Of Trust, The NSA, And Poisoning The Banquet

from the nobody-but-us dept

Two of the sharpest commentators on the implications of Snowden's leaks are the security expert Bruce Schneier, and the science fiction writer Charlie Stross. By an intriguing coincidence, both have recently written highly-readable columns that not only discuss the same issue -- the damage the NSA has wrought on the Internet -- but even employ the same key metaphor. In his "Internet Subversion," Schneier writes:

What we trusted was that the technologies would stand or fall on their own merits.

We now know that trust was misplaced. Through cooperation, bribery, threats, and compulsion, the NSA -- and the United Kingdom's GCHQ -- forced companies to weaken the security of their products and services, then lie about it to their customers.

His metaphor for what this has produced is striking:

This mistrust is poison.

He points out the terrible consequences of that weakened security:

There is a term in the NSA: "nobus," short for "nobody but us." The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. But that is hubris. There is no way to determine if or when someone else will discover a vulnerability. These subverted systems become part of our infrastructure; the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret.

In his own piece, "The Snowden leaks; a meta-narrative," Stross picks up on that theme, and emphasizes one particularly important implication:

At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden's) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden -- who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent -- to rampage through their internal information systems.

Stross then turns to the same metaphor that Schneier employed:

The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.

These two posts on the same topic are part of a growing awareness that the harm caused by spy agencies subverting key elements of the Internet is not only a much more serious problem than many people realize, but a long-term one that will be very hard to fix. It looks like we'll be forced to swallow the NSA's poison for a while yet.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Filed Under: bruce schneier, charlie stross, infrastructure, nsa, poison, surveillance, trust

Did The Publisher's Own Insistence On DRM Inevitably Lead To The Antitrust Lawsuit Against Them?

from the the-DRM-they-required dept

We've discussed in the past how it was the book publishers' own stupidity that put them in a position of demanding DRM from Amazon when Amazon wanted to launch the Kindle. The end result, of course, went exactly against the publishers' best interests, because it locked everyone in to Amazon as the platform. Because buyers can't easily switch to another platform and take their books with them, they have to keep using the Kindle (or Kindle app) if they want to continue to have access to the books they've bought in the past (because, remember, you don't own what you think you "buy" with ebooks).

Making Amazon such a dominant player in the market was a huge mistake -- and it was totally avoidable. We'd already seen the exact same thing happen with music and iTunes, where the labels originally required DRM, and Apple complied, locking many people into iTunes (a lock-in that was eventually taken away). We couldn't figure out why the publishers were so stupid to give Amazon such power, but it sounds as though it was a combination of technological illiteracy and an irrational fear of "piracy" trumping business sense.

Author Charlie Stross has a great blog post discussing a variety of issues around the history of Amazon and how it became such a dominant player in the market, in which he notes:

However, as subsidiaries of large media conglomerates, the executives who ran the big six had all been given their marching orders about the internet: DRM restrictions would be mandatory on all ebook sales, lest rampant piracy cannibalize their sales of paper books.

(This fear is of course an idiotic shibboleth—we've had studies since 2000 proving that Napster users back in the bad old days spent more money on CDs than their non-pirate peers. The real driver for piracy is the lack of convenient access to desirable content at a competitive price. But if your boss is a 70 year old billionaire who also owns a movie studio and listens to the MPAA, you don't get a vote. Speaking out against DRM was, as more than one editor told me over the past decade, potentially a career-limiting move.)

Once the publishers realized (way too late) that they'd turned Amazon into something of a monopsonistic buying power, they struggled to figure out what to do -- and the end result appears to look something quite like collusion -- which is why they're being sued today by the Justice Department. As the details of the lawsuit make clear, the deal with Apple wasn't just a deal to bring another competitor into the market, but one that was explicitly designed to increase prices for consumers.

As Stross notes, this was plan B. And it has now failed. That means that it's time for Plan C -- and the only reasonable plan C to get out from under Amazon's thumb is to drop DRM:

It doesn't matter whether Macmillan wins the price-fixing lawsuit bought by the Department of Justice. The point is, the big six publishers' Plan B for fighting the emerging Amazon monopsony has failed (insofar as it has been painted as a price-fixing ring, whether or not it was one in fact). This means that they need a Plan C. And the only viable Plan C, for breaking Amazon's death-grip on the consumers, is to break DRM.

If the major publishers switch to selling ebooks without DRM, then they can enable customers to buy books from a variety of outlets and move away from the walled garden of the Kindle store. They see DRM as a defense against piracy, but piracy is a much less immediate threat than a gigantic multinational with revenue of $48 Billion in 2011 (more than the entire global publishing industry) that has expressed its intention to "disrupt" them, and whose chief executive said recently "even well-meaning gatekeepers slow innovation" (where "innovation" is code-speak for "opportunities for me to turn a profit").

And so they will deep-six their existing commitment to DRM and use the terms of the DoJ-imposed settlement to wiggle out of the most-favoured-nation terms imposed by Amazon, in order to sell their wares as widely as possible.

I know there's been some talk about whether or not Apple or Amazon is the more "evil" party in the ebook world -- but it really seems like the publishers dug their own graves here. In their desperation to avoid the dreaded word "piracy," they never bothered to understand the real issues or the obvious results of focusing so strongly on DRM. Handing Amazon so much power was stupid. Colluding with Apple to try to get away from that original stupid decision was potentially even more stupid. The only real path to fixing things is to go back and fix the original stupid decision, and recognize that piracy is a hell of a lot less of a "threat" than handing over the entire market to a single player (or even just two major players).

If only they'd realized this originally -- just as tons of people had warned them.

Filed Under: antitrust, charlie stross, doj, drm, ebooks, kindle, publishing
Companies: amazon, apple, macmillan