Snowden And Schneier Point Out Another Reason Not To Undermine Internet Security: Information Asymmetry
from the all-using-the-same-stuff dept
Neither Edward Snowden nor Bruce Schneier needs any introduction around here. So Techdirt readers won't require much encouragement to watch an interview of the former by the latter, conducted last week at the Harvard Data Privacy Symposium. It is frustrating that Snowden emphasizes at the start that he won't be revealing anything new, because he believes it's for journalists, not him, to decide what is in the public interest, and when it can be released. That said, the whole interview is well-worth watching to enjoy the interplay of two people who are experts in the field of security, although in very different ways.Towards the end, they discuss an issue that hasn't received much scrutiny so far: the relationship between offensive and defensive operations by intelligence services, and between surveillance and security. Here's what Schneier says, around the 50-minute mark:
The NSA has to balance two different focuses: defend our networks, and attack their networks. Those missions made a lot more sense during the Cold War, when you could defend the US radios and attack the Soviet radios, because the radios were different. It was us and them, and we used different stuff. What's changed since then is that we're all using the same stuff: everyone uses TCP/IP, Microsoft Word, Firefox, Windows computers, Cisco routers.Snowden builds on that remark, referring to the recent revelation in Der Spiegel that the US has been spying successfully on North Korea's computers for years:
Whenever you have a technique to attack their stuff, you are necessarily leaving our stuff vulnerable. Conversely, whenever you fix our stuff, you are fixing their stuff. This requires a different way of thinking about security versus surveillance, a different way of balancing, that we can't simultaneously do both. And when we look at all the attack tools out there, the vulnerabilities are great but every time we hoard a zero day, hoard a vulnerability, we are leaving ourselves open to attack from anybody.
We have compromised their networks, according to the NSA documentation, since 2010. We have been hacking North Korea successfully, and yet it didn't provide us a lot of detail, it didn't provide us a lot of information. We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched, even though we were eating their lunch over and over, over the course of years. But then they hack us once, just one time, with Sony, and everyone in the nation is rending their garments and going: 'this is terrible, they're attacking our basic values,' because it was so much more valuable to them to win once, than it it was for us to win thousands of times.That asymmetry is why it makes no sense to put or leave vulnerabilities in that "same stuff," as Schneier calls it. Leaving aside any self-interested desire by intelligence agencies to score points by breaking into systems elsewhere using backdoors, the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: bruce schneier, ed snowden, information asymmetry, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
I'm still not convinced the North Korean government was behind the Sony hack. It still looks to be like North Korea is being made the scapegoat by both the real hackers, and the US government.
If this is indeed what's happening. The real hackers are lulzing at successfully diverting attention away from themselves, and the US government is lulzing about getting to blame North Korea for Sony's weak security. Instead of having to admit it was 'cyber vandals' who caused so much chaos. Which scores points with the White House's MPAA donors.
It's win-win! Except if you're North Korea, but that's how it goes when you're the scapegoat.
[ link to this | view in chronology ]
Re:
I still think this was a publicity stunt that got out of control because the producers realized that the movie actually sucked!
[ link to this | view in chronology ]
Re:
That's because you're smart enough not to think a thing is true based solely on the assertion by the government that it is true.
On the whole, the evidence we have about the hack does not point definitively at NK, and there's a lot of evidence that it was someone else.
[ link to this | view in chronology ]
Re:
You don't think NK wins by being able to say, "See? Bad people *are* attacking us!" The US gov't is justifying NK's paranoia. The US fell into NK's trap, whether the former had anything to do with hacking the latter or not.
Suckers!
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The US has been destroying things in order to "save" them
The US is now destroying the Internet in order to "save" it.
The Chinese apparently aren't going to buy from US anymore, and many others are having second thoughts.
If it weren't for the new markets in Cuba, ;-) our IT exports would be in big trouble.
[ link to this | view in chronology ]
imho
This statement shows a great point. When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable. The fact that the ones in power can keep up these double standards is, in a way, amazing.
[ link to this | view in chronology ]
Re: imho
[ link to this | view in chronology ]
Not so much a non-issue as a resigned truth in this regime.
And some of us have the luxury of being aware. Most people are too busy trying to earn a living or raise children to even concern themselves with what is being lied about, let alone who is doing the lying and getting clean away with it.
But just because there's no outcry doesn't mean we don't hate it. It means that we're too tired to cry out, and know it wouldn't do any good.
[ link to this | view in chronology ]
Re: Not so much a non-issue as a resigned truth in this regime.
Karl Bode calls it Partisan Nitwit Disease and there sure is a lot of people infected with it.
If we can find some kind of vaccine for stupidity, you should find that the will of the people will be exerted for the good of all, as it should be.
[ link to this | view in chronology ]
Human Cognitive Biases
This is the failure of the great experiment that is Democracy, in the late twentieth century: we learned that humans do not stay informed as to their own best interests, and for many other reasons will vote against them, such as on ideological principles that actually affect their lives very little.
It is a stupidity for which we have no cure. But it raises awareness that we've been hacking human instinct for sometime now so as to expand our tolerance for large societies, and hacks tend to have unforeseen side-effects.
[ link to this | view in chronology ]
Re: imho
This's been going on for a long time, at least as far back as Kennedy. Cubans install Soviet missiles 90 miles off the coast of Florida, unacceptable!
Er, what about all those missiles in Turkey targeting Moscow?
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The NSA no longer protects us
They have old names but new agendas.
[ link to this | view in chronology ]
Western Citizens
I agree with your statement, Mr. Moody, but inasmuch as Western citizens are free to enjoy the personal benefits of strong encryption.
[ link to this | view in chronology ]
Proof Positive
Leaving aside who did/didn't hack Sony, the statement above is proof positive that massive data surveillance (or in this case targeted surveillance) DOESN'T WORK.
Of course it wouldn't be put this way to the tech-crippled few in power, quite the opposite .. "we need more surveillance"
We're all targets, it's just a matter of time
[ link to this | view in chronology ]
Using them makes you totally vulnerable to attack by Microsoft.
Microsoft can even cut you off from system maintenance, as it did
with Windows XP.
See http://gnu.org/philosophy/proprietary/malware-microsoft.html.
[ link to this | view in chronology ]