Slashdot Mirror
The Network Is Hostile
An anonymous reader writes: Following this weekend's news that AT&T was as friendly with the NSA as we've suspected all along, cryptographer Matthew Green takes a step back to look at the broad lessons we've learned from the NSA leaks. He puts it simply: the network is hostile — and we really understand that now. "My take from the NSA revelations is that even though this point was 'obvious' and well-known, we've always felt it more intellectually than in our hearts. Even knowing the worst was possible, we still chose to believe that direct peering connections and leased lines from reputable providers like AT&T would make us safe. If nothing else, the NSA leaks have convincingly refuted this assumption." Green also points out that the limitations on law enforcement's data collection are technical in nature — their appetite for surveillance would be even larger if they had the means to manage it. "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."
Having worked with many telcos world wide, they all suck. The only thing I found 'good' about ATT was that they could organize dedicated circuits around the world if you wanted to bypass the internet. And I thought we were getting a nice deal, but now I see we were being steered into a special collection bucket that we have the privilege for paying for.
If you are truly paranoid about security - or these days, at least overly aware of security issues - any network where you are not 100% in control of everything from source to destination and all spots in between should be considered as possibly hostile.
That said, how many people/groups/organizations/businesses really care about this?
Don't blame me, I voted for Kodos
The network itself isn't hostile, but the overlords controlling the net may be. But even worse are the darker corners of the web where your personal information is for sale in bulk for a dollar or less per person - including CC numbers.
Of course we need to keep an eye on the watchers on the net, but we should at the same time not exclude them completely but instead feed them with information that keeps them busy and hopefully have them make the net less risky for ordinary people. Feed them info about IS recruiters, CC fraudsters and Nigerian Scammers and they will at least put less effort on other tasks.
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Using the encryption and ciphers that the NSA helped build in the first place? You must have forgot the tags.
Lets recap....
The application level is compromised (windows, apple, 'nix)
the transport layer is compromised (ssl, bad ciphers, bad random number generators)
the data link layer is compromised (the physical network has been built to specifically allow the tracking they are doing)
The physical components are compromised (nsa intercepts cisco devices and even end user computers to pre-install malware)
So what, exactly, is more encryption going to do for us when they very people we're trying to keep out helped build the encryption systems we intend to use?
What's maddening to me is that anyone is at all surprised about this.
Lets play the phone game, I tell you a secret, you pass it along the network until it gets to the end user I intended it for. But don't you dare REMEMBER the secret, or tell anyone not on the list. That's the expectation we have. Our traffic travels through their network.
Until we can be 100% sure the NSA has not backdoor-ed everything at our disposal, we must assume it's compromised. They can hack you over an air gap (Israeli tech), they can intercept your equipment mid shipment and tamper with it. They can install malware payloads to the service partition of your drive which is almost impossible to remove or even really detect(official fix is to replace the drive). They can infect your bios with persistent software (lenovo). Even the chips being used to build these devices are subject to tampering. Not many people pull off chips and actually dissect them.
On it's face this seems like a bunch of holes that aren't related. Read through the NSA catalog of hack tools and exploits and it all fits together nicely into one all encompassing privacy eroding hack-o-sphere. I'm not sure it's even possible to pull it back from this without a complete reboot of the entire infrastructure, which will never happen.
And even if it does, how can we be sure the NSA isn't in there coding the new stuff just like the last time?
Some of the worst governments in the modern age were ones built on being "for the people." Let's start judging governments based on what they do, not their structure.
"Democracy is the worst form of government, except all those others that have been tried from time to time."
You're cherry-picking two cases of worst-case scenarios, one of which wasn't even really a democracy. (Stalin was appointed to power long before there were any "democratic" elections.) There have been plenty of monarchies that have done things just as bad.
That said, democracy is "least bad" when:
1: Everyone can vote
2: Everyone is educated
3: Most people _do_ vote
4: People feel like their vote actually matters
5: The government is responsive to the will of the voters
The sum combination of all those is that it is impossible to have a (successful) revolution (other than in the sense of voting out the current party) because in order to have enough people to violently overthrow the government, you'd already have enough people to vote someone else in.
Unfortunately many modern democracies screw up one or more of those. The US is screwing up almost all of them:
1: There continue to be many attempts to disenfranchise voters in many states through various means. Statistically the number of attempts at voter fraud are non-existent compared to the number of people whose legal votes are denied, but it makes better show to pretend otherwise.
2: The US tends to fail on both the systemic and systematic levels. As a society we're not providing enough support for the education system, and when it comes to elections allow ourselves to fall prey to the spectacle of network news soundbites and commercial advertising too easily, rather than really educating ourselves about the people and issues involved.
3: The US passes this one. Barely. On years with presidential elections. But barely passing on a technicality but only some of the time is rather damning with faint praise.
4 & 5: These two are rather tied up together, and contribute greatly to the issues with #3. A first past the goalposts election system almost inevitable leads to a two party system, in which the voters grudgingly and unenthusiastically vote for the (perceived) lesser of two evils and in which the winner feels only a vague sense of responsibility to those who elected them. (If you piss off your constituents what are they going to do? Vote for the greater evil instead of the lesser one? Not likely!)
This Space Intentionally Left Blank
The Soviet vs. Imperial Russia example was to show that the general argument applies across all forms of government.
Most of those efforts are simply symptoms of our use of districts. A simple shift to a proportional representation system chosen across the entire polity would eliminate the most pernicious form which is gerrymandering.
In actuality, most of what is called efforts to disenfranchise are actually efforts to add integrity to the system such as voter ID laws. The idea that you should be allowed to wield any political power without being positively identified as a citizen eligible to wield it is utterly insane, but par for the course for certain types of ideologues (don't know if that applies to you personally)
Funding is certainly not where we're failing. Many of the worst districts are funded with the same devil-may-care attitude toward how much we're spending that is used on the military at the national level. The problem is that our educational system is structurally flawed in ways that are politically impossible to fix. It's a problem of culture and political will to address the culture.
It also doesn't help the situation that politicians know that the majority of voters are low-information voters. Point #1 greatly exacerbates that. The easiest way for politicians to destroy the influence of the more informed voters is to drown them in a sea of low-information voters who are the sort of people that are congenitally more interested in their own immediate creature needs than the public weal.
Like it or not, most low information voters are not that way because there's an informed citizen waiting for an excuse to burst forth from them. They are simple people who have simple needs and expectations. A lot of them are even smart people. Some of the dumbest arguments I've had on politics were with badly informed people with high IQs.
Expanding to a more democratic system provides a great deal of cover for the political class because democracy feels like we have power, feels like "we chose this." If we had a monarchy like Imperial Germany, the King would have feared a violent revolution over some of the scandals that have come out in the last 20 years because the public couldn't just say "we'll vote the King out." Consequently, I think a less democratic system would have likely chosen a more moderate and accountable course of action because the lack of an illusion of control would have channeled the public outrage directly at them.
"weakest, gridlocked western 'democratic' governments"
The failure of western democracy is not fault of the democratic system but of the west preventing democracy to grow and evolve
western political systems have became static because the wealthy class fear change, they fear that with increased freedom they will lose the privileges they think they are entitled to (self preservation)
Democratic governments were a great step forward, but we should not have stopped there 8 or more hours a day most people do not live in a democracy, instead we expend 1 third of the time in a oligarchy
We have the means now to allow the citizens to participate and decide almost instantaneously in a direct democracy for the first time in history and yet this is prevented, manipulated and in some cases forbidden by the governments that we allegedly democratically elect