Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Network Is Hostile

Posted by Soulskill on from the in-defense-of-tinfoil-hats dept.

An anonymous reader writes: Following this weekend's news that AT&T was as friendly with the NSA as we've suspected all along, cryptographer Matthew Green takes a step back to look at the broad lessons we've learned from the NSA leaks. He puts it simply: the network is hostile — and we really understand that now. "My take from the NSA revelations is that even though this point was 'obvious' and well-known, we've always felt it more intellectually than in our hearts. Even knowing the worst was possible, we still chose to believe that direct peering connections and leased lines from reputable providers like AT&T would make us safe. If nothing else, the NSA leaks have convincingly refuted this assumption." Green also points out that the limitations on law enforcement's data collection are technical in nature — their appetite for surveillance would be even larger if they had the means to manage it. "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

30 of 124 comments (clear)

  1. Hostile governments... by Todd+Knarr · · Score: 5, Informative

    "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

    And some of those will be the governments of Western democracies. That's the truly maddening part.

    1. Re:Hostile governments... by Anonymous Coward · · Score: 2, Insightful

      "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

      And some of those will be the governments of Western democracies. That's the truly maddening part.

      Look at how much power we've ceded to those governments - "free" health care for just one example (geez, and you're worried about the privacy implications of the NSA tracking just your phone calls?!?!?! Yet you'd willingly put all your private medical data in the hands of that same government. WTF?!?!?!)

      Why do the same people who want the government to get more power and the resources to back that power (usually via something like "pay your fair share") act surprised when that power gets abused?

    2. Re:Hostile governments... by Anonymous Coward · · Score: 2, Informative

      because one of the worst of offenders is also one of the weakest, gridlocked western 'democratic' governments, and not the more powerful socialistic governments?

    3. Re:Hostile governments... by blueg3 · · Score: 3, Insightful

      Yes. That is made clear. Almost all of the article is about the NSA's capabilities. Then, at the end, some text, including the quoted part, about how this is important even if you don't mind the actions of the NSA.

      "Even if you're not inclined to view the NSA as an adversary ... America is hardly the only intelligence agency capable of subverting the global communications network. ... While it's cheap to hold China out as some sort of boogeyman, it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

    4. Re:Hostile governments... by ColdWetDog · · Score: 3, Insightful

      What is even more maddening is that the governments of Western democracies are, in fact, The People.

      Look honey, an optimist! How adorable.

      --
      Faster! Faster! Faster would be better!
    5. Re:Hostile governments... by CreatureComfort · · Score: 2

      I could be on board with adding to this, Heinlein's suggestion in the original (book) version of Starship Troopers. To be eligible to vote or serve in an elected government position means you have to have volunteered to serve in a non-elected position. And when you volunteer, you have no way of knowing where you might be assigned. You could be assigned as cannon fodder, if that's what is needed, or as an administrative aide to an elected official, or as a bus boy in a prison cafeteria. If you want a shot at a higher level, you can go to college to become a civil engineer, a doctor, even a lawyer, which will give you a better chance at any of those positions if the need is there, but you're still not guaranteed to not end up cleaning latrines on a submarine. Whatever your service, afterwards, you get the right to determine the course of society and laws.

      --
      "Unheard of means only it's undreamed of yet,
      Impossible means not yet done." ~~ Julia Ecklar
    6. Re:Hostile governments... by Anonymous Coward · · Score: 4, Insightful

      "free" health care for just one example

      Yes. And "free" fire prevention, and "free" roads, and a "free" military, and "free" education.

      Gosh, we'd all be SO much better without this "free" stuff.

      Healthcare for everyone: YOU may want your fellow citizens to have access to healthcare based upon individual levels of wealth, but me, I'd just as soon the person walking down the street (a) doesn't have their effectiveness at their job reduced by disease or injury any more than is absolutely necessary, (b) is as little likely as possible to be passing along some communicable disease, (c) is available for work as much as possible. Because that's best for everyone. Including your selfish person. So I want them to have access to healthcare based upon the single issue of need.

      The current welfare system for the insurance companies isn't optimum by any means. But it's a damn sight better than what we had before.

    7. Re:Hostile governments... by phantomfive · · Score: 3, Insightful

      Let's be honest, most Americans still favor the NSA surveillance programs. They tend to say things like, "what does it hurt?" or, "if it catches a terrorist, it's worth it." So it's not like the government is going against the will of the people, here.

      --
      "First they came for the slanderers and i said nothing."
    8. Re:Hostile governments... by Anonymous Coward · · Score: 2, Interesting

      "weakest, gridlocked western 'democratic' governments"

      The failure of western democracy is not fault of the democratic system but of the west preventing democracy to grow and evolve
      western political systems have became static because the wealthy class fear change, they fear that with increased freedom they will lose the privileges they think they are entitled to (self preservation)
      Democratic governments were a great step forward, but we should not have stopped there 8 or more hours a day most people do not live in a democracy, instead we expend 1 third of the time in a oligarchy
      We have the means now to allow the citizens to participate and decide almost instantaneously in a direct democracy for the first time in history and yet this is prevented, manipulated and in some cases forbidden by the governments that we allegedly democratically elect

  2. Someday? by argStyopa · · Score: 5, Insightful

    "..someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies.."

    You mean, like the US government? /That was way too easy.

    I'm not one of the many self-loathing Americans, but it's pretty irrefutable that the US government is "at least to some extent" hostile to the core Western, humanist values that are even laid out in its own Constitution.

    --
    -Styopa
    1. Re:Someday? by bigpat · · Score: 2

      The US is not a full democracy, it's a republic.

      The day the US have a proportional election system and frequent referendums is the day they have achieved democracy.

      And people usually forget that the mission statement of the United States is: Life Liberty and the Pursuit of Happiness. Democracy, Republic are merely a means in pursuit of those goals. People truly believe that a representative form of government is superior to a dictatorial form of government because the represented self interest of the many will outweigh the interests of the few. Also, if you haven't noticed, dictatorships (even the well established monarchies) usually lead to violent transitions of government and often civil war. The UK is a notable exception with relatively long periods of stability, but the monarchy has pretty much outsourced government under their model of being above the day to day nitty gritty details of running their kingdom and transitions of government are dealt with democratically.

    2. Re:Someday? by phantomfive · · Score: 2

      The idea of freedom of speech is as, and perhaps is even more controversial today as it was when it was added to the Constitution.

      Weird, isn't it? We've seen so many examples since then of why freedom of speech is important, and yet people still think it's a good idea to suppress others who say things they don't like. "If there be time to expose through discussion the falsehood and fallacies, to avert the evil by the processes of education, the remedy to be applied is more speech, not enforced silence."

      --
      "First they came for the slanderers and i said nothing."
  3. AT&T is not reputable by Anonymous Coward · · Score: 3, Funny

    Since when is AT&T a reputable provider?

    AT&T is only reputable if you include negative reputation.

    1. Re:AT&T is not reputable by 0xdeaddead · · Score: 3, Interesting

      Having worked with many telcos world wide, they all suck. The only thing I found 'good' about ATT was that they could organize dedicated circuits around the world if you wanted to bypass the internet. And I thought we were getting a nice deal, but now I see we were being steered into a special collection bucket that we have the privilege for paying for.

  4. Enough with the "democracy=freedom" tripe by MikeRT · · Score: 4, Insightful

    "...it's significant that someday a large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

    Some of the very worst offenders on surveillance are "democracies." It's time for us to stop living cliche to cliche and start realizing that things like personal freedom are correlated with, not caused by, particular structural forms of government. Ask a Jew in 1940 if they missed the Kaiser, who was a strong monarch, not a figurehead. Ask the average Russian pleb under Stalin if they'd not have given a small body part to be back under the Tsar.

    Some of the worst governments in the modern age were ones built on being "for the people." Let's start judging governments based on what they do, not their structure.

    1. Re:Enough with the "democracy=freedom" tripe by Daetrin · · Score: 4, Interesting

      Some of the worst governments in the modern age were ones built on being "for the people." Let's start judging governments based on what they do, not their structure.

      "Democracy is the worst form of government, except all those others that have been tried from time to time."

      You're cherry-picking two cases of worst-case scenarios, one of which wasn't even really a democracy. (Stalin was appointed to power long before there were any "democratic" elections.) There have been plenty of monarchies that have done things just as bad.

      That said, democracy is "least bad" when:

      1: Everyone can vote
      2: Everyone is educated
      3: Most people _do_ vote
      4: People feel like their vote actually matters
      5: The government is responsive to the will of the voters

      The sum combination of all those is that it is impossible to have a (successful) revolution (other than in the sense of voting out the current party) because in order to have enough people to violently overthrow the government, you'd already have enough people to vote someone else in.

      Unfortunately many modern democracies screw up one or more of those. The US is screwing up almost all of them:

      1: There continue to be many attempts to disenfranchise voters in many states through various means. Statistically the number of attempts at voter fraud are non-existent compared to the number of people whose legal votes are denied, but it makes better show to pretend otherwise.

      2: The US tends to fail on both the systemic and systematic levels. As a society we're not providing enough support for the education system, and when it comes to elections allow ourselves to fall prey to the spectacle of network news soundbites and commercial advertising too easily, rather than really educating ourselves about the people and issues involved.

      3: The US passes this one. Barely. On years with presidential elections. But barely passing on a technicality but only some of the time is rather damning with faint praise.

      4 & 5: These two are rather tied up together, and contribute greatly to the issues with #3. A first past the goalposts election system almost inevitable leads to a two party system, in which the voters grudgingly and unenthusiastically vote for the (perceived) lesser of two evils and in which the winner feels only a vague sense of responsibility to those who elected them. (If you piss off your constituents what are they going to do? Vote for the greater evil instead of the lesser one? Not likely!)

      --
      This Space Intentionally Left Blank
    2. Re:Enough with the "democracy=freedom" tripe by liquid_schwartz · · Score: 4, Informative
      The US has officially been proven to be an oligarchy as described here:

      http://www.bbc.com/news/blogs-echochambers-27074746

      The actual paper if here:

      http://scholar.princeton.edu/sites/default/files/mgilens/files/gilens_and_page_2014_-testing_theories_of_american_politics.doc.pdf

  5. need moar encryption by Anonymous Coward · · Score: 3, Insightful

    Keep everybody safe. Encrypt everything!

    1. Re:need moar encryption by jobsagoodun · · Score: 2

      jung ur fnvq!

    2. Re:need moar encryption by Anonymous Coward · · Score: 2, Interesting

      Using the encryption and ciphers that the NSA helped build in the first place? You must have forgot the tags.

      Lets recap....
      The application level is compromised (windows, apple, 'nix)
      the transport layer is compromised (ssl, bad ciphers, bad random number generators)
      the data link layer is compromised (the physical network has been built to specifically allow the tracking they are doing)
      The physical components are compromised (nsa intercepts cisco devices and even end user computers to pre-install malware)

      So what, exactly, is more encryption going to do for us when they very people we're trying to keep out helped build the encryption systems we intend to use?

      What's maddening to me is that anyone is at all surprised about this.

      Lets play the phone game, I tell you a secret, you pass it along the network until it gets to the end user I intended it for. But don't you dare REMEMBER the secret, or tell anyone not on the list. That's the expectation we have. Our traffic travels through their network.

      Until we can be 100% sure the NSA has not backdoor-ed everything at our disposal, we must assume it's compromised. They can hack you over an air gap (Israeli tech), they can intercept your equipment mid shipment and tamper with it. They can install malware payloads to the service partition of your drive which is almost impossible to remove or even really detect(official fix is to replace the drive). They can infect your bios with persistent software (lenovo). Even the chips being used to build these devices are subject to tampering. Not many people pull off chips and actually dissect them.

      On it's face this seems like a bunch of holes that aren't related. Read through the NSA catalog of hack tools and exploits and it all fits together nicely into one all encompassing privacy eroding hack-o-sphere. I'm not sure it's even possible to pull it back from this without a complete reboot of the entire infrastructure, which will never happen.

      And even if it does, how can we be sure the NSA isn't in there coding the new stuff just like the last time?

    3. Re:need moar encryption by meta-monkey · · Score: 2

      Mod parent up +10,000.

      I'm not saying "don't encrypt." Don't make it easy for them. And make them have to tip their hand that you're compromised if they act on it.

      But you will never find a technical solution to this problem. Mathematically, an unhackable computer is impossible, because no machine can calculate all of its valid operating states. To do so would be to solve the halting problem, which has been proven to be impossible. Practically, well, see the parent post. There are so many attack vectors. And for so many of them, you have little chance of defending yourself, and it would be monstrously expensive for you to do so. But the adversary has the will, the motivation, the means, and the resources to conduct these attacks.

      The only solution is political. Doing these things must be made illegal, and there need to be safeguards in place to monitor the government to prevent them from doing these things, and criminal penalties for those caught engaging in these activities.

      But relying on technical solution is ignorance at best and hubris at worst.

      --
      We don't have a state-run media we have a media-run state.
    4. Re:need moar encryption by ameline · · Score: 2

      Even the *cables* and patch cords can have bugs hidden in the connectors. Trust *nothing*. Encrypt everything -- I think outside sram caches on the CPU there should be no unencrypted data at all -- even dram contents should be encrypted.

      Of course Key generation and distribution will be the soft underbelly for NSA, CSEC, GCHQ et al to feast on.

      But as you point out, give yourself the "reasonable expectation of privacy" that encrypting everything will allow you to claim in court. Force them to tip their hand with actions. Make "parallel" construction so hard it looks laughably obvious. Make un-targeted surveillance prohibitively expensive. Make targeted spying hard enough and costly enough that they'll only use it against real adversaries and not their own citizens and dissidents / political opposition.

      It seems to be the only answer and the only way we'll hold on to the freedoms that so many of our grandparents fought, bled, and died for.

      --
      Ian Ameline
  6. Of course it is by i.r.id10t · · Score: 4, Interesting

    If you are truly paranoid about security - or these days, at least overly aware of security issues - any network where you are not 100% in control of everything from source to destination and all spots in between should be considered as possibly hostile.

    That said, how many people/groups/organizations/businesses really care about this?

    --
    Don't blame me, I voted for Kodos
  7. The network itself isn't hostile. by Z00L00K · · Score: 3, Interesting

    The network itself isn't hostile, but the overlords controlling the net may be. But even worse are the darker corners of the web where your personal information is for sale in bulk for a dollar or less per person - including CC numbers.

    Of course we need to keep an eye on the watchers on the net, but we should at the same time not exclude them completely but instead feed them with information that keeps them busy and hopefully have them make the net less risky for ordinary people. Feed them info about IS recruiters, CC fraudsters and Nigerian Scammers and they will at least put less effort on other tasks.

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
  8. Re:We by drinkypoo · · Score: 2

    Did anyone here think peering agreements and AT&T would keep them safe?

    The only thing I am sure about regarding AT&T is that they will try to screw you at every opportunity.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  9. Not cherry-picking by MikeRT · · Score: 4, Interesting

    You're cherry-picking two cases of worst-case scenarios, one of which wasn't even really a democracy.

    The Soviet vs. Imperial Russia example was to show that the general argument applies across all forms of government.

    1: There continue to be many attempts to disenfranchise voters in many states through various means. Statistically the number of attempts at voter fraud are non-existent compared to the number of people whose legal votes are denied, but it makes better show to pretend otherwise.

    Most of those efforts are simply symptoms of our use of districts. A simple shift to a proportional representation system chosen across the entire polity would eliminate the most pernicious form which is gerrymandering.

    In actuality, most of what is called efforts to disenfranchise are actually efforts to add integrity to the system such as voter ID laws. The idea that you should be allowed to wield any political power without being positively identified as a citizen eligible to wield it is utterly insane, but par for the course for certain types of ideologues (don't know if that applies to you personally)

    2: The US tends to fail on both the systemic and systematic levels. As a society we're not providing enough support for the education system, and when it comes to elections allow ourselves to fall prey to the spectacle of network news soundbites and commercial advertising too easily, rather than really educating ourselves about the people and issues involved.

    Funding is certainly not where we're failing. Many of the worst districts are funded with the same devil-may-care attitude toward how much we're spending that is used on the military at the national level. The problem is that our educational system is structurally flawed in ways that are politically impossible to fix. It's a problem of culture and political will to address the culture.

    4 & 5: These two are rather tied up together, and contribute greatly to the issues with #3. A first past the goalposts election system almost inevitable leads to a two party system, in which the voters grudgingly and unenthusiastically vote for the (perceived) lesser of two evils and in which the winner feels only a vague sense of responsibility to those who elected them. (If you piss off your constituents what are they going to do? Vote for the greater evil instead of the lesser one? Not likely!)

    It also doesn't help the situation that politicians know that the majority of voters are low-information voters. Point #1 greatly exacerbates that. The easiest way for politicians to destroy the influence of the more informed voters is to drown them in a sea of low-information voters who are the sort of people that are congenitally more interested in their own immediate creature needs than the public weal.

    Like it or not, most low information voters are not that way because there's an informed citizen waiting for an excuse to burst forth from them. They are simple people who have simple needs and expectations. A lot of them are even smart people. Some of the dumbest arguments I've had on politics were with badly informed people with high IQs.

    Expanding to a more democratic system provides a great deal of cover for the political class because democracy feels like we have power, feels like "we chose this." If we had a monarchy like Imperial Germany, the King would have feared a violent revolution over some of the scandals that have come out in the last 20 years because the public couldn't just say "we'll vote the King out." Consequently, I think a less democratic system would have likely chosen a more moderate and accountable course of action because the lack of an illusion of control would have channeled the public outrage directly at them.

  10. Just to set TFA straight by some+old+guy · · Score: 5, Insightful

    "...it's significant that today a large portion of the world's traffic flows through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies."

    We call that hostile government the United States of America.

    --
    Scruting the inscrutable for over 50 years.
  11. Re:Be hostile back ... by ameline · · Score: 2

    I think the grandparent post is completely wrong. We need to fight this on 2 fronts: Technically with encryption *everywhere* (even dram contents -- a DMA controller / IO processor should *never* see plaintext), and politically -- advocating against the surveillance state, voting for politicians who reign it in where ever possible.

    (In Canada, in my opinion, this means your obvious choice in the next election is the NDP. They took Alberta, they can take Ottawa.)

    Breaking the "rules" as the grandparent post advocates will be *very* counter productive, and will only invite *more* abuses, not less.

    --
    Ian Ameline
  12. The Network? by ThatsNotPudding · · Score: 2

    "More like the NOTwork!" [posts-up for a high-five that will never come]

  13. about those core values... by NostalgiaForInfinity · · Score: 2

    large portion of the world's traffic will flow through networks controlled by governments that are, at least to some extent, hostile to the core values of Western democracies

    I think what you need to understand is that some of the "core values of Western democracies" are unintentionally totalitarian and fascist in nature. People vote for politicians and policies that they think are good (save lives, help the poor, protect children, bring about world peace, increase equality, decrease racism, ...) but don't understand the ramifications of their choices, and usually those choices involve using government force and violations of individual liberties and civils rights against someone. After enough such votes, eventually, everybody is subject to such force and society has effectively turned totalitarian. The problem is worsened by the fact that the fraction of the population imposing their will often isn't even a majority; the "majority" of many votes in the us is less than 1/4 of the population, and under European parliamentary systems, it is often even smaller. One proposed answer to this is to leave government mostly to experts (Plato's "philosopher-king" and a hallmark of today's progressivism), but that doesn't work either, because those experts end up fallible and corrupt themselves.

    This isn't an intrinsic fault of "democracies", it's just a fault of the kind of democracies we have, Western democracies, democracies that tend towards majoritarianism and place more and more power in the hands of government. There are many other possible forms of democracy (i.e., self-governance by the people, as opposed to, say, monarchy or theocracy) besides majoritarianism.