Of Trust, The NSA, And Poisoning The Banquet
from the nobody-but-us dept
Two of the sharpest commentators on the implications of Snowden’s leaks are the security expert Bruce Schneier, and the science fiction writer Charlie Stross. By an intriguing coincidence, both have recently written highly-readable columns that not only discuss the same issue — the damage the NSA has wrought on the Internet — but even employ the same key metaphor. In his “Internet Subversion,” Schneier writes:
What we trusted was that the technologies would stand or fall on their own merits.
We now know that trust was misplaced. Through cooperation, bribery, threats, and compulsion, the NSA — and the United Kingdom’s GCHQ — forced companies to weaken the security of their products and services, then lie about it to their customers.
His metaphor for what this has produced is striking:
This mistrust is poison.
He points out the terrible consequences of that weakened security:
There is a term in the NSA: “nobus,” short for “nobody but us.” The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. But that is hubris. There is no way to determine if or when someone else will discover a vulnerability. These subverted systems become part of our infrastructure; the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret.
In his own piece, “The Snowden leaks; a meta-narrative,” Stross picks up on that theme, and emphasizes one particularly important implication:
At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden’s) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden — who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent — to rampage through their internal information systems.
Stross then turns to the same metaphor that Schneier employed:
The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself.
These two posts on the same topic are part of a growing awareness that the harm caused by spy agencies subverting key elements of the Internet is not only a much more serious problem than many people realize, but a long-term one that will be very hard to fix. It looks like we’ll be forced to swallow the NSA’s poison for a while yet.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: bruce schneier, charlie stross, infrastructure, nsa, poison, surveillance, trust
Comments on “Of Trust, The NSA, And Poisoning The Banquet”
Once again, I must quote Isaac Asimov
(as I’ve done many times before on the this same subject) He wrote about a very similar issue over 60 years ago:
“It’s a poor atom blaster that won’t point both ways.”
Thing is
They don’t see it as their banquet. The only “us” is them.
Hey, with everyone being so critical of the NSA these days we should keep in mind that they are the one government agency that truly listens the the American public.
Life Mimics Fantasy
Edward Snowden may be no Clark Kent, but the emphasis on him being one guy is really ticklish the more I think about it. Only video game protagonists are able to topple empires single-handedly like that.
“I think you all know why I’ve called this meeting. It’s no secret that an intruder has been embarrassing all of you in an effort to fight me, and what really blows my mind is that I used the singular, didn’t I? I didn’t say an army of enemies had breached our defenses and was rushing toward my fortress. No! I didn’t say that, did I? I said AN intruder! An! One! One guy!”
http://www.youtube.com/watch?v=uc9d3zEt97g
Re: Life Mimics Fantasy
That video was hilarious!
Re: Life Mimics Fantasy
Well of course, when you become an evil empire you gain their vulnerabilities too.
Banquet
Back in the day, we used to call this “eating your own dog food.” Now, we’re all eating NSA’s dog food. Yech!
Re: Banquet
The worst part of this is that what we’re eating now was previously eaten by the NSA.
One thing I’ve learned from the Snowden revelations. If governments recommend certain random number generators, ciphers, or software. Make sure you’re using something else.
I think you give the NSA too much credit. I was in even before the NSFNET, so I’ve seen the evolution of “the Internet” and its bodies (and even been on them). The base Internet protocols were developed at a time when a 1 MHz processor with 4 MB of memory was king of the hill and the overhead of encrypting communications on what was a public research network of like-minded computer scientists was unthinkable. You should have seen the reaction of folks on the ‘net when the unwashed masses got access to what had been a private, non-profit research network via things like The Well and AOL. Even the idea that private companies would get onto the Internet was fought.
The uses of the Internet have evolved, but the core idea and philosophies developed from a bunch of folks who had no idea that their protocols would form the basis of so much commerce and would be a target for criminals. More’s the shame that folks haven’t adapted to reality, but that’s the problem with a system that’s successful and has to support legacy systems. We’ve been putting bandaids on things that worked well enough in the past rather than redoing the architecture in a more robust manner. Look at the adoption of IPV6 and how that’s still a clusterfark despite a real need for change.
Re: Re:
As soon as AOL and Prodigy made their debuts, I think most of us who had been on the ‘Net prior to the WWW knew the general shape of things to come.
Like most innovations, it seems, that start with government research, while the scientists most often (?) look to and innovate for the -good- of mankind, their extraordinary accomplishments are then farmed out too frequently to other depts or contractors for development into weapons of some sort.
There are probably many scientists who have thought of J. Robert Oppenheimer’s (mis)quotation upon seeing the destructive force he helped to unleash: ?I am become death, the destroyer of worlds.?
Not all reimagined innovations are as obviously deadly as the atomic bomb, but I’d imagine similar thoughts go thru other scientists’ minds upon seeing the evolution of their own accomplishments.
At this point and age, I’m finding I really kinda miss the old BBS I ran for years.
They are correct
Scheiner is correct when nobus is nothing but hubris because sooner or later someone will discover and use the National Stupidity Agency’s exploits against the US.
They gots the poison, I gots the remedy, the remedy.
I can see all this coming to a head when the government enacts TPP. Every major corporation will want an arbitration board setup over the cost that has been created from this weakening of the internet that has allowed the cyber-criminal to raid their coffers with impunity. You know they will be wanting a refund for all the repairs and time spent because of the lack of security to satisfy the NSA.
But of course, the USTR and the government itself doesn’t think that way. After all, it’s not their money.
If I could re-write just one line
Because, the problem is the NSA got to order $10Bn of takeout every year and not wash dishes or eat leftovers.
Guess they didn’t expect Snowden to slip some of that tasty Fort Meade dog food into their lasagna. Yum-yum !
Organized Crime loves a pussy president.
“It looks like we’ll be forced to swallow the NSA’s poison for a while yet.”
Actually, according to the nature of such organizations, we will have to swallow their poison until they are forced to disband completely. They will never willingly stop using the tools they have discovered that make spying as easy as pie.
Even legislation that prohibits this type of activity will merely force the security industry to go underground and become more secretive, or shop out the process to other agencies that normally do not work that side of the street and will thus be unsuspected of doing so – for a time.
Considering how useless the Obama administration has proven itself to be in this matter (like so many others), it appears there is no-one in a position to control – let alone disband – this runaway security train.
I doubt also that even a candidate who successfully runs for POTUS, would, once in office, react any differently than Obama has. Its hard to fight against someone who has access to your deepest secrets and darkest deeds.
At least one segment of the population will be happy to hear this though. Organized Crime loves a pussy president.
The true poison is not that they weakenned security , a couple of math students and a year and a little cash can write us a new encryption standard.
The true poison is … no one trusts them anymore. And while NSA gets all the bad press , the moment any working group sits down , the first thing they’re going to be told is that the entire Five Eyes (USA , Canada , England , Austrialia , New Zealand) were in on it. And probably every nation in the world does this.
And now … no one trusts anyone.
And now , your only security is making your own computers, and cell phones , in your own country , for your own use. Trusting anyone else to do it , buying anyone elses equipment , is folly . (USA NSA sold canada some “secure phones” that canada is just now finding out are all bugged and NSA is listening on everything they say)
It isn’t that no one wants NSA phones anymore.
No one wants anyone elses phones but their own.
Re: Re:
Well said. The damage done is global. A half century of international co-operation down the tubes, in one foul swoop. Certainly puts the idea of isolationism into simple perspective. Sadly, I suspect that this may have been intentional.
Isolated from the rest of the world by distrust, americans might become more amenable to the idea that all non-americans are the enemy of the USA, and thus must be spied upon relentlessly, at any cost (to US citizen’s rights).
One other aspect of this is the reverse.
Other nations, allies included, will no longer feel any guilt about spying on the USA by any means possible and will in fact see it as being absolutely necessary.
A shitty situation, and we owe it all to the NSA and a couple generations of pussy presidents for hire.