Slashdot Mirror
The Rise of Feudal Computer Security
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'"
An anonymous reader provides a contrary opinion:
"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."
"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."
The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.
Good-bye
I have chosen to avoid any trust in or allegiance to Google, Apple, Facebook, or Microsoft. I have to trust my hardware, but I can switch that easily enough. I chose to trust Debian, but could easily enough switch that too. Everybody is free to make these decisions. I can use end-to-end encryption to hide my data from anyone else.
I am at the mercy of my ISP. If they fail to route properly I have no recourse and no alternative faster than 56k dial-up. Network neutrality and fairness from recipients of government-granted monopolies is where the regulation is required.
Go green: turn off your refrigerator.
Well, except for Vint. He's a Cerf.
Bend over, Apple demands primae noctis.
The government is a collective implementation of society. It has the rights that the whole of society gives it to look out for the common good. Rather than having to have individual people make their own mistakes or get individually conned, the government is an institution granted the rights to protect *your* rights.
It isn't the government regulating your decision; it's the government providing an environment in which as many options as possible are safe for you to choose from, so that you can specialize in something else and still be protected without having to worry about being swindled or conned out of giving up your own rights that have already been recognized by the collective society.
You can certainly argue that it's an idealistic framework that often doesn't meet such a mark in practice, and you can argue that the government can wind up doing its own share of swindling, but it's wrong to implicitly suggest that the government needs "rights" to be valid about doing what it does.
In fact anyone capable to run his own infrastructure already had most of this services more than 10 years ago.
Webmail, file storage accessible from anywhere, files synchronization between computers thru Internet, remote encrypted backups... all of this is quite trivial to setup and can be tailored to your needs in such a way that you won't even think of going back to "generic" services.
Don't get me wrong, all this "cloud" thing has been great to bring to the masses what we nerds always had. But I have yet to see one of this services successfully replacing what I already provide to myself with just an Internet connection, a router, a NAS, and tiny server.