didn't say that, did I? I said AN intruder! An! One! One guy!"

    http://www.youtube.com/watch?v=uc9d3zEt97g

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 15 May 2014 @ 1:37pm

    Re: Life Mimics Fantasy

    That video was hilarious!

    link to this | view in thread ]

  6. identicon
    Sirius Black, 15 May 2014 @ 1:44pm

    Banquet

    Back in the day, we used to call this "eating your own dog food." Now, we're all eating NSA's dog food. Yech!

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 15 May 2014 @ 1:52pm

    One thing I've learned from the Snowden revelations. If governments recommend certain random number generators, ciphers, or software. Make sure you're using something else.

    link to this | view in thread ]

  8. identicon
    nerdbert, 15 May 2014 @ 2:56pm

    I think you give the NSA too much credit. I was in even before the NSFNET, so I've seen the evolution of "the Internet" and its bodies (and even been on them). The base Internet protocols were developed at a time when a 1 MHz processor with 4 MB of memory was king of the hill and the overhead of encrypting communications on what was a public research network of like-minded computer scientists was unthinkable. You should have seen the reaction of folks on the 'net when the unwashed masses got access to what had been a private, non-profit research network via things like The Well and AOL. Even the idea that private companies would get onto the Internet was fought.

    The uses of the Internet have evolved, but the core idea and philosophies developed from a bunch of folks who had no idea that their protocols would form the basis of so much commerce and would be a target for criminals. More's the shame that folks haven't adapted to reality, but that's the problem with a system that's successful and has to support legacy systems. We've been putting bandaids on things that worked well enough in the past rather than redoing the architecture in a more robust manner. Look at the adoption of IPV6 and how that's still a clusterfark despite a real need for change.

    link to this | view in thread ]

  9. icon
    madasahatter (profile), 15 May 2014 @ 3:52pm

    They are correct

    Scheiner is correct when nobus is nothing but hubris because sooner or later someone will discover and use the National Stupidity Agency's exploits against the US.

    link to this | view in thread ]

  10. identicon
    Anonymous, 15 May 2014 @ 4:42pm

    They gots the poison, I gots the remedy, the remedy.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 15 May 2014 @ 5:17pm

    I can see all this coming to a head when the government enacts TPP. Every major corporation will want an arbitration board setup over the cost that has been created from this weakening of the internet that has allowed the cyber-criminal to raid their coffers with impunity. You know they will be wanting a refund for all the repairs and time spent because of the lack of security to satisfy the NSA.

    But of course, the USTR and the government itself doesn't think that way. After all, it's not their money.

    link to this | view in thread ]

  12. icon
    s (profile), 15 May 2014 @ 6:09pm

    Re:

    As soon as AOL and Prodigy made their debuts, I think most of us who had been on the 'Net prior to the WWW knew the general shape of things to come.

    Like most innovations, it seems, that start with government research, while the scientists most often (?) look to and innovate for the -good- of mankind, their extraordinary accomplishments are then farmed out too frequently to other depts or contractors for development into weapons of some sort.

    There are probably many scientists who have thought of J. Robert Oppenheimer's (mis)quotation upon seeing the destructive force he helped to unleash: “I am become death, the destroyer of worlds.”

    Not all reimagined innovations are as obviously deadly as the atomic bomb, but I'd imagine similar thoughts go thru other scientists' minds upon seeing the evolution of their own accomplishments.

    At this point and age, I'm finding I really kinda miss the old BBS I ran for years.

    link to this | view in thread ]

  13. identicon
    Anonymous Coward, 15 May 2014 @ 10:06pm

    Re: Life Mimics Fantasy

    Well of course, when you become an evil empire you gain their vulnerabilities too.

    link to this | view in thread ]

  14. icon
    xz11111000000 (profile), 16 May 2014 @ 5:31am

    If I could re-write just one line

    The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up eating left-overs.


    Because, the problem is the NSA got to order $10Bn of takeout every year and not wash dishes or eat leftovers.

    Guess they didn't expect Snowden to slip some of that tasty Fort Meade dog food into their lasagna. Yum-yum !

    link to this | view in thread ]

  15. icon
    Oblate (profile), 16 May 2014 @ 7:21am

    Re: Banquet

    |Now, we're all eating NSA's dog food. Yech!

    The worst part of this is that what we're eating now was previously eaten by the NSA.

    link to this | view in thread ]

  16. icon
    GEMont (profile), 16 May 2014 @ 10:37am

    Organized Crime loves a pussy president.

    "It looks like we'll be forced to swallow the NSA's poison for a while yet."

    Actually, according to the nature of such organizations, we will have to swallow their poison until they are forced to disband completely. They will never willingly stop using the tools they have discovered that make spying as easy as pie.

    Even legislation that prohibits this type of activity will merely force the security industry to go underground and become more secretive, or shop out the process to other agencies that normally do not work that side of the street and will thus be unsuspected of doing so - for a time.

    Considering how useless the Obama administration has proven itself to be in this matter (like so many others), it appears there is no-one in a position to control - let alone disband - this runaway security train.

    I doubt also that even a candidate who successfully runs for POTUS, would, once in office, react any differently than Obama has. Its hard to fight against someone who has access to your deepest secrets and darkest deeds.

    At least one segment of the population will be happy to hear this though. Organized Crime loves a pussy president.

    link to this | view in thread ]

  17. identicon
    Kevin, 16 May 2014 @ 1:31pm

    The true poison is not that they weakenned security , a couple of math students and a year and a little cash can write us a new encryption standard.

    The true poison is ... no one trusts them anymore. And while NSA gets all the bad press , the moment any working group sits down , the first thing they're going to be told is that the entire Five Eyes (USA , Canada , England , Austrialia , New Zealand) were in on it. And probably every nation in the world does this.

    And now ... no one trusts anyone.

    And now , your only security is making your own computers, and cell phones , in your own country , for your own use. Trusting anyone else to do it , buying anyone elses equipment , is folly . (USA NSA sold canada some "secure phones" that canada is just now finding out are all bugged and NSA is listening on everything they say)

    It isn't that no one wants NSA phones anymore.
    No one wants anyone elses phones but their own.

    link to this | view in thread ]

  18. icon
    GEMont (profile), 19 May 2014 @ 10:15am

    Re:

    Well said. The damage done is global. A half century of international co-operation down the tubes, in one foul swoop. Certainly puts the idea of isolationism into simple perspective. Sadly, I suspect that this may have been intentional.

    Isolated from the rest of the world by distrust, americans might become more amenable to the idea that all non-americans are the enemy of the USA, and thus must be spied upon relentlessly, at any cost (to US citizen's rights).

    One other aspect of this is the reverse.

    Other nations, allies included, will no longer feel any guilt about spying on the USA by any means possible and will in fact see it as being absolutely necessary.

    A shitty situation, and we owe it all to the NSA and a couple generations of pussy presidents for hire.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.