Sorry Bruce, that’s not even remotely true. “Internet governance was largely left to the benign dictatorship of the United States because everyone more or less believed that we were working for the security of the Internet instead of against it.” Tags: backdoors, essays, intelligence, Internet, privacy, surveillance, trust This essay previously appeared in the Boston Review. And once we stop subverting, we can credibly devote our resources to detecting and preventing subversion by others. Most of the high-tech companies that make the Internet work are US companies, so our influence is disproportionate. We’ll never get every power in the world to agree not to subvert the parts of the Internet they control, but we can stop subverting the parts we control. The Internet is too important to the world-and trust is too important to the Internet-to squander it like this. It is surveillance versus security, and we all rise and fall together. The same vulnerabilities used by intelligence agencies to spy on each other are used by criminals to steal your passwords. By inserting vulnerabilities, we are making everyone vulnerable. By weakening security, we are weakening it against all attackers. Because we all use the same products, technologies, protocols, and standards, we either allow everyone to spy on everyone, or prevent anyone from spying on anyone. We can’t both weaken the enemy’s networks and protect our own. These subverted systems become part of our infrastructure the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret. There is no way to determine if or when someone else will discover a vulnerability. There is a term in the NSA: “nobus,” short for “nobody but us.” The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. Far worse governments are using these revelations to push for a more isolationist Internet, giving them more control over what their citizens see and say. Foreign companies are fleeing US suppliers because they don’t trust American firms’ security claims. Internet governance was largely left to the benign dictatorship of the United States because everyone more or less believed that we were working for the security of the Internet instead of against it. Because we don’t know, we can’t trust any of them. Do we trust hardware and software from Russia? France? Israel? Anywhere? We have long believed that networking products from the Chinese company Huawei have been backdoored by the Chinese government. We also have to assume that other countries have been doing the same things. ![]() Reed Hundt calls for the government to support a secure Internet, but given its history of installing backdoors, why would we trust claims that it has turned the page? Sex is never explicitly mentioned, but you know it’s on the table.” The NSA’s SIGINT Enabling Project has a $250 million annual budget presumably it has more to show for itself than the fragments that have become public. One of them told me, “It’s like going on a date. I have heard engineers working for the NSA, FBI, and other government agencies delicately talk around the topic of inserting a “backdoor” into security products to allow for government access. The NSA also inserted a degraded random number generator into a common standard, then worked to get that generator used more widely. The NSA convinced Microsoft to make some unknown changes to Skype in order to make eavesdropping on conversations easier. We know of a few examples of this weakening. Through cooperation, bribery, threats, and compulsion, the NSA-and the United Kingdom’s GCHQ-forced companies to weaken the security of their products and services, then lie about it to their customers. What we trusted was that the technologies would stand or fall on their own merits. We knew that Internet security was an arms race, and the attackers had most of the advantages. We didn’t trust that the programmers were perfect, that the code was bug-free, or even that our crypto math was unbreakable. We didn’t have any illusions that the Internet was secure, or that governments, criminals, hackers, and others couldn’t break into systems and networks if they were sufficiently skilled and motivated. This is how we technologists trusted the security of the Internet. The psychology is complex, but when we trust a technology, we basically believe that it will work as intended. ![]() We trust other people, but we also trust organizations and processes. It is not uniquely human, but it is the underpinning of everything we have accomplished as a species. It is personal, relative, situational, and fluid. By doing so, it has destroyed the trust that underlies the Internet. In addition to turning the Internet into a worldwide surveillance platform, the NSA has surreptitiously weakened the products, protocols, and standards we all use to protect ourselves.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |