Schneier: The US Government Has Betrayed the Internet, We Need To Take It Back

wabrandsma writes "Quoting Bruce Schneier in the Guardian: 'The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it. Government and industry have betrayed the internet, and us. This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community. Yes, this is primarily a political problem, a policy matter that requires political intervention. But this is also an engineering problem, and there are several things engineers can – and should – do."

Freenet, I2P, Tor - darknets

One solution at hand are darknets - awesome and uncensorable (but slow, though that is the price) Freenet,
and I2P for hidden services, and the orginal plain Tor.

Come join us, at #freenet at freenode.org we are supporting all users of freenetproject.org

Also, consider just started channel #mempo where new linux distribution is planned with the goal of being most secure one (combining best ideas from Hardened Gentoo, Debian, Tails, Whonix, Qubes-Os). Because security must be complete on all levels (e.g. darknet but also av, rootkit protection, programs compartmnet :)

Re:Freenet, I2P, Tor - darknets

Demand IPv6. Yell at your ISP. At least ask for it and tell them how important it is. With IPv6 people can start running own servers and more P2P stuff. The Internet before the last 10 years worked that way and it was good. The "Internet" of today is centralized and that is a major problem. No wonder it's easy for Intelligence agencies to do what they are doing if the only thing they need to do is attack 10 or 20 corporations to succeed.

Teach people around you about technology, encryption and how the Internet works. Give them an image of how their clear-text messages hop around and where they land and what happens to it when it does.

Don't be ignorant and don't say stuff like "well, I've known it all the time - I don't have anything to hide anyway so I don't care". Are your really sure about that? Do you know how your life will look like in 10 or 20 years time and how the political climate will look like where you live at that point?

Support organizations fighting for your freedom - I don't care if it's EFF, FSF, Pirate Party or something else. There are people willing to take on the big guys for you when you are not, but they can't do it without your help.

Low tech

[MrDoh!]

That whole 'IP over Carrier Pigeon' thing doesn't look so crazy now does it? Until the NSA start training intercepting hawks.

Re:Keeping things safe.

[black3d]

Naw, HTTPS only protects you against folks who don't already have the keys. You pretty much can't trust virtually any data communication that takes place on the internet. However, that doesn't mean stop doing stuff - it just means weigh the value of what you're doing against the expectation that the information is likely to be used against you. For example - the NSA may have my internet banking credentials - but am I worried they're going to steal my money? No - either 1) they don't need to, 2) if some rogue agent decided to, there are legal protection and insurance avenues I can take to regain my money, 3) if the government decided they needed to steal my money, then even them not having my internet banking credentials isn't going to stop them anyway.

I'm not an advocate for "if you have nothing to hide, you have nothing to worry about" at all. I'm just facing the realization that our government is completely morally corrupt, and outside of changing it by force, I can never protect my information online unless it's information I've encrypted and uploaded myself (and even then I'm still at risk if my OS is rooted or my encryption algorithm has a master algorithm). So, I weigh that knowledge against my activities and don't worry too much. If I was concerned about being identified, then you can protect yourself, but it largely involves not using your net connection, among other things.

What is Bruce Schneier's game?

[FriendlyLurker]

FTFA:

Since I started working with Snowden's documents, I have been using GPG, Silent Circle, Tails, OTR, TrueCrypt, BleachBit, and a few other things I'm not going to write about.

He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "

Silent circle - a US and UK connected commercial company - propriety closed source, and in a sneaky "no we are open, really trust us" sort of way. W T F!???

let me reproduce this informative message posted to the comment section of the article:

I usually rate Bruce Schneier highly, except for his faux pas a few years ago when he initially endorsed showing passwords on screen, saying that shoulder surfing is not such a big deal.

But I am not sure about some of the security mobs he is advocating here.

GPG: OK, clever people can read the source code (though most average Joe programmers can't)

Silent Circle: It's USA based, and subject to the same backdoor 'requests' as anyone US-based company. It also employs ex-special forces 'security experts' - just the sort of people who might go and do wiretaps in foreign climes.

Tails: What I have just seen on their website, 'Numerous security holes in Tails 0.19 Posted Mon 05 Aug 2013 12:00:00 AM CEST'. Not exactly the best advert and hardly comforting if one wanted security.

OTR: Same as GPG as the source code is available.

Truecrypt: Well the soruce code is avaiable, so I would put it in the same basket as GPG. It has a choice of algorithms, including one (partly) designed by Schneier.

Bleachbit: Well that is client-side. Anything in the clear across the net (i.e. non encrypted traffic) can be read anywhere along the route.

But the big glaring thing is, at least in the UK, you can be sent to prison for refusing to hand over your encryption keys. And this has happened. People like to talk big, but the prospect of eating porridge with a lot of nasty looking and foul smelling prisoners, does not appeal to most people.

I would say that doing your own encryption, by this I mean using some of the open source tools and not closed source ones (and definitely not American ones) is a good thing.

Re:What is Bruce Schneier's game?

[Jah-Wren+Ryel]

He recommend Silent Circle right after saying "the NSA also works with security product vendors to ensure that commercial encryption products are broken in secret ways that only it knows about. "

Do you know who founded and remains a principal of Silent Circle? Phil fucking Zimmermann. This is the guy who wrote and released PGP because he feared the NSA would get away with forcing everyone to use their back-doored skipjack clipper chip. He was subsequently harassed with a criminal investigation. If there is one guy that you can trust not to knuckle under to the NSA, it is Phil Zimmermann.

In fact, Silent Circle just withdrew their Silent Mail product because they feared that the NSA would force them to backdoor it in the near future. They canceled a product line rather than risk it being compromised.

Re:What is Bruce Schneier's game?

[FriendlyLurker]

I agree that peer review is no panacea and that open-source is at significant risk too. however open peer review is sure better than no open review. Silent Circle could easily continue to sell their services to the US and UK government AND fully open source the code. Why dont they? More $$$ instead of more security, more likely - not a good sign.

Also your logic that they sell their software to the US and UK government so the NSA would not want to backdoor it does not hold up to scrutiny. How do we know that the NSA does not buy 10K worth a licenses - hardly a blip on their budget - just to shelve and never use them. In exchange the Silent Circle product is backed doored through gag orders, threats, coercion and/or covertly subverted (all things we know they now do, regularly). How do we know that the binary we get is not different than the binary the NSA gets - because their sales team told us?

There is no way around it anymore - if your a company providing security products and your not full open source, and that source has not been stable and well reviewed for some time, then your product cannot be trusted no matter how many famous upstanding people are on your board of directors or licenses the US/UK Gov buys from you.

Re:What is Bruce Schneier's game?

[PopeRatzo]

Bruce Schneier is putting his name on the line with everything he publicly does and says. I trust him more than I trust someone who posts FUD wanting to know what his "game" is.

One thing about the compromised web: don't trust anyone but really be suspicious when someone tries to spread FUD on someone who has generally been trustworthy.

Re:What is Bruce Schneier's game?

[FriendlyLurker]

They can still go up to the head of the open source organization and says "you must include this back-door in your program, or go to jail". Or/and they can just just hire someone to contribute code that has security flaws.

And in the extremely unlikely event that anyone spots the bas code, just replace it with something else 2 days latter.

Yes they could, and probably do. However your leap to the conclusion that it is extremely unlikely that anyone spots code change is not correct. Thousands of people, even millions for the more successful products will update their source code repositories - the exact lines of source code that have changed will be highly visible to many people - and a subset of those will be security professionals and they are _very_ interested in any changes to the base code of their main security tools. You just proposing that we close our eyes download a binary and trust it instead. To reiterate: todays news has told us just how far the NSA has gone to compromise ALL MAJOR proprietary closed source security tools. All of them.

Re:What is Bruce Schneier's game?

[bryguy5]

I worry more about the NSA putting something in the binary on popular linux distributions. If they modified the c compiler to put backdoors in the programs it creates it would be very hard to detect. The backdoors would not be in any visible source code but would magically get inserted during the compilation, especially the complilation of a new compiler.

Does anyone know if anyone is actively looking for that type of exploit?

Re:What is Bruce Schneier's game?

[DuckDodgers]

If the root certificate private key is held by the NSA, they can bypass the entire remainder of the web of trust.

Say I set up a website, whatever.com, and I have a root certificate from Verisign, an intermediate from Intermediate CA, Inc, and my whatever.com certificate. If the NSA subpoenas or hacks and steals the Verisign root certificate, they can make a fake public and private key with the name Intermediate CA, Inc and sign that with the Verisign private key. Then they can make a public and private key for whatever.com. Then they use their fake Intermediate CA Inc.certificate to sign that. Unless you the person visiting whatever.com specifically have an original copy of the real whatever.com certificate public key, and you look at the public key of the certificate every time you visit the website, you'll never notice that the NSA has replaced the real certificate with theirs. As long as they're using the correct Verisign private key, your browser will not detect any problems.

This of course permits the NSA to do a classic Man-In-The-Middle attack. They give your browser the fake certificate chain and a copy of the website login page, you type things in, they decrypt them, and use them to log in to the real website, they get the results back from the real website, re-encrypt them with the fake certificate chain, and send them back to you. As far as you know you're using the real website, as far as the website server knows they're speaking with a normal browser, but the NSA is capturing everything either side transmits in clear text and can inject fake content in either direction whenever they want.

The SSL/TLS chain of trust only works if private keys of the root certificate authorities are genuinely private. If anyone gets a private key, SSL's security is demolished (unless the theft of that private key becomes public, in which case that key is added to certificate revocation lists).

UK Official Secrets Act

[gramty]

"One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order"

Once again the UK trumps the US in the paranoia and anti-freedom game. The UK Official Secrets Act applies to all British subjects, OK they get you to sign it, but that us mostly a symbolic gesture to remind you of your obligations and the penalties. Under the act you don't even need to have clearance or be the recipient of a leak. Even if you have worked it out for yourself from publicly available information you can still be gagged, and breaking a gag can bring down the full force of the law against you.

Re:Agreed

[Joce640k]

See Robert Heinlein's book "Take Back Your Government" for details.

Unfortunately, it needs people like you to get up from their sofas and actually do something instead of just grumbling about it.

Re:Thanks Mr Schneier

[daem0n1x]

I couldn't care less if Assange or Snowden are nice guys. That's completely irrelevant for the matter if they're sweet little cherubs or like to fuck sheep on their spare time. Nobody does what they did by being that nice guy everybody wants to have a beer with.

The hateful crimes they exposed are the true stars, here. If you focus on the messenger, you miss the message. That's what the governments, corporations and their global propaganda machine (a.k.a. mass media) badly, badly, badly want you to do. Quite successfully.

The destruction of trust

[Arrogant-Bastard]

The worst part of the damage done by this isn't technical. It's human.

The reporting on this latest disclosure reveals that the NSA has systematically inserted itself into the standard-crafting process, in order to deliberately weaken those standards. It also reveals that the NSA has bypassed the management of communications providers and recruited technical staff directly. In both cases it's reasonable to assume that the people involved have been through a security clearance process and are thus barred for life from disclosing what they know.

I must now ask myself how many people I've worked with weren't doing so in good faith. When they argued that such-and-such a fine point of a network protocol standard didn't need improvement or that it should be changed in a certain way, were they doing so because it was their principled engineering opinion, or because it served some other purpose? Or when they were recommending that one of the many operations I've run move its colocation point or change its router hardware, was that good customer service, or was it to facilitate easier traffic capture?

Will anyone be asking themselves the same questions about me? (They probably should.)

The Internet was built on, and runs on, trust. Every postmaster, every network engineer, every webmaster, every system admin, every hostmaster, everyone crafting standards, everyone writing code, trusts that everyone else -- no matter how vehemently they disagree on a technical point -- is acting in good faith. The NSA, in its enormous arrogance, has single-handedly destroyed much of that trust overnight.

Re:Thanks Mr Schneier

[FriendlyLurker]

I dispute that these vigilantes should decide what should be "declassified" or what isn't.... I just strongly object to the methods being used by the anti-secrecy crowd, and I don't trust their motivations at all.

That is a fair enough opinion and nobody can argue with it, it is good to have a healthy dose of skepticism about any information that is presented to us via any channel. However what is more difficult to dispute is when a leaked document reveals heinous war crimes - should focusing on the messenger still be more important than a message of that significance? Also remember that Washington leaks information all the time (for example the Bin Laden operation) - why are leaks that expose crimes be worse than leaks that make the president look good? To most people that just reeks of hypocrisy.

The usual reply to this logic is "what war crimes, there were no war crimes exposed - but look over there - Assange is a narcicist and Manning is a traitor!!". However even a basic search and read of the documents they destroyed their lives to bring to us show that this claim is absolutely false:

Revelations from the Afghanistan and Iraq war logs detailed the use of paramilitary death squads, complicity in the torture of Iraqi citizens, the indiscriminate killing of civilians by private military contractors and many other abuses. Meanwhile, the leaked State Department cables brought to light scores of secret drone strikes in countries we are not even at war with, and uncovered the collusion between the U.S. and Yemini governments to lie about American responsibility for the massacre of 41 people in the Al-Majalah region. They also revealed U.S. interference with judicial efforts in Spain to investigate the Bush administration's torture practices. In Tunisia, leaks exposing the opulence and corruption of Ben Ali's government were a catalyst for the revolution that brought down the repressive regime and ignited other pro-democracy movements throughout the Arab world. The list could go on but the point is simple: it would have been a disservice to democracy to withhold this important information.

Warrant canary.

[caitriona81]

A more robust version of rsync.net's "warrant canary" (http://www.rsync.net/resources/notices/canary.txt) might help, if it were to become more commonplace, people would start to assume any provider not providing one to already be under gag order.

IANAL, but the legal theory is that while a gag order can make it illegal to speak out, it can't force someone to make falsified or fraudulent statements - any entity that has not already received a secret order is free to testify to that fact, and simply stop making that assertion at such time that they are compromised.

If this were made more robust, for example, key employees being videotaped undergoing a polygraph regularly where they are asked questions about the integrity of their service, it might just work. (I realize a polygraph isn't secure. For this purpose, however, it doesn't matter, because it provides a means to deliberately fail a test while having deniability of your intent to do so.

I'm sure similar creative ideas could be used :)