Snowden And Schneier Point Out Another Reason Not To Undermine Internet Security: Information Asymmetry

from the all-using-the-same-stuff dept

Wed, Jan 28th 2015 11:23am — Glyn Moody

Neither Edward Snowden nor Bruce Schneier needs any introduction around here. So Techdirt readers won't require much encouragement to watch an interview of the former by the latter, conducted last week at the Harvard Data Privacy Symposium. It is frustrating that Snowden emphasizes at the start that he won't be revealing anything new, because he believes it's for journalists, not him, to decide what is in the public interest, and when it can be released. That said, the whole interview is well-worth watching to enjoy the interplay of two people who are experts in the field of security, although in very different ways.

Towards the end, they discuss an issue that hasn't received much scrutiny so far: the relationship between offensive and defensive operations by intelligence services, and between surveillance and security. Here's what Schneier says, around the 50-minute mark: The NSA has to balance two different focuses: defend our networks, and attack their networks. Those missions made a lot more sense during the Cold War, when you could defend the US radios and attack the Soviet radios, because the radios were different. It was us and them, and we used different stuff. What's changed since then is that we're all using the same stuff: everyone uses TCP/IP, Microsoft Word, Firefox, Windows computers, Cisco routers.

Whenever you have a technique to attack their stuff, you are necessarily leaving our stuff vulnerable. Conversely, whenever you fix our stuff, you are fixing their stuff. This requires a different way of thinking about security versus surveillance, a different way of balancing, that we can't simultaneously do both. And when we look at all the attack tools out there, the vulnerabilities are great but every time we hoard a zero day, hoard a vulnerability, we are leaving ourselves open to attack from anybody.
Snowden builds on that remark, referring to the recent revelation in Der Spiegel that the US has been spying successfully on North Korea's computers for years: We have compromised their networks, according to the NSA documentation, since 2010. We have been hacking North Korea successfully, and yet it didn't provide us a lot of detail, it didn't provide us a lot of information. We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched, even though we were eating their lunch over and over, over the course of years. But then they hack us once, just one time, with Sony, and everyone in the nation is rending their garments and going: 'this is terrible, they're attacking our basic values,' because it was so much more valuable to them to win once, than it it was for us to win thousands of times.
That asymmetry is why it makes no sense to put or leave vulnerabilities in that "same stuff," as Schneier calls it. Leaving aside any self-interested desire by intelligence agencies to score points by breaking into systems elsewhere using backdoors, the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, ed snowden, information asymmetry, surveillance

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

BentFranklin (profile), 28 Jan 2015 @ 7:45am

I thought this was going to be about the asymmetry between the information hoarders, who have all the data and the tools and budgets to analyze and act on it, and the information paupers, (everyone else) who have nothing and yet pay for the hoarders' activities through taxes. It's a kind of strategic flanking. That much power has never been assembled not to be used, and used it will be, against us all, sooner or later, if not already.
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 12:07pm

Both Bruce and Ed make excellent points. Bruce's point about leaving security holes in widespread software leaving both sides open to zero day and backdoor attacks. Ed's point about Western society having more of it's infrastructure connected to the internet, and therefore more vulnerable to cyber attacks than North Korea's infrastructure is also food for thought.

I'm still not convinced the North Korean government was behind the Sony hack. It still looks to be like North Korea is being made the scapegoat by both the real hackers, and the US government.

If this is indeed what's happening. The real hackers are lulzing at successfully diverting attention away from themselves, and the US government is lulzing about getting to blame North Korea for Sony's weak security. Instead of having to admit it was 'cyber vandals' who caused so much chaos. Which scores points with the White House's MPAA donors.

It's win-win! Except if you're North Korea, but that's how it goes when you're the scapegoat.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2015 @ 1:50pm
  
  Re:
  ...I'm still not convinced the North Korean government was behind the Sony hack...
  
  I still think this was a publicity stunt that got out of control because the producers realized that the movie actually sucked!
  [ link to this | view in chronology ]
- John Fenderson (profile), 28 Jan 2015 @ 2:52pm
  
  Re:
  "I'm still not convinced the North Korean government was behind the Sony hack."
  
  That's because you're smart enough not to think a thing is true based solely on the assertion by the government that it is true.
  
  On the whole, the evidence we have about the hack does not point definitively at NK, and there's a lot of evidence that it was someone else.
  [ link to this | view in chronology ]
- tqk (profile), 28 Jan 2015 @ 7:17pm
  
  Re:
  It's win-win! Except if you're North Korea ...
  
  You don't think NK wins by being able to say, "See? Bad people *are* attacking us!" The US gov't is justifying NK's paranoia. The US fell into NK's trap, whether the former had anything to do with hacking the latter or not.
  
  Suckers!
  [ link to this | view in chronology ]
  - Pragmatic, 30 Jan 2015 @ 5:56am
    
    Re: Re:
    From what I've heard of their capabilities, I wouldn't have given them that much credit.
    [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 12:25pm

Asymmetric cyber warfare. The US can't win anymore than the redcoats could win a war against ten thousand Mel Gibsons ala "The Patriot". The cyber war and the currency war are raging (and yeah, a LOT of overlap of those) and it's just a matter of time before it becomes very painfully apparent to everyone.
[ link to this | view in chronology ]
- Anonymous Coward, 28 Jan 2015 @ 5:00pm
  
  The US has been destroying things in order to "save" them
  ever since the Vietnam war.
  
  The US is now destroying the Internet in order to "save" it.
  
  The Chinese apparently aren't going to buy from US anymore, and many others are having second thoughts.
  
  If it weren't for the new markets in Cuba, ;-) our IT exports would be in big trouble.
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 12:27pm

imho
"because it was so much more valuable to them to win once, than it it was for us to win thousands of times."

This statement shows a great point. When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable. The fact that the ones in power can keep up these double standards is, in a way, amazing.
[ link to this | view in chronology ]
- Pronounce (profile), 28 Jan 2015 @ 3:07pm
  
  Re: imho
  And it makes it even more amazing to me that the abuse of power and lack of integrity by U.S. leaders is a non-issue to the general public.
  [ link to this | view in chronology ]
  - Uriel-238 (profile), 28 Jan 2015 @ 3:22pm
    
    Not so much a non-issue as a resigned truth in this regime.
    Abuse of power and lack of integrity by US leaders has become a norm to which we've become apathetic, because there's nothing to do about it. It's like corrupt or lying representatives, ideological jurists and now brutal, murderous police officers. It's not that the typical lay-person can do anything about them, so we make do in a society we know is bent.
    
    And some of us have the luxury of being aware. Most people are too busy trying to earn a living or raise children to even concern themselves with what is being lied about, let alone who is doing the lying and getting clean away with it.
    
    But just because there's no outcry doesn't mean we don't hate it. It means that we're too tired to cry out, and know it wouldn't do any good.
    [ link to this | view in chronology ]
    - Pragmatic, 30 Jan 2015 @ 6:00am
      
      Re: Not so much a non-issue as a resigned truth in this regime.
      From what I've seen on some of the comments sections here and elsewhere, there is a subset of people who actually like it this way because they think it's for them and that they're on the winning side.
      
      Karl Bode calls it Partisan Nitwit Disease and there sure is a lot of people infected with it.
      
      If we can find some kind of vaccine for stupidity, you should find that the will of the people will be exerted for the good of all, as it should be.
      [ link to this | view in chronology ]
      - Uriel-238 (profile), 30 Jan 2015 @ 11:24am
        
        Human Cognitive Biases
        The status quo will always have an incumbent advantage. There will always be some people compelled to believe the current regime is the best regime, that change is only for the worse, that authority should be obeyed no matter how crazy or heinous their commands.
        
        This is the failure of the great experiment that is Democracy, in the late twentieth century: we learned that humans do not stay informed as to their own best interests, and for many other reasons will vote against them, such as on ideological principles that actually affect their lives very little.
        
        It is a stupidity for which we have no cure. But it raises awareness that we've been hacking human instinct for sometime now so as to expand our tolerance for large societies, and hacks tend to have unforeseen side-effects.
        [ link to this | view in chronology ]
- tqk (profile), 28 Jan 2015 @ 7:30pm
  
  Re: imho
  When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable.
  
  This's been going on for a long time, at least as far back as Kennedy. Cubans install Soviet missiles 90 miles off the coast of Florida, unacceptable!
  
  Er, what about all those missiles in Turkey targeting Moscow?
  [ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 1:01pm

neither the USA, UK or any of the other 'allied nations' are interested in spying on anyone else, really. it's just a way of being able to say, when the attacks come, that the attacks are terrible, dreadful, despicable! there is never any mention of what has been done by the allies to other countries and governments, that doesn't count. it was just 'keeping us in the game'. the main focus for all the spying is on the people! the ordinary citizens of whichever nation, because they dont have much (if anything) in the way of protection to stop the spying are so much more easy to spy on and to have it done covertly! any organisation that wants to hide things from governments or security forces will surely be much more capable of doing so, wont they?
[ link to this | view in chronology ]
Anonymous Coward, 28 Jan 2015 @ 1:39pm

Well, sure, for a security agency, the NSA sure doesn't know how to do serious opsec!
[ link to this | view in chronology ]
Uriel-238 (profile), 28 Jan 2015 @ 2:37pm

The NSA no longer protects us
...any more than Law Enforcement enforces the law.

They have old names but new agendas.
[ link to this | view in chronology ]
Pronounce (profile), 28 Jan 2015 @ 3:12pm

Western Citizens
"the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose."

I agree with your statement, Mr. Moody, but inasmuch as Western citizens are free to enjoy the personal benefits of strong encryption.
[ link to this | view in chronology ]
WaitWot, 28 Jan 2015 @ 6:34pm

Proof Positive
"We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched"

Leaving aside who did/didn't hack Sony, the statement above is proof positive that massive data surveillance (or in this case targeted surveillance) DOESN'T WORK.

Of course it wouldn't be put this way to the tech-crippled few in power, quite the opposite .. "we need more surveillance"

We're all targets, it's just a matter of time
[ link to this | view in chronology ]
Richard Matthew Stallman, 29 Jan 2015 @ 2:18pm

Pardon me, but not all of us use Microsoft Word or Windows.
Using them makes you totally vulnerable to attack by Microsoft.
Microsoft can even cut you off from system maintenance, as it did
with Windows XP.

See http://gnu.org/philosophy/proprietary/malware-microsoft.html.
[ link to this | view in chronology ]