Schneier: The US Government Has Betrayed the Internet, We Need To Take It Back 397
wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.
And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."
Freenet, I2P, Tor - darknets (Score:5, Informative)
One solution at hand are darknets - awesome and uncensorable (but slow, though that is the price) Freenet,
and I2P for hidden services, and the orginal plain Tor.
Come join us, at #freenet at freenode.org we are supporting all users of freenetproject.org
Also, consider just started channel #mempo where new linux distribution is planned with the goal of being most secure one (combining best ideas from Hardened Gentoo, Debian, Tails, Whonix, Qubes-Os). Because security must be complete on all levels (e.g. darknet but also av, rootkit protection, programs compartmnet :)
Re: (Score:3, Interesting)
There is not going to be privacy as long as the physical links are not in the hands of the people. You are not the king of your castle if you rent. People need to start digging ditches and burying fiber to connect to their neighbors.
What is Bruce Schneier's game? (Score:5, Informative)
Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us [issilentci...rceyet.com]" sort of way. W T F!???
let me reproduce this informative message posted to the comment section of the article:
I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.
But I am not sure about some of the security mobs he is advocating here.
GPG: OK, clever people can read the source code (though most average Joe programmers can't)
Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.
Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.
OTR: Same as GPG as the source code is available.
Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.
Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.
But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.
I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.
Re:What is Bruce Schneier's game? (Score:5, Informative)
He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "
Do you know who founded and remains a principal of Silent Circle? Phil fucking Zimmermann. This is the guy who wrote and released PGP because he feared the NSA would get away with forcing everyone to use their back-doored skipjack clipper chip. He was subsequently harassed with a criminal investigation. If there is one guy that you can trust not to knuckle under to the NSA, it is Phil Zimmermann.
In fact, Silent Circle just withdrew their Silent Mail product because they feared that the NSA would force them to backdoor it in the near future. They canceled a product line rather than risk it being compromised.
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Peer review is no panacea. I'm not going to argue against open-source, but open-source is at significant risk too. You can't pull an _NSAKEY but with the resources available to the NSA it is no big feat to weaken an implementation in a non-obvious way.
Silent Circle's approach is that they sell their software to the US and UK government. If the NSA were to require them to install a secret backdoor then the NSA would be compromising the security of all of their government customers because they don't sell two different versions of their software, it is the same for all customers.
Re:What is Bruce Schneier's game? (Score:5, Insightful)
I agree that peer review is no panacea and that open-source is at significant risk too. however open peer review is sure better than no open review. Silent Circle could easily continue to sell their services to the US and UK government AND fully open source the code. Why dont they? More $$$ instead of more security, more likely - not a good sign.
Also your logic that they sell their software to the US and UK government so the NSA would not want to backdoor it does not hold up to scrutiny. How do we know that the NSA does not buy 10K worth a licenses - hardly a blip on their budget - just to shelve and never use them. In exchange the Silent Circle product is backed doored through gag orders, threats, coercion and/or covertly subverted (all things we know they now do, regularly). How do we know that the binary we get is not different than the binary the NSA gets - because their sales team told us?
There is no way around it anymore - if your a company providing security products and your not full open source, and that source has not been stable and well reviewed for some time, then your product cannot be trusted no matter how many famous upstanding people are on your board of directors or licenses the US/UK Gov buys from you.
Re: (Score:3, Insightful)
There is no way around it anymore - if your a company providing security products and your not full open source, and that source has not been stable and well reviewed for some time, then your product cannot be trusted no matter how many famous upstanding people are on your board of directors or licenses the US/UK Gov buys from you.
But if you do release all your source then someone can take all you hard work and then undercut you on price in the case of something like silent circle where you are selling a service not a product. Alternative people can take your source and just use it in house to roll their own solution. In both of these cases nobody pays you a penny and you go broke real fast.
Open Source is really tricky to do well and make money from and sometimes it is just not a viable business model.
Re: (Score:2)
But if you do release all your source then someone can take all you hard work and then undercut you on price in the case of something like silent circle where you are selling a service not a product. Alternative people can take your source and just use it in house to roll their own solution. In both of these cases nobody pays you a penny and you go broke real fast.
Yes and yes. So it is more $$$ Vs more security/customer (and leechers) confidence in your product decision. This latest round of news will galvanize a new round of "If it is not open source it cannot be trusted" thinking so closed and partially closed source companies may now start to sell less sales - the balance is tipping in favor of coming clean, opening up all the source and selling your professional services on the side. Yes less $$$, but I think that is going to happen anyway now that anyone who is
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Open Source is really tricky to do well and make money from and sometimes it is just not a viable business model.
Agreed, but the counterargument is that if it's closed source, you can't trust its security, and nobody should really trust it anyways. Why would I use some security software if it may well be carrying around an NSA backdoor? Why should anyone pay for it?
Once you close the source to your security product, you effectively have no product anymore. Open source is not 100% bulletproof, but closed source is by this point bloody close to 0%.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
>> Open Source ... is just not a viable business model.
> Agreed ... closed source ... can't trust ...
But then again, one of Bruce's arguments is that WE -- the engineers and geeks who built the Internet -- should fix it. Doesn't that imply an open source approach as well? The existence of third-party, closed-source vendors is just a symptom of the underlying problem. If they go out of business as a result of the Net being "fixed" by the community, then ... oh, well. Just my opinion.
Interesting discussion, by the way.
Here's why it has to be open (Score:5, Informative)
Let's see an example of closed source encryption - Adobe Acrobat from a few years ago. Their code was the same one used by Julius Caesar, a very simple letter substitution code which could be cracked with a cardboard code wheel that used to be printed on the back of corn flakes packets to entertain children. Commercial "security" software needs to be open to prevent such laziness being used to defraud people that think they have paid for something that will stop third parties being able to read their PDF files or whatever.
Any readers that think I am making that ridiculous situation up should google Dmitry Sklyarov. The only thing more ridiculous than Adobe's code was that they hit Sklyarov with a DMCA notice for it which somehow resulted in him being imprisoned for months - a DMCA notice for something Julius Caesar wrote about so should be in the public domain by now! No penalty for a false DMCA notice was levied on Adobe (or anyone else - it's one sided with no consequence for crying wolf).
Re:What is Bruce Schneier's game? (Score:4, Interesting)
In both of these cases nobody pays you a penny and you go broke real fast.
So you can't make money off the code. Who cares? Vine is free, yet they sell cute stickers in app. They make a ton of money and the messenger app is just the vehicle to sell stickers. What is to stop anyone making a messenger app with strong end to end encryption that is open source and also happens to sell these copyrighted stickers? Oh, right, nothing. That's a very easy, proven way to make money.
Want to add some trust to the build for regular people? Post a page stating "We have never received a request by the NSA to distribute a broken product" and leave that page posted so long as it is true. If the page goes down, someone not related to the company can post a build, post the same message and again, as long as it is true, the message stays up. If you think that third party is the NSA and lying, you have the build instructions. Build it yourself, just to be sure. In fact, the build instructions could be as simple as install java, click this .jnlp that installs a hudson build server locally which does the build for you.
Re:What is Bruce Schneier's game? (Score:5, Insightful)
They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail". Or/and they can just just hire someone to contribute code that has security flaws.
And in the extremely unlikely event that anyone spots the bas code, just replace it with something else 2 days latter.
Yes they could, and probably do. However your leap to the conclusion that it is extremely unlikely that anyone spots code change is not correct. Thousands of people, even millions for the more successful products will update their source code repositories - the exact lines of source code that have changed will be highly visible to many people - and a subset of those will be security professionals and they are _very_ interested in any changes to the base code of their main security tools. You just proposing that we close our eyes download a binary and trust it instead. To reiterate: todays news has told us just how far the NSA has gone to compromise ALL MAJOR proprietary closed source security tools. All of them.
Re:What is Bruce Schneier's game? (Score:4, Interesting)
That is a red herring.
Will the security researchers be putting that level of scrutiny on evey desktop application?
Screw trying to backdoor the security software. It is much easier to simply backdoor something innocuous to get a foothold on the machine. Once it is compromised, just read all the encrypted stuff BEFORE IT GETS ENCRYPTED.
Re: (Score:3)
OK, but defence is 100 times harder than offences. It would be relatively easy to plan a security hole that is implemented only over a 2 month period in completely unrelated parts of the problem.
And if you have the authority to arrest anyone who does not comply, it would be easy for the compiled binaries to be different than the source code in one or two tiny ways.
Done right, by security experts, it would be impossible to spot.
Re:What is Bruce Schneier's game? (Score:5, Interesting)
Does anyone know if anyone is actively looking for that type of exploit?
Re: (Score:3)
Sounds like you are talking about Ken Thompson's speech/paper "Reflections on Trusting Trust". If you read the Wikipedia article on Backdoor (computing) [wikipedia.org] there was a virus, W32/Induc-A, which used the tactic to infect the Delphi compiler and produce tainted binaries. The GNU site which distributes the GCC suite only offers source so the source could be checked for such exploits. A tainted binary distribution could be planted into a distro repository or malicious ISO images could be distributed. Bittorrent is
Re: (Score:3)
It is much easier to simply backdoor something innocuous to get a foothold on the machine.
Right, in the XKeyscore presentation slides that were released, one of the example queries was "give me a list of all exploitable machines in country X."
Re:What is Bruce Schneier's game? (Score:4, Interesting)
And what happens if he refuses? Is he "disappeared"? A public prosecution would be risky, of course, since then they would have to reveal (at the very least) that they tried to force him to do something bad.
And what if he complies? He inserts the line, it's immediately spotted by his co-developers and they say "no way that goes in, it's an obvious security hole!". Project maintainer says "Um. I'll just keep it in my tree if it's all the same to you. Maybe you can leave it out in your trees."
Life isn't nearly as easy for NSA as you would believe. Especially not these days. Thank God.
Re: What is Bruce Schneier's game? (Score:3)
You are utterly wrong.
Backdoors in encryption software would necessarily involve weakening the core encryption code. This section rarely changes, and is the most important part to get right. It's also not a lot of code. Any changes to this section will get a LOT of scrutiny.
Plus, it's actually hard to weaken encryption... you probably go after the key generation and make it generate keys from a smaller space than necessary.
To write code like that and sneak it in without it being spotted would be very diffic
Re: (Score:3)
But then they also have to persuade all the users to adopt that fork. "Use crappy software or go to jail," didn't even work for the MPAA, so why does the NSA think they have a chance? ;-)
Re: (Score:2, Insightful)
I believe one issue people think we have is that the root CA's are compromised. Now I have no information one way or another there, but if that is true, one possibility might be a web of trust type approach. For instance, rather than one signing authority, you could use three and then use three levels of public key encryption. The assumption would be that if say the CA's were in countries that did not trust each other, then presumably at least one of the signing keys would remain secure regardless...
Re:What is Bruce Schneier's game? (Score:5, Insightful)
Say I set up a website, whatever.com, and I have a root certificate from Verisign, an intermediate from Intermediate CA, Inc, and my whatever.com certificate. If the NSA subpoenas or hacks and steals the Verisign root certificate, they can make a fake public and private key with the name Intermediate CA, Inc and sign that with the Verisign private key. Then they can make a public and private key for whatever.com. Then they use their fake Intermediate CA Inc.certificate to sign that. Unless you the person visiting whatever.com specifically have an original copy of the real whatever.com certificate public key, and you look at the public key of the certificate every time you visit the website, you'll never notice that the NSA has replaced the real certificate with theirs. As long as they're using the correct Verisign private key, your browser will not detect any problems.
This of course permits the NSA to do a classic Man-In-The-Middle attack. They give your browser the fake certificate chain and a copy of the website login page, you type things in, they decrypt them, and use them to log in to the real website, they get the results back from the real website, re-encrypt them with the fake certificate chain, and send them back to you. As far as you know you're using the real website, as far as the website server knows they're speaking with a normal browser, but the NSA is capturing everything either side transmits in clear text and can inject fake content in either direction whenever they want.
The SSL/TLS chain of trust only works if private keys of the root certificate authorities are genuinely private. If anyone gets a private key, SSL's security is demolished (unless the theft of that private key becomes public, in which case that key is added to certificate revocation lists).
Re:What is Bruce Schneier's game? (Score:4, Informative)
This of course permits the NSA to do a classic Man-In-The-Middle attack. They give your browser the fake certificate chain and a copy of the website login page, you type things in, they decrypt them, and use them to log in to the real website, they get the results back from the real website, re-encrypt them with the fake certificate chain, and send them back to you. As far as you know you're using the real website, as far as the website server knows they're speaking with a normal browser, but the NSA is capturing everything either side transmits in clear text and can inject fake content in either direction whenever they want.
This is why there are browser addons such as Perspectives [perspectives-project.org] which allow you to verify the certificate and will notify you if a certificate's signature changes at any time.
Re: (Score:3)
Maybe we need to move to a superset of the existing CA system, to a WoT. That way, CAs can suggest that a key offered from somewhere is legit, but are not the be all and end all. Plus, a CA can be trusted, semi-trusted, or left untrusted. Semi-trusted would mean that if multiple CAs in different countries all signed a cert, then that cert is likely OK and hasn't been tampered with.
The problem, as always, is end user education. The days of just assuming that a green lock icon on a webpage meaning complet
Re:What is Bruce Schneier's game? Open source ... (Score:2)
Re:What is Bruce Schneier's game? (Score:5, Informative)
The tails devs regularly post all the security hols found, with links to the source of the hole, and then patch it in the next version.
The issues are often bugs in the browser, or libcrypt, or some other part of the system. Perhaps even a new TOR version. Since they are essentially just packaging a distribution, this shows not that it is OMG SCARY UNSAFE, but that they are staying abreast of the issues with the apps and libs they roll into their distro. Not just keeping up with it, but linking right on the front page all the information you need to determine if this is a significant threat or applies to you.
If you cannot bother to read the reports or care to even try to understand what they mean, then perhaps you should stick with windows. It auto updates for you and sound more than secure for your purposes.
Re:What is Bruce Schneier's game? (Score:5, Insightful)
Bruce Schneier is putting his name on the line with everything he publicly does and says. I trust him more than I trust someone who posts FUD wanting to know what his "game" is.
One thing about the compromised web: don't trust anyone but really be suspicious when someone tries to spread FUD on someone who has generally been trustworthy.
Re: (Score:3)
I'm not sure that I would've categorized it as FUD, but some defintions.
FUD: Fear, Uncertainty and Doubt characterized by non-specific statements and innuendo to create such about specific targets
Fear: that encryption will be bypassed
Uncertainty: you can't trust closed source software
Doubt: in the silent circle offering
Fear: that you can't trust Schneier
Uncertainty: he recommends silent circle, but recommends against US/UK based software
Doubt: maybe Schneier has a hidden agenda
As to silent circle: you have
Re: (Score:2)
Re: (Score:2)
I'm not smart about these things. If I have a 1TB drive and only a .5TB visible partition, are the Feds going to fall for the story that I've given them everything? Don't they know about the "hidden partition" trick yet?
Re:What is Bruce Schneier's game? (Score:5, Insightful)
Re: (Score:2)
There is not going to be privacy as long as the physical links are not in the hands of the people. You are not the king of your castle if you rent. People need to start digging ditches and burying fiber to connect to their neighbors.
...or just encrypt all the data that passes along the existing cables.
Re: (Score:2)
No, that's not sufficient. Encrypted data still exposes metadata: Who, when, where. And that's under the generous assumption that the encryption actually does what it promises to do.
And today we know it doesn't. Does codename Bullrun ring any bells? (Hint: Snowden, NSA)
Re: (Score:3, Insightful)
Neither will make a difference so long as people use Gmail/Hotmail/Yahooo/Facebook/etc.
If your communications go through a large US corporation then no amount of quantum-encrypted cables (or whatever) will help.
Re:Freenet, I2P, Tor - darknets (Score:5, Insightful)
Make it really easy to encrypt/base-64 encode your emails before they're uploaded to Gmail/Hotmail/Yahooo/Facebook/etc.
"Transparent to the user" would be ideal. I don't know if a browser plugin could manage that but I don't see why not - just intercept the "send" process.
Encryption keys could be generated automatically during the first few exchanges with another person by attaching information to the end of the email. After two or three replies the displayed email address turns green and you're good to go.
Yes, they could do mass man-in-the-middle attacks during the key exchange but so long as two people can verify their keys by phone (or whatever) then we'll know about it. More importantly, we'll be able to prove they're doing it. That would lead to more news stories about what the NSA does and more public awareness of the importance of installing an encryption plugin.
Re: (Score:2)
Re: (Score:3)
Yes, one could have a stateful encryption with a very long state built into a threaded mail reader.
The idea obviously is not to make decryption impossible, it's to slow down mass decryption, thereby making mass mail searches harder and restoring a measure of civil liberties.
Re: (Score:3)
Please do not try to come up with your own cryptographic protocols! Odds are there are easier and safer ways to achieve what you're trying to achieve.
Re: (Score:2)
Re: (Score:2)
That's never going to be even moderately secure. If you type the cleartext into a browser window with Javascript or read the cleartext in a browser window with Javascript, then any encryption is moot.
Packet sniffers would soon reveal any nefarious business, and there's plenty of people who'd run a sniffer just to be able to prove something was going on.
The real problem right now is proving anything - anybody in a position to provide hard proof is being gagged. An encrypting plugin plus sniffer would enable anybody to prove it.
even if it worked, it would still leave the metadata wide open: Who, when, where.
I admit that's a tougher problem to solve.
One step at a time, though. Let's start by encrypting the contents...
Re:Freenet, I2P, Tor - darknets (Score:5, Insightful)
1/ Email, if you want to send or receive, from normal people won't be secret.
2/ Facebook, Youtube, Skype, Amazon etc won't be on it.
If you've got something you want to hide enough then the tools to try and do it are available. For the average person though it isn't a viable or effective proposition. We need to stop this happening, not just find ways for a few people to work around it.
Re: (Score:3)
There is also a KickStarter for software called Trsst [kickstarter.com] that's a secure, distributed replacement for Twitter. Basically it's makes the key management and public key distribution easy, and gives you control over your own data. They're at about 50% funding with a week or so left. If you have any interest in this sort of thing, have a look. This sort of thing shouldn't be required, but until things change, this is a nice solution.
Re: (Score:3, Insightful)
Now even better! Only 159 characters per message! .. ? =P
Seriously. Twitter suck. Why would I want any form of twitter? 160 characters suck. SMS suck to.
Re: (Score:2)
There is also a KickStarter for software called Trsst [kickstarter.com] that's a secure, distributed replacement for Twitter.
All these free/secure Facebook and Twitter are great, but who is going to use it? How do you connect to eachother if nobody you know uses it or wants to use it?
Re: (Score:2)
Only a few used Twitter and FaceBook in the beginning. If people are looking for a groundswell of support for properly encrypted communications, I think recent events are about the best advertising you're going to get.
Re:Freenet, I2P, Tor - darknets (Score:5, Interesting)
Demand IPv6. Yell at your ISP. At least ask for it and tell them how important it is. With IPv6 people can start running own servers and more P2P stuff. The Internet before the last 10 years worked that way and it was good. The "Internet" of today is centralized and that is a major problem. No wonder it's easy for Intelligence agencies to do what they are doing if the only thing they need to do is attack 10 or 20 corporations to succeed.
Teach people around you about technology, encryption and how the Internet works. Give them an image of how their clear-text messages hop around and where they land and what happens to it when it does.
Don't be ignorant and don't say stuff like "well, I've known it all the time - I don't have anything to hide anyway so I don't care". Are your really sure about that? Do you know how your life will look like in 10 or 20 years time and how the political climate will look like where you live at that point?
Support organizations fighting for your freedom - I don't care if it's EFF, FSF, Pirate Party or something else. There are people willing to take on the big guys for you when you are not, but they can't do it without your help.
Low tech (Score:5, Funny)
All we have to do (Score:2)
... is make it more difficult for the government to spy on us, right? How may more people have to start routinely encrypting email before it gets so computationally expensive that bulk searches are no longer worth the effort?
Re:All we have to do (Score:5, Interesting)
GOOD LUCK with that shit (Score:2, Insightful)
they've got flamethrowers, man
Re: (Score:3)
That, and, they'll simply legislate against anything which removes their central control. It'll only be a matter of time before darknets are legislated against "for the children", at least those they haven't already entirely honeypotted.
Oh Well There's Your Problem (Score:3)
Keeping things safe. (Score:3)
Re:Keeping things safe. (Score:5, Insightful)
Naw, HTTPS only protects you against folks who don't already have the keys. You pretty much can't trust virtually any data communication that takes place on the internet. However, that doesn't mean stop doing stuff - it just means weigh the value of what you're doing against the expectation that the information is likely to be used against you. For example - the NSA may have my internet banking credentials - but am I worried they're going to steal my money? No - either 1) they don't need to, 2) if some rogue agent decided to, there are legal protection and insurance avenues I can take to regain my money, 3) if the government decided they needed to steal my money, then even them not having my internet banking credentials isn't going to stop them anyway.
I'm not an advocate for "if you have nothing to hide, you have nothing to worry about" at all. I'm just facing the realization that our government is completely morally corrupt, and outside of changing it by force, I can never protect my information online unless it's information I've encrypted and uploaded myself (and even then I'm still at risk if my OS is rooted or my encryption algorithm has a master algorithm). So, I weigh that knowledge against my activities and don't worry too much. If I was concerned about being identified, then you can protect yourself, but it largely involves not using your net connection, among other things.
Agreed (Score:4, Insightful)
But in all practicality, how do you seize back control from the likes of the three-letter agencies?
It's not like there is any party in the US which hasn't been complicit in granting them ever-greater powers. It's not like a Canadian like myself can vote against the bullshit. It's not like Canada is about to invade the US over the issues, nor anyone else, seeing as their three-letter agencies are doing the same god-damned thing.
Re:Agreed (Score:5, Insightful)
See Robert Heinlein's book "Take Back Your Government" for details.
Unfortunately, it needs people like you to get up from their sofas and actually do something instead of just grumbling about it.
Re:Agreed (Score:5, Informative)
Update:
According to Wikipedia a new edition was printed last year - https://en.wikipedia.org/wiki/Take_Back_Your_Government [wikipedia.org]
That's quite timely...
Re: (Score:3)
If you won't go to jail for your beliefs, then they might not be that important to you.
Most of the major social movements, and you are hoping for a social movement, required confronting the state, and risking jail time. Civil rights in US easiest example, but Indian independence and anti-apartheid movement are others.
I know people who went to jail for their beliefs.
I don't suppose you have, have you?
I'm ready to go to jail for my beliefs -- and I've confronted the authorities many times -- but I don't want to give up my life by doing something that is futile and won't work.
I know people who went down South to work in the Civil Rights movement in the U.S., and one of them got killed. I wish I had gone with them. I didn't realize then how important it would be.
One of the striking things I noticed was that many of them wer
Union (Score:2)
Actually, I think we need "unions" for programmers or engineers in general to sort out this kind of issue.
As another example, if we had unions back in the Windows95 era, then there would never have been an IE6. We would have had stronger web standards.
Re: (Score:3, Funny)
Re:Union (Score:4, Insightful)
Re: (Score:3, Insightful)
You're missing the bigger picture - if we had unions, we could sit behind nice desks, and have those with computers problems make appointments to see us (at times convenient for us, when we're not playing golf). Then we'd sit down and discuss the problem with them and go "reboot it twice and if it doesn't fix it call me in the morning", and charge a hefty fee.
Re: (Score:3)
You're in fantasy land.
Working for a union just means more and more onerous paperwork than any other job I've ever worked. Shuffle this, shuffle that, shuffle, shuffle, shuffle.
Even AT&T and Bell Canada didn't have as much paperwork as I got stuck filling out and filing while working a union job as a programmer.
Hated it, big time!
Re: (Score:2, Insightful)
I've had a number of union programming jobs in Denmark. The union ensured that I got to take my vacation, that my contract was in order, that I got training on company time for new technology and that if something illegal happened, I'd have access to a lawyer. I don't doubt that what you are saying was true in your case, it's hardly a universal property of programmers' unions.
We don't need unions. We need _good_ unions.
Re: (Score:3)
Mesh internet / web of trust now! (Score:2)
Also: mandatory encryption, support for non-RSA modes of key exchange, and (this is what Tor really lacks) extra latency on request.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
UK Official Secrets Act (Score:5, Informative)
Once again the UK trumps the US in the paranoia and anti-freedom game. The UK Official Secrets Act applies to all British subjects, OK they get you to sign it, but that us mostly a symbolic gesture to remind you of your obligations and the penalties. Under the act you don't even need to have clearance or be the recipient of a leak. Even if you have worked it out for yourself from publicly available information you can still be gagged, and breaking a gag can bring down the full force of the law against you.
Re:UK Official Secrets Act (Score:5, Informative)
This is not true. There are some parts that only apply to government workers, and there are some parts that apply to everybody, regardless of nationality.
Also, practically nobody is a British subject these days, and this has been the case for over 30 years. People with british nationality are British citizens, not subjects. British subjects are a different category and there's hardly anybody in that category. It's mostly just a historical technicality that the category even exists.
Re: (Score:3)
I think everyone born in Ireland before 1949 (ie, those over 64) are Still British subjects, right? That's more than "hardly anybody". Plus a few people in India or Pakistan over 64 who never applied for citizenship in their nation (or any other), I believe, which probably is a small group.
Re: (Score:2)
UK Official Secrets Act is not the dream it was in the past for stopping publishers, press, the politically connected and academics.
What cannot be published in the UK can be seen from the UK via the net.
What cannot be hosted in the UK can be seen from the UK via the net.
The act of con
Spot On (Score:5, Insightful)
Bruce nailed it. We've sat on our collective asses and watched the politicians, spooks, and marketing clowns turn an engineering marvel into a sad parody of it's former intended self. I don't think anyone nowadays can question the need for some serious re-engineering. We can solve the technical problems and propose new standards and protocols.The real question is how do we implement the fix.
Will the standards committees support it? Will the Powers that Be allow it? Like Bill the Bard wrote, "Aye, there's the rub."
Education (Score:2)
I think a necessary step is to make sure that there is a general understanding that this is a problem -- here we must not merely preach to the choir but reach a wider and maybe technically illiterate audience) Who are we dealing with
1. People who willingly forgo their right to privacy (and therefore understand the issue at hand)
2. People who are ignorant their privacy rights are not respected (and therefore do not understand the issue at hand)
3. People who are aware that their privacy rights are not respect
Re: (Score:2)
The destruction of trust (Score:5, Insightful)
The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.
I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?
Will anyone be asking themselves the same questions about me? (They probably should.)
The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.
Excellent point (Score:4, Insightful)
You make a really excellent point. Sadly, we can only react at this point. It seems to me that there are three useful reactions:
- Keep up the political and media pressure. Don't let this issue die in the news cycle. Americans can apply internal pressure; those of us elsewhere can do our bits to keep up international pressure. For example: I will be integrating the NSA as part of a larger Internet security discussion in at least two of my university lectures in the coming semester.
- Promote open-source software for all security purposes. While not everyone can audit the software, there are enough people out there who can and will. The NSA cannot predict who will do so, and hence cannot have them all in its pay.
- Refuse to use any American IT services where security is important. This is not only sensible, it also applies economic pressure to companies that can lobby in Washington.
Re:The destruction of trust (Score:5, Interesting)
The exact same process has been going with doctors (The Red Cross, Doctors without borders, World Polio programs etc.) being used as cover by intelligence services and special forces. This practice is forbidden by the Geneva conventions, and now real doctors working in war zone's are being treated with suspicion at the very least, or shot on sight at worst.
"Ah, arrogance and stupidity all in the same package. How efficient of you!"
Trust was destroyed a decade ago (Score:3)
I would argue that trust is what got us into the current mess of pervasive vulnerability. There's been too much trust, for too long. It is easier to program in a world where you can ignore the risk that someone is going to inject SQL commands into a Web form, or believe that once you've stored data on a server inside your firewall, that data is safe. That world is gone and it's not coming back. We, the tech community, have left too many back doors unlocked and unguarded for too long, and now there is a whol
Re:The destruction of trust (Score:4, Insightful)
The Internet was later coopted by groups of academics who didn't really have to worry if their communications were intercepted because they were pretty much public anyway and had nothing really to gain from abuses such as faking BGP route updates. Trust wasn't required.
The public, commercial, Internet may have had an illusion of trust, based solely on the fact that nobody historically worried about it. That doesn't mean it was based on trust, if means any trust it enjoyed was based on ignorance.
Trust in the Internet is in any case a wider issue than who is listening in. It's also knowing what really happens to the data about you provided voluntarily that gets hoovered up by all those online services chatting to each other behind the scenes.
Nor is it merely about the Internet - it's about your phone, your car, your smart watch, your contactless payment card and all the other things that can be enabled by technology to spy against you.
There isn't a technical fix to all of that, some of it has to be a political fix.
Reviews needed: programs, protcols, algorithms (Score:2)
The first thing that we need is a good audit of programs, protcols, algorithms. That won't be easy. Open Source stuff has a head's start, but someone needs to read it all. We knew that Skype was broken, but what else: SSL ?
As for encryption algorithms, there are only a handful of people in the world who are really qualified to check them; what if their opinions can be bought/blackmailed ... ?
This will take a lot of effort, but what good is GPG if the encryption algorithms that it uses have been weakened ?
SSH (Score:2)
Has it been cracked? This question is of utmost importance.
I suspect that is has.
Warrant canary. (Score:5, Informative)
A more robust version of rsync.net's "warrant canary" (http://www.rsync.net/resources/notices/canary.txt) might help, if it were to become more commonplace, people would start to assume any provider not providing one to already be under gag order.
IANAL, but the legal theory is that while a gag order can make it illegal to speak out, it can't force someone to make falsified or fraudulent statements - any entity that has not already received a secret order is free to testify to that fact, and simply stop making that assertion at such time that they are compromised.
If this were made more robust, for example, key employees being videotaped undergoing a polygraph regularly where they are asked questions about the integrity of their service, it might just work. (I realize a polygraph isn't secure. For this purpose, however, it doesn't matter, because it provides a means to deliberately fail a test while having deniability of your intent to do so.
I'm sure similar creative ideas could be used :)
Its a global coup-d'etat (Score:3)
You cannot fix this technologically, politically, or socially. This is not a "problem". Its a global coup-d'etat.
Dream On (Score:5, Insightful)
So long, and thanks for making computers creepy! (Score:4, Interesting)
I think the totalitarian sickness Schneier describes goes well beyond the NSA. Computers and especially mobile devices are becoming creepy, for lack of a better word, even without government intervention. They are the prying eyes in your house Harriton High School Used Laptop Webcams To SPY On Students At Home [huffingtonpost.com], they are following your every move Government Location Tracking: Cell Phones, GPS Devices, and License Plate Readers [aclu.org], they are keeping tabs on what you like and don't like Mapping, and Sharing, the Consumer Genome [nytimes.com] (featured on slashdot yesterday, itself a thinly veiled phishing scam IMHO). Although subject to government abuse, none of the "services" highlighted in those links were instigated by the government. Just yesterday I was innocuously checking for prices for various professional training seminars on Google, and on cue my Email inbox started overflowing with unsolicited offers. On some days, I want to throw my smartphone in the trash and unplug my computer from the internet and only plug it back in when I need to access the SVN repository.
So Kudos to Bruce Schneier for addressing his call to the engineering community, but now it begs a question: aren't engineers, including those outside the NSA/DEA/FBI, somewhat responsible for creating this creepy user experience? I don't think they're suddenly going to wake up one day and fix it; a significant subset has embraced the creepiness and fundamentally doesn't understand why it might be a problem for others.
Re: (Score:2)
The sarcasm BURNS it's so powerful...
Re:Thanks Mr Schneier (Score:5, Interesting)
Just wait until the character assassination begins for Schneier too. He's been taking very strong positions, I'm waiting for a photoshopped picture of him fucking a sheep to be released on the Internet for the whole world to see. Pretty soon, he'll be living in a South American country's embassy.
Re:Thanks Mr Schneier (Score:5, Insightful)
I couldn't care less if Assange or Snowden are nice guys. That's completely irrelevant for the matter if they're sweet little cherubs or like to fuck sheep on their spare time. Nobody does what they did by being that nice guy everybody wants to have a beer with.
The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.
Re:Thanks Mr Schneier (Score:5, Informative)
I dispute that these vigilantes should decide what should be "declassified" or what isn't.... I just strongly object to the methods being used by the anti-secrecy crowd, and I don't trust their motivations at all.
That is a fair enough opinion and nobody can argue with it, it is good to have a healthy dose of skepticism about any information that is presented to us via any channel. However what is more difficult to dispute is when a leaked document reveals heinous war crimes - should focusing on the messenger still be more important than a message of that significance? Also remember that Washington leaks information all the time (for example the Bin Laden operation) - why are leaks that expose crimes be worse than leaks that make the president look good? To most people that just reeks of hypocrisy.
The usual reply to this logic is "what war crimes, there were no war crimes exposed - but look over there - Assange is a narcicist and Manning is a traitor!!". However even a basic search and read of the documents they destroyed their lives to bring to us show that this claim is absolutely false:
Revelations from the Afghanistan and Iraq war logs detailed the use of paramilitary death squads [wikileaks.org], complicity in the torture [telegraph.co.uk] of Iraqi citizens, the indiscriminate killing [guardian.co.uk] of civilians by private military contractors and many other abuses. Meanwhile, the leaked State Department cables brought to light scores of secret drone strikes in countries we are not even at war with, and uncovered the collusion [amnesty.org] between the U.S. and Yemini governments to lie about American responsibility [huffingtonpost.com] for the massacre of 41 people in the Al-Majalah region. They also revealed [ccrjustice.org] U.S. interference with judicial efforts in Spain to investigate the Bush administration's torture practices. In Tunisia, leaks exposing [pbs.org] the opulence and corruption of Ben Ali's government were a catalyst for the revolution that brought down the repressive regime and ignited other pro-democracy movements throughout the Arab world. The list could go on but the point is simple: it would have been a disservice to democracy to withhold this important information.
Re: (Score:3)
[quote]These people have a radical and fairly crude ant-secrecy agenda, and the stuff they bring to light may be done in a highly selective and self-serving manner. And regardless of whether you think governments should be allowed to keep secrets or spy on people, I dispute that these vigilantes should decide what should be "declassified" or what isn't. It's only slightly better when the leaks are channelled through the media, given that journalism is a "soft option", and that journalists are only slight be
Re: (Score:2)
Your vision of the www is 1000x worse than what we have. It should be more open not less. Let people do what they want. Maybe we'll come back to hyper text markup eventually. For now everyone is way more excited about reactive data binding on the document object model and restful json data services. Oh and apps, lots of apps.
Re: (Score:2)
There are software developers that can be considered engineers.
They are rare however.
Re: (Score:3)
America is not the world. I'm from the UK.
I didn't elect any of your governments. Or even my own, come to that.
Even if I had have voted, I could not have voted for/against certain provisions, so my vote means nothing in terms of individual actions by the government. We still went to war despite most people who voted the parties in not agreeing with it (and look likely to do so again soon).
My commercial choices don't "make" Hollywood, or other people, anything. People are dumb now, have been in the futur
Re: (Score:3)
What compromised foundation? A compiler that you can suck out and replace in a second with any of the alternatives?
Your *CODE* doesn't corrupt when you compile with a rogue compiler (that's what source management is for), only the base binary built from it.
The point is not to assume that your compiler is safe, but to work in a way that - WITH A SAFE COMPILER - your code is fine. Other people will be working with different compilers and - AGAIN - by comparing outputs of different compilers you can work on