Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
Privacy The Internet

Schneier: The US Government Has Betrayed the Internet, We Need To Take It Back 397

Posted by samzenpus
from the power-to-the-online-people dept.
wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."
This discussion has been archived. No new comments can be posted.

Schneier: The US Government Has Betrayed the Internet, We Need To Take It Back

Comments Filter:
  • by Anonymous Coward on Friday September 06, 2013 @04:55AM (#44772991)

    There is not going to be privacy as long as the physical links are not in the hands of the people. You are not the king of your castle if you rent. People need to start digging ditches and burying fiber to connect to their neighbors.

  • by Anonymous Coward on Friday September 06, 2013 @05:12AM (#44773057)

    Demand IPv6. Yell at your ISP. At least ask for it and tell them how important it is. With IPv6 people can start running own servers and more P2P stuff. The Internet before the last 10 years worked that way and it was good. The "Internet" of today is centralized and that is a major problem. No wonder it's easy for Intelligence agencies to do what they are doing if the only thing they need to do is attack 10 or 20 corporations to succeed.

    Teach people around you about technology, encryption and how the Internet works. Give them an image of how their clear-text messages hop around and where they land and what happens to it when it does.

    Don't be ignorant and don't say stuff like "well, I've known it all the time - I don't have anything to hide anyway so I don't care". Are your really sure about that? Do you know how your life will look like in 10 or 20 years time and how the political climate will look like where you live at that point?

    Support organizations fighting for your freedom - I don't care if it's EFF, FSF, Pirate Party or something else. There are people willing to take on the big guys for you when you are not, but they can't do it without your help.

  • by daem0n1x (748565) on Friday September 06, 2013 @05:42AM (#44773147)

    Just wait until the character assassination begins for Schneier too. He's been taking very strong positions, I'm waiting for a photoshopped picture of him fucking a sheep to be released on the Internet for the whole world to see. Pretty soon, he'll be living in a South American country's embassy.

  • by FriendlyLurker (50431) on Friday September 06, 2013 @05:47AM (#44773161)
    All fair points. Gag orders are gag orders however and they do not care for big famous names. If it does not have peer reviewed source code hanging out there - how can we trust it especially given this latest bombshell of a revelation showing just how far they are willing to go to "undermine the social contract [theguardian.com]" of the Internet?
  • by Jah-Wren Ryel (80510) on Friday September 06, 2013 @05:58AM (#44773209)

    Peer review is no panacea. I'm not going to argue against open-source, but open-source is at significant risk too. You can't pull an _NSAKEY but with the resources available to the NSA it is no big feat to weaken an implementation in a non-obvious way.

    Silent Circle's approach is that they sell their software to the US and UK government. If the NSA were to require them to install a secret backdoor then the NSA would be compromising the security of all of their government customers because they don't sell two different versions of their software, it is the same for all customers.

  • by MRe_nl (306212) on Friday September 06, 2013 @06:44AM (#44773421)

    The exact same process has been going with doctors (The Red Cross, Doctors without borders, World Polio programs etc.) being used as cover by intelligence services and special forces. This practice is forbidden by the Geneva conventions, and now real doctors working in war zone's are being treated with suspicion at the very least, or shot on sight at worst.

    "Ah, arrogance and stupidity all in the same package. How efficient of you!"

  • by MrDoh! (71235) on Friday September 06, 2013 @07:36AM (#44773657) Homepage Journal
    That's what I'm hoping, but also wonder if the deployment of fast net in the US is being deliberately crippled so the NSA can keep up with it. "You can't install that tech until our capacity is up to speed" If everyone has 1gb connects to/from the net, and decent encryption is used on everything moving up and down the pipe, even the NSA would have trouble keeping up to speed on it all. Everyone would/could be running various TOR (and whatever comes next) to make it a moving target. But for now.. speeds what they are, it's got me wondering. The tech's there, other countries have deployed it, as well as breaking the internet, is it also slowing it down for US citizens to facilitate spying?
  • by elashish14 (1302231) <profcalc4@gma[ ]com ['il.' in gap]> on Friday September 06, 2013 @07:54AM (#44773765)

    Open Source is really tricky to do well and make money from and sometimes it is just not a viable business model.

    Agreed, but the counterargument is that if it's closed source, you can't trust its security, and nobody should really trust it anyways. Why would I use some security software if it may well be carrying around an NSA backdoor? Why should anyone pay for it?

    Once you close the source to your security product, you effectively have no product anymore. Open source is not 100% bulletproof, but closed source is by this point bloody close to 0%.

  • by Vintermann (400722) on Friday September 06, 2013 @07:55AM (#44773767) Homepage

    They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail".

    And what happens if he refuses? Is he "disappeared"? A public prosecution would be risky, of course, since then they would have to reveal (at the very least) that they tried to force him to do something bad.

    And what if he complies? He inserts the line, it's immediately spotted by his co-developers and they say "no way that goes in, it's an obvious security hole!". Project maintainer says "Um. I'll just keep it in my tree if it's all the same to you. Maybe you can leave it out in your trees."

    Life isn't nearly as easy for NSA as you would believe. Especially not these days. Thank God.

  • by chill (34294) on Friday September 06, 2013 @07:57AM (#44773781) Journal

    That is a red herring.

    Will the security researchers be putting that level of scrutiny on evey desktop application?

    Screw trying to backdoor the security software. It is much easier to simply backdoor something innocuous to get a foothold on the machine. Once it is compromised, just read all the encrypted stuff BEFORE IT GETS ENCRYPTED.

  • by smpoole7 (1467717) on Friday September 06, 2013 @08:15AM (#44773927) Homepage

    >> Open Source ... is just not a viable business model.

    > Agreed ... closed source ... can't trust ...

    But then again, one of Bruce's arguments is that WE -- the engineers and geeks who built the Internet -- should fix it. Doesn't that imply an open source approach as well? The existence of third-party, closed-source vendors is just a symptom of the underlying problem. If they go out of business as a result of the Net being "fixed" by the community, then ... oh, well. Just my opinion.

    Interesting discussion, by the way.

  • by bryguy5 (512759) on Friday September 06, 2013 @08:51AM (#44774165) Homepage
    I worry more about the NSA putting something in the binary on popular linux distributions. If they modified the c compiler to put backdoors in the programs it creates it would be very hard to detect. The backdoors would not be in any visible source code but would magically get inserted during the compilation, especially the complilation of a new compiler.

    Does anyone know if anyone is actively looking for that type of exploit?
  • by ggraham412 (1492023) on Friday September 06, 2013 @08:56AM (#44774207)

    I think the totalitarian sickness Schneier describes goes well beyond the NSA. Computers and especially mobile devices are becoming creepy, for lack of a better word, even without government intervention. They are the prying eyes in your house Harriton High School Used Laptop Webcams To SPY On Students At Home [huffingtonpost.com], they are following your every move Government Location Tracking: Cell Phones, GPS Devices, and License Plate Readers [aclu.org], they are keeping tabs on what you like and don't like Mapping, and Sharing, the Consumer Genome [nytimes.com] (featured on slashdot yesterday, itself a thinly veiled phishing scam IMHO). Although subject to government abuse, none of the "services" highlighted in those links were instigated by the government. Just yesterday I was innocuously checking for prices for various professional training seminars on Google, and on cue my Email inbox started overflowing with unsolicited offers. On some days, I want to throw my smartphone in the trash and unplug my computer from the internet and only plug it back in when I need to access the SVN repository.

    So Kudos to Bruce Schneier for addressing his call to the engineering community, but now it begs a question: aren't engineers, including those outside the NSA/DEA/FBI, somewhat responsible for creating this creepy user experience? I don't think they're suddenly going to wake up one day and fix it; a significant subset has embraced the creepiness and fundamentally doesn't understand why it might be a problem for others.

  • by MacDork (560499) on Friday September 06, 2013 @10:31AM (#44775197) Journal

    In both of these cases nobody pays you a penny and you go broke real fast.

    So you can't make money off the code. Who cares? Vine is free, yet they sell cute stickers in app. They make a ton of money and the messenger app is just the vehicle to sell stickers. What is to stop anyone making a messenger app with strong end to end encryption that is open source and also happens to sell these copyrighted stickers? Oh, right, nothing. That's a very easy, proven way to make money.

    Want to add some trust to the build for regular people? Post a page stating "We have never received a request by the NSA to distribute a broken product" and leave that page posted so long as it is true. If the page goes down, someone not related to the company can post a build, post the same message and again, as long as it is true, the message stays up. If you think that third party is the NSA and lying, you have the build instructions. Build it yourself, just to be sure. In fact, the build instructions could be as simple as install java, click this .jnlp that installs a hudson build server locally which does the build for you.

No user-servicable parts inside. Refer to qualified service personnel.

Working...