Slashdot Mirror
Former CIA Head Calls for Limiting Access to the Internet
GMill writes "Former CIA head George Tenet has called for limiting access to the internet to only those who take security seriously and that the industry should 'lead the way' in restricting access. Somehow I don't think that this is a call to ban Microsoft products from the internet. What exactly does he want?"
Obviously, the power of free speech on the Internet is something for gov'ts to fear. This has been predicted by many.
This is just the first step in limiting people's free speech rights on the 'net and turning it into a bland, corporate organ, similar to today's TV.
"I know that these actions will be controversial in this age when we still think the Internet is a free and open society with no control or accountability," he told an information-technology security conference in Washington, "but ultimately the Wild West must give way to governance and control."
So the Internet can be full of organized corruption? Pay offs, rules only followed by those that don't have enough money and power?
If there is data accessible via the Internet that "terrorists" could use to "attack" us then that data needs to be moved off of the Internet. The general public should be allowed to travel around without restrictions or control.
Mr. Tenet called for industry to lead the way by "establishing and enforcing" security standards. Products need to be delivered to government and private-sector customers "with a new level of security and risk management already built in."
What exactly does he mean by this? Does he mean that an open consortium should sit down and discuss how we should build a more secure network that is still able to communicate like the old one? Or does he mean that we should all be locked down with hardware and software tied with "trusted computing" which will lead to further domination by a small group of companies?
Personally, I believe that the United States needs to understand that they aren't the only entity in the world and that they cannot determine the future of the Internet because they are paranoid about "terrorism". What would have happened if the Internet was this popular during McCarthyism? Would we have had to make sure we were all secure because of the over-inflated threat that the Soviet Scare created?
Terrorism is another scare tactic phase in our history where money is diverted to pay for unnecessary applications (both military and civilian) to protect us against a threat that we have no way to stay ahead of. No matter what we do they will always find a way to circumvent our methods (ie scanning for bombs on planes when instead they used the plane as the bomb itself or checking for the outlines of guns and knives when they used a boxcutter).
Somehow I don't think that this is a call to ban Microsoft products from the internet. What exactly does he want?
He wants government control where government control is unnecessary. What they need is to stay out of the lives of the public and keep up with the protection of the entities that they already have control over. Sorry but Big Brother doesn't do anything but piss people off. I highly doubt that the "threat" is going to attack us through private channels over asymmetric broadband connections and dialup modems.
I realize it is difficult for someone living their life in a position of authority in the high ranks of a government funded organization to understand what the people want but that's exactly why his comments need to be fought tooth and nail.
I'll end my rant with: Keep your fucking own data safe from the "threat" without infringing on the freedoms created without government control.
That he thinks that all actions should be logged and easily traced back to whoever committed said action.
It also means that they want some better backdoors built into existing encryption products, but the CIA is having a hard time getting them into the open source ones.
I wonder if the CIA/NSA/FBI/etc has people who help program OSS so that they can incorporate little hooks into things?
Since those Islamic terrorists crashed browsers into the Twin Towers and the Pentagon, and they sent envelopes full of computer viruses to the Senate and the American Media building in Florida. Oh, wait...
It's because those Islamic Terrorists learned how to fly jet airliners on-line! Yeah! Oh... Um...
Because the idea is easily enforceable and people outside the United States will have no choice but comply! No? Crap...
"Wow. Now THAT'S a lot of angry Indians." - Lt. Col. George Armstrong Custer
Before you go freaking out with you tinfoil hats, read that article's title again. He is the FORMER director of the CIA, which means that now he is just a guy with an opinion, just like us (only with probably fewer computers/components sitting around unused in his house/parents' basement). He has no real authority over anything right now, he just has more of a voice because of his previous job as head of the CIA.
This is a prime example of Americans against freedom. Why do you Americans stand for this blatant abuse of your independence and right to be free?
His most interesting comment was "but ultimately the Wild West must give way to governance and control" ... A layman's analogy that doesn't really apply, and he never tells us what 'governance and control' means, although we can all take some pretty good guesses...
What doesn't kill you only delays the inevitable
When I started, the USENET application would inform me that my message would be spread across tens of thousands of computers at immeasurable cost as a subtle hint to keep things interesting, and Internet Chat required some basic knowledge of Makefiles and attention to documentation before you could run a client. Frankly, things became unmanageable at the point the Internet was made accessible to anybody with a web browser; anybody who's been around this long knows what I'm talking about.
It's a short hop to realizing that the problems we're experiencing with virii and worms are the same problem. Intimate knowledge of x86 assembly used to be a requirement -- along with a malcontent-type disposition -- in order to wreak the sort of havoc that today requires fifteen minutes and an Effective VBScript In Fifteen Minutes manual. Every document is now a program, and e-mail doubles as FTP.
Many experts believe we should raise the barrier of entry by requiring programmers to undergo education, certification, and maybe even an oath to do no harm as part of the certification process if going into a security field. It used to take years to do what kids today can do in months; additionally, a would-be programmer who spends a few months picking up Visual Basic or whatever has hardly learned the fundamentals of programming any more than someone who reads a manual about his DVD player has become a laser engineer. I suggest that the field and the general user experience would be greatly enhanced by limiting access to compilers/assemblers (by means of pricing and with the cooperation of the open source community) and by separating macros or other executable content from documents.
It makes more sense than trying to go out and educate every user. Think about it; in what other field do we "educate" "users"? We don't try to educate people with electrical outlets and let any curious individual perform as a licensed electrician. We don't "educate" passengers and let anyone who cares be a bus driver give it a try. Why are things always so difficult when it comes to computers?
Try not. Do or do not, there is no try.
-- Dr. Spock, stardate 2822-3.
Mr "Slam Dunk WMD Iraq" Tennet. Please Both the R's and D's think this Guy is a loser. He's just trying to stir up something so he'll be invited on with Bill O'Rielly and get some free phone sex............
So Long and Thanks for all the Fish.
OK, it's pretty damn short article to begin with, but I betcha what's driving these comments from someone like Tenet is the fact that more and more of the government's information, records, processes, yadda yadda yadda is online. It may be "secure" (in a manner of speaking) but it's online. The military (DoD) has been mandated to have everything networked - communications is a good example (look at JTRS to see what I mean). Interoperability and accessibility are the words of the day (well, decade) at DoD. So if all that info, if all those processes, if all that is plopped ontop of a networked infrastructure, where the security of the system relies on the security of 3rd party products (i.e.: OSes, app software, web servers, even hardware, etc.), then those 3rd party vendors better be providing an incredibly secure and robust product. If the DoD builds a big honkin wall between its network and the rest of the world's network, you only need one point of compromise to take down that internal network. A chain's only as strong as it's weakest link, right?
"Content's a bitch."
Is this the same paper that claimed the Russians were responsible for the missing stockpile of conventional weapons and even the WMD? Does this paper have any credibility left as anything but a Republican Mouthpiece (a la Fox News?) And this gets front page?
In Soviet Russia, articles before post read *you*!
While George Tenet did in fact say that the "Wild West" mentality of the Internet needs to change, the context of his comments were related to distributing sensitive but not quite secret information to public (read: city police departments) organizations.
The biggest point that he made was in regards to Authentication across organizational boundaries. He expressed a vision of information agencies de-secretizing information that can be made available to people that need to know. (His example: Events that were noticed leading up to the Bali attacks are useful to police officials that notice similar "casing" events. But keeping track of who needs to know, and more importantly making sure they actually are who they say they are is a major hurdle to overcome before the vision can be realized.
"Shutting down the Internet" is the Times stretching his otherwise benign speech into something that it isn't. Like everyone in DC does: Ignore the Washingtons Times. They're junk.
I think the final comment from the article speaks the most about the mindset of this fellow:
The national press, including United Press International (UPI), were excluded from yesterday's event, at Mr. Tenet's request, organizers said.
That it's not the people's fault for thinking the software/hardware they are using *is* secure but really isn't.
It's the industry's fault for not pushing for tighter controls on the equipment that provides Internet access points.
I don't believe that people should be held accountable for knowing security inside and out. That's why they turn to the big guns of the industry to provide their hardware. "Hey, it says it's secure!"
Phil
This quote from the article says it all: "The national press, including United Press International (UPI), were excluded from yesterday's event, at Mr. Tenet's request, organizers said."
There is not nearly enough love in the world, but there is far too much trust.
and let any curious individual perform as a licensed electrician.
I've done quite a bit of electrical work around the house, and been fine.
It is infact legal to do all the wiring in your house, provided its inspected.
However, comparing electricity and the net seems pretty far fetched. Yes, uneducated users are causing problems. However banks and critical gov't networks should NOT be part of the internet at all, they should have thier own networks that only they rely on.
For 2 (3?) administrations he ran the largest and most sophisticated intelligence agency in the world.
How did you measure the sophistication of the various intelligence agencies around the world? I can't even work out how you calculated the sizes (ignoring the utterly stupid like "added up official allocations in dollars"). What is the size of the largest Chinese intelligence agency in comparison to the size of the CIA?
The real Ralph Yarro posts as Anonymous Coward. Anyone else is an impostor.
Here's the sort of thing he may be talking about:
About four years ago I was working with an Army colonel who was writing an M.A. thesis on the problem of the internet and critical infrastructure. One of the things he kept worrying about was electrical utilities that had control of their grids (including, supposedly, things like the ability to increase power from hydro-electric facilities) accessible from the internet. His concern was that bad guys -- back in those days, it was the Chinese -- might hack these systems and do unpleasant things.
I kept objecting that this was a completely crazy system, and all you needed to eliminate that problem was making sure that some reasonably intelligent guy named Joe (or Jane) had to read messages from a terminal and walk across the room before setting the controls on Hoover Dam to "How long can you tread water?" rather than letting this be controlled directly through the Web. I've subsequently learned that this is known as placing an "air gap" in the controls -- it is standard in high-security systems.
He tells me -- based on sources he can't reveal (hey all you students out there working on end-of-the-semester term papers, don't you wish you could use that excuse?? And meanwhile, stop reading /. and get back work!! [slap, slap, slap]) -- that these facilities have to be under instant control because this is how electricity trading works and if Joe/Jane had to intervene manually, billions of dollars would be lost in electricity markets because these depend on split-second manipulation.
So, fast forward to the present. Who was [nominally] making those billions of dollars? Enron. How helpful. Meanwhile after 9/11, I lost track of the guy -- he's doubtlessly in one of those jobs now where if he told me what he was doing, he'd have to kill me.
Critical infrastructure on the web -- doesn't sound like a good idea to me (though I still can't believe the system is as vulnerable as he implied it was -- like, we're stupid but are we really that stupid??). At least some folks in the U.S. government have been concerned about this for quite some time, and that may be what Tenet (who, it should be noted, has as much influence on current policy as John Kerry has...less actually) is getting at.
"All successful systems accumulate parasites" -- Hal Hixon
You'll have to encrypt it before it leaves the client machine, store it only in encrypted form on the server, and decrypt it back on the client machine.
In other words, you're looking at more than a simple web application.
Now there are some things to be said in favour of hosting in the US, in that, should there be a 3rd-party intrusion, the civil penalties can bankrupt the perp. Unfortunately, as you seem to be aware, the govt will claim "eminent domain" when they're the one doing the B and E.
The first question you might want to ask yourself is, are you legally allowed to store medical information on servers outside your jurisdiction (in other words, are there any particular privacy laws in your locale that might come into play)?
For example, a strict interpretation of PIPEDA (the Canadian Personal Information Protection and Electronic Documents Act http://privacyforbusiness.ic.gc.ca/epic/internet/i npfb-cee.nsf/en/hc00005e.html)
requires that information be stored securely. A strict reading of this requirement would outlaw putting protected personal data on servers beyond the reach of the Act and subject to access by other governments or agencies.
As to your other question: The internet was designed to route around breaks and failures, so even if the US were to do a "Great Wall of China" thing, the rest of the world would continue to function.
We're thinking of hosting a site or 2 with a hosting company in the US ourselves, but I would be hesitant to put anything really sensitive in a jurisdiction outside my own - easier to sue the principals involved, etc., should the hosting company screw up security. International lawsuits are a real pain - just ask the victims of Bhopal.
It's much worse than that actually. Criticizing the President is one thing - but what about criticizing the President's policies?
Do you ever mention smoking pot or underage drinking while online?
What about criticizing corporations? Or complaining about poor service at a local store?
"...openness makes the system vulnerable, Mr. Tenet said."
Taking quotes out of context is fun!
Quoted and rephrased;
Here's something to ponder ... though perls before swine and all that ... when you say 'God' in earnest, what thoughts do you have about God?
What I mean is this: List off all the things that God has as you understand them. Be careful, thoughtful, and honest; feel free to add or strike things from your list. Even being beyond comprehension is a thing for your list.
For example, is power and might a necessity, or an added bonus? Is kindness and charity above power in what makes God God?
Now, taking your list, is there anything else that also shares some or all of this list? Hey, even Google can help with this one! (Tip: use the ~ key ~like ~this to look up similar words.)
If you now remove characteristics from this list, when does the list stop describing God and start to describe anything or anybody else; a person, an other deity (mythical or not), an abstract idea (love, humility, conscience, excellence, strength), a social relationship? Any set of the above?
Take your time.
Ready?
Here's another set of questions: Why do so many groups argue -- some to the death -- about what is and is not God? Do these contradictory visions of God ever contradict the group's own wishes?
I think I have answers to this, and the answers work incredibly well, though I'll let you come to your own...if you are willing.
A firewall can not protect you from yourself. Turn off what you do not need. Do not use the firewall to do your work.
How many GODS has man had throughout history?
Doesn't asserting that your GOD is the only GOD constitue a pompous attitude?
Just a honest question.
I probably shouldn't bother to reply to someone talking about ghosts flying into himself, but this is as good an opportunity as any to comment on a topic that applies to a lot of peoples' posts:
:)
" He gives us food, shelter, etc. out of the goodness of His heart. "
Um... and whose fault is it that we need food and shelter in the first place?
There're an infinite number of other possible forms of existence a consciousness could take other than these horrible animal bodies we're stuck with.
If your god made people in a form that requires food and shelter, it'd be rather mean not to provide them, now wouldn't it?
This general concept applies to a lot of what people are saying in this thread. The so-called "loving" actions of deities only make sense in the context of current human existence. Any problems a god solves are ones he created in the first place.
And free will? Sure, free will that rides atop hard-wired animal instincts of survival and reproduction. Why would a loving god intentionally create sinful instincts?
Perhaps a simpler way to put it... why create Earth in the first place? Why not just make Heaven and leave it at that?
"Submit to God or be damned" makes sense.
"God is love" does not.
Now, if everyone saying "God is love" is doing so solely because they tremble in fear of the wrath of God if they were to say otherwise, that actually does makes sense.