Government Secrets and the Need for Whistleblowers CRYPTO-GRAM, June 15, 2013
3 views
Skip to first unread message
Rene Abad
Jun 24, 2013, 3:43:29 AM6/24/13
to Rene Abad
hi
fyi from an i.t. security pioneer.
safe and secure browsing an oxymoron nowadays?
regards
rene77
---------- Forwarded message ----------
From: Bruce Schneier <schn...@schneier.com>
Date: Sat, Jun 15, 2013 at 2:14 PM
Subject: CRYPTO-GRAM, June 15, 2013
To: CRYPTO-G...@listserv.modwest.com
CRYPTO-GRAM
June 15, 2013
by Bruce Schneier
Chief Security Technology Officer, BT
schn...@schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1306.html>. These same essays and
news items appear in the "Schneier on Security" blog at
<http://www.schneier.com/blog>, along with a lively and intelligent
comment section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
Government Secrets and the Need for Whistleblowers
Prosecuting Snowden
Trading Privacy for Convenience
More Links on the Snowden Documents
Essays Related to NSA Spying Documents
The Politics of Security in a Democracy
News
More on Feudal Security
Surveillance and the Internet of Things
The Problems with CALEA-II
Schneier News
Sixth Annual Movie-Plot Threat Semifinalists
A Really Good Article on How Easy it Is to Crack Passwords
Bluetooth-Controlled Door Lock
Security and Human Behavior (SHB 2013)
The Cost of Terrorism in Pakistan
** *** ***** ******* *********** *************
Government Secrets and the Need for Whistleblowers
Recently, we learned that the NSA received all calling records from
Verizon customers for a three-month period starting in April. That's
everything except the voice content: who called who, where they were,
how long the call lasted -- for millions of people, both Americans and
foreigners. This "metadata" allows the government to track the
movements of everyone during that period, and a build a detailed
picture of who talks to whom. It's exactly the same data the Justice
Department collected about AP journalists.
The "Guardian" delivered this revelation after receiving a copy of a
secret memo about this -- presumably from a whistleblower. We don't
know if the other phone companies handed data to the NSA too. We don't
know if this was a one-off demand or a continuously renewed demand;
the order started a few days after the Boston bombers were captured by
police.
We don't know a lot about how the government spies on us, but we know
some things. We know the FBI has issued tens of thousands of
ultra-secret National Security Letters to collect all sorts of data on
people -- we believe on millions of people -- and has been abusing
them to spy on cloud-computer users. We know it can collect a wide
array of personal data from the Internet without a warrant. We also
know that the FBI has been intercepting cell-phone data, all but voice
content, for the past 20 years without a warrant, and can use the
microphone on some powered-off cell phones as a room bug -- presumably
only with a warrant.
We know that the NSA has many domestic-surveillance and data-mining
programs with codenames like Trailblazer, Stellar Wind, and Ragtime --
deliberately using different codenames for similar programs to stymie
oversight and conceal what's really going on. We know that the NSA is
building an enormous computer facility in Utah to store all this data,
as well as faster computer networks to process it all. We know the
U.S. Cyber Command employs 4,000 people.
We know that the DHS is also collecting a massive amount of data on
people, and that local police departments are running "fusion centers"
to collect and analyze this data, and covering up its failures. This
is all part of the militarization of the police.
Remember in 2003, when Congress defunded the decidedly creepy Total
Information Awareness program? It didn't die; it just changed names
and split into many smaller programs. We know that corporations are
doing an enormous amount of spying on behalf of the government: all
parts.
We know all of this not because the government is honest and
forthcoming, but mostly through three backchannels -- inadvertent
hints or outright admissions by government officials in hearings and
court cases, information gleaned from government documents received
under FOIA, and government whistleblowers.
There's much more we don't know, and often what we know is obsolete.
We know quite a bit about the NSA's ECHELON program from a 2000
European investigation, and about the DHS's plans for Total
Information Awareness from 2002, but much less about how these
programs have evolved. We can make inferences about the NSA's Utah
facility based on the theoretical amount of data from various sources,
the cost of computation, and the power requirements from the facility,
but those are rough guesses at best. For a lot of this, we're
completely in the dark.
And that's wrong.
The U.S. government is on a secrecy binge. It overclassifies more
information than ever. And we learn, again and again, that our
government regularly classifies things not because they need to be
secret, but because their release would be embarrassing.
Knowing how the government spies on us is important. Not only because
so much of it is illegal -- or, to be as charitable as possible, based
on novel interpretations of the law -- but because we have a right to
know. Democracy requires an informed citizenry in order to function
properly, and transparency and accountability are essential parts of
that. That means knowing what our government is doing to us, in our
name. That means knowing that the government is operating within the
constraints of the law. Otherwise, we're living in a police state.
We need whistleblowers.
Leaking information without getting caught is difficult. It's almost
impossible to maintain privacy in the Internet Age. The WikiLeaks
platform seems to have been secure -- Bradley Manning was caught not
because of a technological flaw, but because someone he trusted
betrayed him -- but the U.S. government seems to have successfully
destroyed it as a platform. None of the spin-offs have risen to become
viable yet. The "New Yorker" recently unveiled its Strongbox platform
for leaking material, which is still new but looks good. Wired
recently gave the best advice on how to leak information to the press
via phone, email, or the post office. The National Whistleblowers
Center has a page on national-security whistleblowers and their
rights.
Leaking information is also very dangerous. The Obama Administration
has embarked on a war on whistleblowers, pursuing them -- both legally
and through intimidation -- further than any previous administration
has done. Mark Klein, Thomas Drake, and William Binney have all been
persecuted for exposing technical details of our surveillance state.
Bradley Manning has been treated cruelly and inhumanly -- and possibly
tortured -- for his more-indiscriminate leaking of State Department
secrets.
The Obama Administration's actions against the Associated Press, its
persecution of Julian Assange, and its unprecedented prosecution of
Manning on charges of "aiding the enemy" demonstrate how far it's
willing to go to intimidate whistleblowers -- as well as the
journalists who talk to them.
But whistleblowing is vital, even more broadly than in government
spying. It's necessary for good government, and to protect us from
abuse of power.
We need details on the full extent of the FBI's spying capabilities.
We don't know what information it routinely collects on American
citizens, what extra information it collects on those on various watch
lists, and what legal justifications it invokes for its actions. We
don't know its plans for future data collection. We don't know what
scandals and illegal actions -- either past or present -- are
currently being covered up.
We also need information about what data the NSA gathers, either
domestically or internationally. We don't know how much it collects
surreptitiously, and how much it relies on arrangements with various
companies. We don't know how much it uses password cracking to get at
encrypted data, and how much it exploits existing system
vulnerabilities. We don't know whether it deliberately inserts
backdoors into systems it wants to monitor, either with or without the
permission of the communications-system vendors.
And we need details about the sorts of analysis the organizations
perform. We don't know what they quickly cull at the point of
collection, and what they store for later analysis -- and how long
they store it. We don't know what sort of database profiling they do,
how extensive their CCTV and surveillance-drone analysis is, how much
they perform behavioral analysis, or how extensively they trace
friends of people on their watch lists.
We don't know how big the U.S. surveillance apparatus is today, either
in terms of money and people or in terms of how many people are
monitored or how much data is collected. Modern technology makes it
possible to monitor vastly more people -- the recent NSA revelations
demonstrate that they could easily surveil *everyone* -- than could
ever be done manually.
Whistleblowing is the moral response to immoral activity by those in
power. What's important here are government programs and methods, not
data about individuals. I understand I am asking for people to engage
in illegal and dangerous behavior. Do it carefully and do it safely,
but -- and I am talking directly to you, person working on one of
these secret and probably illegal programs -- do it.
If you see something, say something. There are many people in the U.S.
that will appreciate and admire you.
For the rest of us, we can help by protesting this war on
whistleblowers. We need to force our politicians not to punish them --
to investigate the abuses and not the messengers -- and to ensure that
those unjustly persecuted can obtain redress.
Our government is putting its own self-interest ahead of the interests
of the country. That needs to change.
This essay originally appeared on the "Atlantic."
http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
or http://tinyurl.com/mgtx6nx
Verizon documents:
http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
or http://tinyurl.com/mfm9qs6
Metadata:
http://www.guardian.co.uk/world/2013/jun/06/phone-call-metadata-information-authorities
or http://tinyurl.com/n5zq58b
National Security Letters:
http://www.eff.org/issues/national-security-letters
http://epic.org/privacy/nsl/
http://www.eff.org/issues/foia/07656JDB
FBI spying:
http://www.schneier.com/blog/archives/2013/03/fbi_secretly_sp.html
http://www.schneier.com/blog/archives/2012/11/e-mail_security.html
FBI intercepting cell phone calls:
http://www.slate.com/blogs/future_tense/2013/02/15/stingray_imsi_catcher_fbi_files_unlock_history_behind_cellphone_tracking.html
or http://tinyurl.com/a8v5ch8
http://www.washingtontimes.com/news/2013/mar/29/feds-fbi-warrantless-cell-tracking-very-common/
or http://tinyurl.com/d3v5b6z
http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/
or http://tinyurl.com/d52aqkb
Turning a cell phone into a listening device:
http://news.cnet.com/2100-1029-6140191.html
Trailblazer:
http://publicintelligence.net/binney-nsa-declaration/
http://www.wired.com/threatlevel/2011/05/new-yorker-on-thomas-drake/
Stellar Wind:
http://www.activistpost.com/2012/09/stellar-wind-secret-nsa-domestic-spying.html
or http://tinyurl.com/kjk8l53
Ragtime:
http://www.washingtonian.com/blogs/dead_drop/surveillance-state/ragtime-codename-of-nsas-secret-domestic-intelligence-program-revealed-in-new-book.php#
or http://tinyurl.com/khtm7s5
http://www.slate.com/blogs/future_tense/2013/02/28/deep_state_book_uncovers_details_on_ragtime_domestic_surveillance_program.html
or http://tinyurl.com/c9h78fn
The NSA's Utah computer facility:
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
http://rt.com/news/utah-data-center-spy-789/
DHS data collection:
http://online.wsj.com/article_email/SB10001424127887324478304578171623040640006-lMyQjAxMTAyMDEwMzExNDMyWj.html
or http://tinyurl.com/bv998wp
Failures at Fusion Centers:
http://www.judicialwatch.org/blog/2012/10/dhs-covers-up-failures-of-u-s-counterterrorism-centers/
or http://tinyurl.com/acx2jtv
Total Information Awareness:
http://en.wikipedia.org/wiki/Information_Awareness_Office
Corporate spying on behalf of governments:
http://online.wsj.com/public/page/what-they-know-digital-privacy.html
or http://tinyurl.com/38trebe
http://www.schneier.com/essay-423.html
Overclassification:
http://www.nytimes.com/2011/11/07/opinion/national-security-and-americas-unnecessary-secrets.html
or http://tinyurl.com/lnvrxfb
http://www.foreignpolicy.com/articles/2010/10/15/telling_secrets
http://www.bradleymanning.org/news/the-scale-of-american-overclassification
or http://tinyurl.com/84h2wlg
http://www.brennancenter.org/publication/reducing-overclassification-through-accountability
or http://tinyurl.com/lqhn3u8
http://articles.baltimoresun.com/2011-08-18/news/bs-ed-drake-20110817_1_espionage-act-drake-case-government-workers
or http://tinyurl.com/mxk4558
http://thinkprogress.org/security/2012/05/30/491988/government-overclassification/
or http://tinyurl.com/k65d6ht
Transparency and accountability:
http://www.theatlantic.com/politics/archive/2013/05/transparency-and-accountability-dont-hurt-security-theyre-crucial-to-it/275662/
or http://tinyurl.com/l35moqr
Ruminations on our future police state:
http://web.archive.org/web/20130312013840/https://frank.geekheim.de/?page_id=128
or http://tinyurl.com/kluz58q
The Internet is a surveillance state:
http://www.schneier.com/essay-418.html
StrongBox:
http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
or http://tinyurl.com/b4mnrx8
http://www.newyorker.com/strongbox
http://source.mozillaopennews.org/en-US/articles/new-yorker-launches-strongbox/
or http://tinyurl.com/l5mms4q
http://boingboing.net/2013/05/15/new-yorker-launches-new-leak-s.html
https://github.com/deaddrop/deaddrop
Wired's advice on how to leak:
http://www.wired.com/opinion/2013/05/listen-up-future-deep-throats-this-is-how-to-leak-to-the-press-today/
or http://tinyurl.com/a9xdwyu
National Whistleblowers Center:
http://www.whistleblowers.org
http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
or http://tinyurl.com/kgpe3zx
Obama's war on whistleblowers:
http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
or http://tinyurl.com/6xlssug
http://www.thenation.com/article/173521/obamas-crackdown-whistleblowers
or http://tinyurl.com/d6dunx2
http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer
Manning's treatment:
http://www.wired.com/threatlevel/2012/03/manning-treatment-inhuman/
Action against the AP:
http://www.nytimes.com/2013/05/26/us/leaks-inquiries-show-how-wide-a-net-is-cast.html
or http://tinyurl.com/lzqv56l
"Aiding the enemy" charges against Manning:
http://www.newrepublic.com/article/112554#
Political solutions:
http://joshuafoust.com/nine-dashed-off-points-on-the-nsa-scandal/
http://www.npr.org/blogs/itsallpolitics/2012/03/30/149556051/supreme-court-limits-damage-payments-to-whistle-blowers
or http://tinyurl.com/kkh7yn8
This essay is being discussed on Reddit:
http://www.reddit.com/r/politics/comments/1g1eyz/bruce_schneier_democracy_requir%20es_an_informed/
or http://tinyurl.com/lqs5se6
** *** ***** ******* *********** *************
Prosecuting Snowden
Edward Snowden broke the law by releasing classified information. This
isn't under debate; it's something everyone with a security clearance
knows. It's written in plain English on the documents you have to sign
when you get a security clearance, and it's part of the culture. The
law is there for a good reason, and secrecy has an important role in
military defense.
But before the Justice Department prosecutes Snowden, there are some
other investigations that ought to happen.
We need to determine whether these National Security Agency programs
are themselves legal. The administration has successfully barred
anyone from bringing a lawsuit challenging these laws, on the grounds
of national secrecy. Now that we know those arguments are without
merit, it's time for those court challenges.
It's clear that some of the NSA programs exposed by Snowden violate
the Constitution and others violate existing laws. Other people have
an opposite view. The courts need to decide.
We need to determine whether classifying these programs is legal.
Keeping things secret from the people is a very dangerous practice in
a democracy, and the government is permitted to do so only under very
specific circumstances. Reading the documents leaked so far, I don't
see anything that needs to be kept secret. The argument that exposing
these documents helps the terrorists doesn't even pass the laugh test;
there's nothing here that changes anything any potential terrorist
would do or not do. But in any case, now that the documents are
public, the courts need to rule on the legality of their secrecy.
And we need to determine how we treat whistleblowers in this country.
We have whistleblower protection laws that apply in some cases,
particularly when exposing fraud, and other illegal behavior. NSA
officials have repeatedly lied about the existence, and details, of
these programs to Congress.
Only after all of these legal issues have been resolved should any
prosecution of Snowden move forward. Because only then will we know
the full extent of what he did, and how much of it is justified.
I believe that history will hail Snowden as a hero -- his
whistleblowing exposed a surveillance state and a secrecy machine run
amok. I'm less optimistic of how the present day will treat him, and
hope that the debate right now is less about the man and more about
the government he exposed.
This essay was originally published on the "New York Times" Room for Debate blog
http://www.nytimes.com/roomfordebate/2013/06/11/in-nsa-leak-case-a-whistle-blower-or-a-criminal/before-prosecuting-snowden-investigate-the-government
or http://tinyurl.com/kxrardv
It's part of a series of essays on the topic.
http://www.nytimes.com/roomfordebate/2013/06/11/in-nsa-leak-case-a-whistle-blower-or-a-criminal
or http://tinyurl.com/lkhzedp
There's a big discussion of this on Reddit.
http://www.reddit.com/r/technology/comments/1g7497/bruce_schneier_prosecuting_snowden_i_believe_that/
or http://tinyurl.com/l3yfzw6
** *** ***** ******* *********** *************
Trading Privacy for Convenience
Ray Wang makes an important point about trust and our data:
This is the paradox. The companies contending to win our trust
to manage our digital identities all seem to have complementary
(or competing) business models that breach that trust by selling
our data.
...and by turning it over to the government.
The current surveillance state is a result of a government/corporate
partnership, and our willingness to give up privacy for convenience.
If the government demanded that we all carry tracking devices 24/7, we
would rebel. Yet we all carry cell phones. If the government
demanded that we deposit copies of all of our messages to each other
with the police, we'd declare their actions unconstitutional. Yet we
all use Gmail and Facebook messaging and SMS. If the government
demanded that we give them access to all the photographs we take, and
that we identify all of the people in them and tag them with
locations, we'd refuse. Yet we do exactly that on Flickr and other
sites.
Ray Ozzie is right when he said that we got what we asked for when we
told the government we were scared and that they should do whatever
they wanted to make us feel safer. But we also got what we asked for
when we traded our privacy for convenience, trusting these
corporations to look out for our best interests.
We're living in a world of feudal security. And if you watch "Game of
Thrones," you know that feudalism benefits the powerful -- at the
expense of the peasants.
Last night, I was on "All In" with Chris Hayes. One of the things we
talked about after the show was over is how technological solutions
only work around the margins. That's not a cause for despair. Think
about technological solutions to murder. Yes, they exist -- wearing a
bullet-proof vest, for example -- but they're not really viable. The
way we protect ourselves from murder is through laws. This is how
we're also going to protect our privacy.
Ray Wang's essay:
http://blogs.hbr.org/cs/2013/06/beware_trading_privacy_for_con.html
The internet is a surveillance state:
https://www.schneier.com/essay-418.html
The government/corporate surveillance partnership:
https://www.schneier.com/essay-423.html
Ray Ozzie's remarks:
http://www.boston.com/business/innovation/blogs/inside-the-hive/2013/06/07/ray-ozzie-nsa-spying-got-what-asked-for-now-time-wake/42AqxBSvgu0X3xXGIx7WFK/blog.html
or http://tinyurl.com/l3yfzw6
Me on Chris Hayes:
http://video.msnbc.msn.com/all-in-/52186804/#52186804
http://video.msnbc.msn.com/all-in-/52186831/#52186831
** *** ***** ******* *********** *************
More Links on the Snowden Documents
http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
or http://tinyurl.com/mm3ttqt
http://www.slate.com/blogs/the_slatest/2013/06/07/prism_explained_powerpoint_slides_glenn_greenwald_profiled_and_other_reccommended.html
or http://tinyurl.com/lvpx739
The whistleblower is Edward Snowden. I consider him an American hero.
http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
or http://tinyurl.com/pkm26ps
Someone needs to write an essay parsing all of the precisely worded
denials. Apple has never heard the word "PRISM," but could have known
of the program under a different name. Google maintained that there
is no government "back door," but left open the possibility that the
data could have been just handed over. Obama said that the government
isn't "listening to your telephone calls," ignoring 1) the metadata,
2) the fact that computers could be doing all of the listening, and 3)
that text-to-speech results in phone calls being read and not listened
to. And so on and on and on.
An NSA spying timeline:
https://www.eff.org/nsa-spying/timeline
Speculation about PRISM:
http://unhandled.com/2013/06/07/a-taxonomy-of-prism-possibilities/
http://earlywarn.blogspot.com/2013/06/brainstorming-few-hypotheses-about-prism.html
or http://tinyurl.com/qgeuuby
Defenses of NSA surveillance:
http://www.forbes.com/sites/timworstall/2013/06/07/nsas-prism-sounds-like-a-darn-good-idea-to-me-this-is-what-governments-are-for/
or http://tinyurl.com/lyrqs5k
https://www.nytimes.com/2013/06/07/opinion/making-a-mountain-out-of-a-digital-molehill.html
or http://tinyurl.com/kjqb7ve
http://whohastimeforthis.blogspot.com/2013/06/sensationalizing-cyber-surveillance.html
or http://tinyurl.com/keljyyk
More essays worth reading:
http://www.theatlantic.com/national/archive/2013/06/birth-of-the-surveillance-state/276650/
or http://tinyurl.com/lfvb32d
http://www.theatlantic.com/technology/archive/2013/06/security-state-creep-the-real-nsa-scandal-is-whats-legal/276625/
or http://tinyurl.com/lnlwde4
http://www.wired.com/threatlevel/2013/06/nsa-numbers/
http://www.salon.com/2013/06/07/dont_defend_the_dragnet/
http://www.theatlantic.com/politics/archive/2013/06/the-irrationality-of-giving-up-this-much-liberty-to-fight-terror/276695/
or http://tinyurl.com/lrk2jcr
http://www.slate.com/blogs/future_tense/2013/06/09/edward_snowden_why_did_the_nsa_whistleblower_have_access_to_prism_and_other.html
or http://tinyurl.com/l4pfgb4
http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/
or http://tinyurl.com/l6qvege
http://blogs.fas.org/secrecy/2013/06/surveillance-legitimacy/
http://www.linkedin.com/today/post/article/20130610082630-2259773-president-obama-s-flawed-defense-of-surveillance-4-responses
or http://tinyurl.com/lfnbofj
NSA surveillance reimagined as children's books:
http://www.guardian.co.uk/media/gallery/2013/jun/09/nsa-kids-books-twitter-pictures#/?picture=410409133&index=0
or http://tinyurl.com/opt85ar
Claims that PRISM foiled a terrorist attack have been debunked:
http://www.buzzfeed.com/bensmith/public-documents-contradict-claim-email-spying-foiled-terror
or http://tinyurl.com/lyq7vse
A collection of headlines:
http://thelibertarianforum.com/topic/2327-the-nsa-and-the-surveilance-state-scandals/
or http://tinyurl.com/knxqj35
Interesting comments by someone who thinks Snowden is a well-intentioned fool.
http://www.schneier.com/blog/archives/2013/06/government_secr.html#c1497091
or http://tinyurl.com/ktje7kj
The *Economist* speculates on the political factors that would lead
Obama to allow this.
http://www.economist.com/blogs/democracyinamerica/2013/06/why-we-spy
or http://tinyurl.com/lcaxmvw
** *** ***** ******* *********** *************
Essays Related to NSA Spying Documents
Here's a quick list of some of my older writings that are related to
the current NSA spying documents:
The Internet Is a Surveillance State," 2013.
https://www.schneier.com/essay-418.html
The importance of government transparency and accountability, 2013.
https://www.schneier.com/essay-423.html
The dangers of a government/corporate eavesdropping partnership, 2013.
https://www.schneier.com/essay-425.html
Why Data Mining Won't Stop Terror, 2006.
https://www.schneier.com/essay-108.html
The Eternal Value of Privacy, 2006.
https://www.schneier.com/essay-114.html
The dangers of our "data shadow," 2008.
https://www.schneier.com/essay-219.html
The politics of security and fear, 2013.
https://www.schneier.com/essay-427.html
The death of ephemeral conversation, 2006.
https://www.schneier.com/essay-129.html
The dangers of NSA eavesdropping, 2008.
https://www.schneier.com/essay-100.html
** *** ***** ******* *********** *************
The Politics of Security in a Democracy
Terrorism causes fear, and we overreact to that fear. Our brains
aren't very good at probability and risk analysis. We tend to
exaggerate spectacular, strange and rare events, and downplay
ordinary, familiar and common ones. We think rare risks are more
common than they are, and we fear them more than probability indicates
we should.
Our leaders are just as prone to this overreaction as we are. But
aside from basic psychology, there are other reasons that it's smart
politics to exaggerate terrorist threats, and security threats in
general.
The first is that we respond to a strong leader. Bill Clinton famously
said: "When people feel uncertain, they'd rather have somebody that's
strong and wrong than somebody who's weak and right." He's right.
The second is that doing something -- anything -- is good politics. A
politician wants to be seen as taking charge, demanding answers,
fixing things. It just doesn't look as good to sit back and claim that
there's nothing to do. The logic is along the lines of: "Something
must be done. This is something. Therefore, we must do it."
The third is that the "fear preacher" wins, regardless of the outcome.
Imagine two politicians today. One of them preaches fear and draconian
security measures. The other is someone like me, who tells people that
terrorism is a negligible risk, that risk is part of life, and that
while some security is necessary, we should mostly just refuse to be
terrorized and get on with our lives.
Fast-forward 10 years. If I'm right and there have been no more
terrorist attacks, the fear preacher takes credit for keeping us safe.
But if a terrorist attack has occurred, my government career is over.
Even if the incidence of terrorism is as ridiculously low as it is
today, there's no benefit for a politician to take my side of that
gamble.
The fourth and final reason is money. Every new security technology,
from surveillance cameras to high-tech fusion centers to airport
full-body scanners, has a for-profit corporation lobbying for its
purchase and use. Given the three other reasons above, it's easy --
and probably profitable -- for a politician to make them happy and say
yes.
For any given politician, the implications of these four reasons are
straightforward. Overestimating the threat is better than
underestimating it. Doing something about the threat is better than
doing nothing. Doing something that is explicitly reactive is better
than being proactive. (If you're proactive and you're wrong, you've
wasted money. If you're proactive and you're right but no longer in
power, whoever is in power is going to get the credit for what you
did.) Visible is better than invisible. Creating something new is
better than fixing something old.
Those last two maxims are why it's better for a politician to fund a
terrorist fusion center than to pay for more Arabic translators for
the National Security Agency. No one's going to see the additional
appropriation in the NSA's secret budget. On the other hand, a
high-tech computerized fusion center is going to make front page news,
even if it doesn't actually do anything useful.
This leads to another phenomenon about security and government. Once a
security system is in place, it can be very hard to dislodge it.
Imagine a politician who objects to some aspect of airport security:
the liquid ban, the shoe removal, something. If he pushes to relax
security, he gets the blame if something bad happens as a result. No
one wants to roll back a police power and have the lack of that power
cause a well-publicized death, even if it's a one-in-a-billion fluke.
We're seeing this force at work in the bloated terrorist no-fly and
watch lists; agents have lots of incentive to put someone on the list,
but absolutely no incentive to take anyone off. We're also seeing this
in the Transportation Security Administration's attempt to reverse the
ban on small blades on airplanes. Twice it tried to make the change,
and twice fearful politicians prevented it from going through with it.
Lots of unneeded and ineffective security measures are perpetrated by
a government bureaucracy that is primarily concerned about the
security of its members' careers. They know the voters are more likely
to punish them more if they fail to secure against a repetition of the
last attack, and less if they fail to anticipate the next one.
What can we do? Well, the first step toward solving a problem is
recognizing that you have one. These are not iron-clad rules; they're
tendencies. If we can keep these tendencies and their causes in mind,
we're more likely to end up with sensible security measures that are
commensurate with the threat, instead of a lot of security theater and
draconian police powers that are not.
Our leaders' job is to resist these tendencies. Our job is to support
politicians who do resist.
This essay originally appeared on CNN.com.
http://www.cnn.com/2013/05/20/opinion/schneier-security-politics/index.html
or http://tinyurl.com/njp48xh
This essay has been translated into Swedish.
http://opassande.se/2013/06/04/sakerhetspolitiken-i-en-demokrati/
Preaching fear:
http://www.dailykos.com/story/2013/05/06/1207262/-David-Gregory-is-haunted-by-a-New-Age-of-Terror-that-exists-in-his-imagination
or http://tinyurl.com/nc5tryv
My essay on how to fight terrorism:
http://www.schneier.com/essay-292.html
Fusion Centers:
http://www.wired.com/dangerroom/2012/10/fusion-centers
TSA prohibited from allowing small knives:
http://www.latimes.com/business/money/la-fi-mo-tsa-to-delay-allowing-small-knives-on-planes-20130422,0,3679780.story
or http://tinyurl.com/ckql2r3
Another essay along similar lines:
http://www.economist.com/blogs/democracyinamerica/2013/06/surveillance-0
or http://tinyurl.com/q7xhay3
** *** ***** ******* *********** *************
News
All of the anti-counterfeiting features of the new Canadian $100 bill
are resulting in people not bothering to verify them.
http://www.globalpost.com/dispatch/news/the-canadian-press/130516/mounties-say-crooks-passing-fake-polymer-bank-notes-british-
or http://tinyurl.com/ldn8y8m
For a while now, I have been thinking about what civil disobedience
looks like in the Internet Age. DDOS attacks, and politically
motivated hacking in general, are certainly a part of that. This is
one of the reasons I found Molly Sauter's recent thesis, "Distributed
Denial of Service Actions and the Challenge of Civil Disobedience on
the Internet," so interesting.
http://www.scribd.com/doc/141893154/DISTRIBUTED-DENIAL-OF-SERVICE-ACTIONS-AND-THE-CHALLENGE-OF-CIVIL-DISOBEDIENCE-ON-THE-INTERNET
or http://tinyurl.com/pq6djfo
One of the problems with the legal system is that it doesn't make any
differentiation between civil disobedience and "normal" criminal
activity on the Internet, though it does in the real world.
This 127-page report on "The Global Cyber Game" was just published by
the UK Defence Academy. I have not read it yet, but it looks really
interesting.
http://www.da.mod.uk/publications/library/technology/20130508-Cyber_report_final_U.pdf/view
or http://tinyurl.com/pkuoga3
This blog post by Aleatha Parker-Wood, on the one-shot vs. the
iterated Prisoner's Dilemma, is very applicable to the things I wrote
in "Liars & Outliers":
https://plus.google.com/107475727645912993113/posts/3BVKXUhqSrV
Interesting report from the Pew Internet and American Life Project on
teens, social media, and privacy:
http://www.schneier.com/blog/archives/2013/05/new_report_on_t_1.html
The research by G. Gigučre and B.C. Love, "Limits in decision making
arise from limits in memory retrieval," in "Proceedings of the
National Academy of Sciences," v. 110 no. 19 (2013) has applications
in training airport baggage screeners.
http://www.pnas.org/content/110/19/7613.short?rss=1
Nassim Nicholas Taleb on risk perception:
https://www.facebook.com/permalink.php?story_fbid=10151501872108375&id=13012333374
or http://tinyurl.com/p5m4eag
This article wonders if we are finally thinking sensibly about terrorism.
http://nationalinterest.org/commentary/finally-talking-terror-sensibly-8511
or http://tinyurl.com/naq48px
There are also these:
http://www.theatlanticwire.com/national/2013/04/refusing-be-terrorized-time-terror/64265/
or http://tinyurl.com/pupye9o
http://dish.andrewsullivan.com/2013/04/16/terrorism-is-rare/
http://www.balloon-juice.com/2013/04/15/something-else-to-talk-about/
or http://tinyurl.com/c3yk4hm
http://fivethirtyeight.blogs.nytimes.com/2013/04/23/polls-show-growing-resolve-to-live-with-terror-threat/
or http://tinyurl.com/d7fzdtg
http://www.debate.org/opinions/is-it-justifiable-to-violate-certain-civil-liberties-in-the-name-of-national-security
or http://tinyurl.com/dxc4csq
President Obama used my "refuse to be terrorized" line:
http://www.politico.com/politico44/2013/04/obama-takeaway-from-the-week-americans-refuse-to-be-162163.html
or http://tinyurl.com/cchxy23
This bit on why we lie, by Judge Kozinski, is from a federal court
ruling about false statements and First Amendment protection:
http://www.schneier.com/blog/archives/2013/05/why_we_lie.html
Interesting article on a greatly increased aspect of surveillance:
"the ordinary citizen who by chance finds himself in a position to
record events of great public import, and to share the results with
the rest of us."
http://www.newyorker.com/online/blogs/elements/2013/05/mother-jones-video-rise-of-little-brother.html
or http://tinyurl.com/ovrzhsf
New paper by Daniel Solove: "Privacy Self-Management and the Consent Dilemma":
http://ssrn.com/abstract=2171018
Someday I need to write an essay on the security risks of secret
algorithms that become part of our infrastructure. This paper gives
one example of that. Could Google tip an election by manipulating
what comes up from search results on the candidates?
http://www.schneier.com/blog/archives/2013/06/the_security_ri_3.html
Eugene Spafford answers questions on CNN.com.
http://globalpublicsquare.blogs.cnn.com/2013/05/23/cyber-security-expert-answers-readers-questions/
or http://tinyurl.com/p9h8sds
Interesting speculative article on tagging and location technologies.
http://www.wired.com/dangerroom/2009/06/inside-the-militarys-secret-terror-tagging-tech/
or http://tinyurl.com/qgao2u
Ignore the sensationalist headline. This article is a good summary of
the need for trust in IT, and provides some ideas for how to enable
more of it.
http://www.theregister.co.uk/2013/06/03/trust_nobody_with_your_personal_data_ever/
or http://tinyurl.com/lw97ezr
The psychology of conspiracy theories.
https://www.nytimes.com/2013/05/26/magazine/why-rational-people-buy-into-conspiracy-theories.html
or http://tinyurl.com/ozhlb23
Ricin as a terrorist tool:
http://www.schneier.com/blog/archives/2013/05/ricin_as_a_terr.html
** *** ***** ******* *********** *************
More on Feudal Security
Facebook regularly abuses the privacy of its users. Google has stopped
supporting its popular RSS feeder. Apple prohibits all iPhone apps
that are political or sexual. Microsoft might be cooperating with some
governments to spy on Skype calls, but we don't know which ones. Both
Twitter and LinkedIn have recently suffered security breaches that
affected the data of hundreds of thousands of their users.
If you've started to think of yourself as a hapless peasant in a "Game
of Thrones" power struggle, you're more right than you may realize.
These are not traditional companies, and we are not traditional
customers. These are feudal lords, and we are their vassals, peasants,
and serfs.
Power has shifted in IT, in favor of both cloud-service providers and
closed-platform vendors. This power shift affects many things, and it
profoundly affects security.
Traditionally, computer security was the user's responsibility. Users
purchased their own antivirus software and firewalls, and any breaches
were blamed on their inattentiveness. It's kind of a crazy business
model. Normally we expect the products and services we buy to be safe
and secure, but in IT we tolerated lousy products and supported an
enormous aftermarket for security.
Now that the IT industry has matured, we expect more security "out of
the box." This has become possible largely because of two technology
trends: cloud computing and vendor-controlled platforms. The first
means that most of our data resides on other networks: Google Docs,
Salesforce.com, Facebook, Gmail. The second means that our new
Internet devices are both closed and controlled by the vendors, giving
us limited configuration control: iPhones, ChromeBooks, Kindles,
BlackBerry PDAs. Meanwhile, our relationship with IT has changed. We
used to use our computers to do things. We now use our
vendor-controlled computing devices to go places. All of these places
are owned by someone.
The new security model is that someone else takes care of it --
without telling us any of the details. I have no control over the
security of my Gmail or my photos on Flickr. I can't demand greater
security for my presentations on Prezi or my task list on Trello, no
matter how confidential they are. I can't audit any of these cloud
services. I can't delete cookies on my iPad or ensure that files are
securely erased. Updates on my Kindle happen automatically, without my
knowledge or consent. I have so little visibility into the security of
Facebook that I have no idea what operating system they're using.
There are a lot of good reasons why we're all flocking to these cloud
services and vendor-controlled platforms. The benefits are enormous,
from cost to convenience to reliability to security itself. But it is
inherently a feudal relationship. We cede control of our data and
computing platforms to these companies and trust that they will treat
us well and protect us from harm. And if we pledge complete allegiance
to them -- if we let them control our email and calendar and address
book and photos and everything -- we get even more benefits. We become
their vassals; or, on a bad day, their serfs.
There are a lot of feudal lords out there. Google and Apple are the
obvious ones, but Microsoft is trying to control both user data and
the end-user platform as well. Facebook is another lord, controlling
much of the socializing we do on the Internet. Other feudal lords are
smaller and more specialized -- Amazon, Yahoo, Verizon, and so on --
but the model is the same.
To be sure, feudal security has its advantages. These companies are
much better at security than the average user. Automatic backup has
saved a lot of data after hardware failures, user mistakes, and
malware infections. Automatic updates have increased security
dramatically. This is also true for small organizations; they are more
secure than they would be if they tried to do it themselves. For large
corporations with dedicated IT security departments, the benefits are
less clear. Sure, even large companies outsource critical functions
like tax preparation and cleaning services, but large companies have
specific requirements for security, data retention, audit, and so on
-- and that's just not possible with most of these feudal lords.
Feudal security also has its risks. Vendors can, and do, make security
mistakes affecting hundreds of thousands of people. Vendors can lock
people into relationships, making it hard for them to take their data
and leave. Vendors can act arbitrarily, against our interests;
Facebook regularly does this when it changes peoples' defaults,
implements new features, or modifies its privacy policy. Many vendors
give our data to the government without notice, consent, or a warrant;
almost all sell it for profit. This isn't surprising, really;
companies should be expected to act in their own self-interest and not
in their users' best interest.
The feudal relationship is inherently based on power. In Medieval
Europe, people would pledge their allegiance to a feudal lord in
exchange for that lord's protection. This arrangement changed as the
lords realized that they had all the power and could do whatever they
wanted. Vassals were used and abused; peasants were tied to their land
and became serfs.
It's the Internet lords' popularity and ubiquity that enable them to
profit; laws and government relationships make it easier for them to
hold onto power. These lords are vying with each other for profits and
power. By spending time on their sites and giving them our personal
information -- whether through search queries, e-mails, status
updates, likes, or simply our behavioral characteristics -- we are
providing the raw material for that struggle. In this way we are like
serfs, toiling the land for our feudal lords. If you don't believe me,
try to take your data with you when you leave Facebook. And when war
breaks out among the giants, we become collateral damage.
So how do we survive? Increasingly, we have little alternative but to
trust *someone*, so we need to decide who we trust -- and who we don't
-- and then act accordingly. This isn't easy; our feudal lords go out
of their way not to be transparent about their actions, their
security, or much of anything. Use whatever power you have --- as
individuals, none; as large corporations, more -- to negotiate with
your lords. And, finally, don't be extreme in any way: politically,
socially, culturally. Yes, you can be shut down without recourse, but
it's usually those on the edges that are affected. Not much solace, I
agree, but it's something.
On the policy side, we have an action plan. In the short term, we need
to keep circumvention -- the ability to modify our hardware, software,
and data files -- legal and preserve net neutrality. Both of these
things limit how much the lords can take advantage of us, and they
increase the possibility that the market will force them to be more
benevolent. The last thing we want is the government -- that's us --
spending resources to enforce one particular business model over
another and stifling competition.
In the longer term, we all need to work to reduce the power imbalance.
Medieval feudalism evolved into a more balanced relationship in which
lords had responsibilities as well as rights. Today's Internet
feudalism is both ad hoc and one-sided. We have no choice but to trust
the lords, but we receive very few assurances in return. The lords
have a lot of rights, but few responsibilities or limits. We need to
balance this relationship, and government intervention is the only way
we're going to get it. In medieval Europe, the rise of the centralized
state and the rule of law provided the stability that feudalism
lacked. The Magna Carta first forced responsibilities on governments
and put humans on the long road toward government by the people and
for the people.
We need a similar process to rein in our Internet lords, and it's not
something that market forces are likely to provide. The very
definition of power is changing, and the issues are far bigger than
the Internet and our relationships with our IT providers.
This essay originally appeared on the "Harvard Business Review" website.
http://blogs.hbr.org/cs/2013/06/you_have_no_control_over_s.html
It is an update of this earlier essay on the same topic.
https://www.schneier.com/essay-406.html
"Feudal security" is a metaphor I have been using a lot recently; I
wrote this essay without rereading my previous essay.
There is another way the feudal metaphor applies to the Internet.
There is no commons; every part of the Internet is owned by someone.
This article explores that aspect of the metaphor.
http://newamerica.net/publications/articles/2011/digital_feudalism_enclosures_and_erasures_from_digital_rights_management_
http://tinyurl.com/k9lwexw
Power and security:
https://www.schneier.com/essay-409.html
The need for trust:
https://www.schneier.com/essay-412.html
The Internet giants reimagined as "Game of Thrones" players:
http://blog.hootsuite.com/wp-content/uploads/2013/05/GoT-social-infographic-final1.jpg
or http://blog.hootsuite.com/wp-content/uploads/2013/05/GoT-social-infographic-final1.jpg
** *** ***** ******* *********** *************
Surveillance and the Internet of Things
The Internet has turned into a massive surveillance tool. We're
constantly monitored on the Internet by hundreds of companies -- both
familiar and unfamiliar. Everything we do there is recorded,
collected, and collated -- sometimes by corporations wanting to sell
us stuff and sometimes by governments wanting to keep an eye on us.
Ephemeral conversation is over. Wholesale surveillance is the norm.
Maintaining privacy from these powerful entities is basically
impossible, and any illusion of privacy we maintain is based either on
ignorance or on our unwillingness to accept what's really going on.
It's about to get worse, though. Companies such as Google may know
more about your personal interests than your spouse, but so far it's
been limited by the fact that these companies only see computer data.
And even though your computer habits are increasingly being linked to
your offline behavior, it's still only behavior that involves
computers.
The Internet of Things refers to a world where much more than our
computers and cell phones is Internet-enabled. Soon there will be
Internet-connected modules on our cars and home appliances.
Internet-enabled medical devices will collect real-time health data
about us. There'll be Internet-connected tags on our clothing. In its
extreme, *everything* can be connected to the Internet. It's really
just a matter of time, as these self-powered wireless-enabled
computers become smaller and cheaper.
Lots has been written about the "Internet of Things" and how it will
change society for the better. It's true that it will make a lot of
wonderful things possible, but the "Internet of Things" will also
allow for an even greater amount of surveillance than there is today.
The Internet of Things gives the governments and corporations that
follow our every move something they don't yet have: eyes and ears.
Soon everything we do, both online and offline, will be recorded and
stored forever. The only question remaining is who will have access to
all of this information, and under what rules.
We're seeing an initial glimmer of this from how location sensors on
your mobile phone are being used to track you. Of course your cell
provider needs to know where you are; it can't route your phone calls
to your phone otherwise. But most of us broadcast our location
information to many other companies whose apps we've installed on our
phone. Google Maps certainly, but also a surprising number of app
vendors who collect that information. It can be used to determine
where you live, where you work, and who you spend time with.
Another early adopter was Nike, whose Nike+ shoes communicate with
your iPod or iPhone and track your exercising. More generally, medical
devices are starting to be Internet-enabled, collecting and reporting
a variety of health data. Wiring appliances to the Internet is one of
the pillars of the smart electric grid. Yes, there are huge potential
savings associated with the smart grid, but it will also allow power
companies - and anyone they decide to sell the data to -- to monitor
how people move about their house and how they spend their time.
Drones are another "thing" moving onto the Internet. As their price
continues to drop and their capabilities increase, they will become a
very powerful surveillance tool. Their cameras are powerful enough to
see faces clearly, and there are enough tagged photographs on the
Internet to identify many of us. We're not yet up to a real-time
Google Earth equivalent, but it's not more than a few years away. And
drones are just a specific application of CCTV cameras, which have
been monitoring us for years, and will increasingly be networked.
Google's Internet-enabled glasses -- Google Glass -- are another major
step down this path of surveillance. Their ability to record both
audio and video will bring ubiquitous surveillance to the next level.
Once they're common, you might never know when you're being recorded
in both audio and video. You might as well assume that everything you
do and say will be recorded and saved forever.
In the near term, at least, the sheer volume of data will limit the
sorts of conclusions that can be drawn. The invasiveness of these
technologies depends on asking the right questions. For example, if a
private investigator is watching you in the physical world, she or he
might observe odd behavior and investigate further based on that. Such
serendipitous observations are harder to achieve when you're filtering
databases based on pre-programmed queries. In other words, it's easier
to ask questions about what you purchased and where you were than to
ask what you did with your purchases and why you went where you did.
These analytical limitations also mean that companies like Google and
Facebook will benefit more from the Internet of Things than
individuals -- not only because they have access to more data, but
also because they have more sophisticated query technology. And as
technology continues to improve, the ability to automatically analyze
this massive data stream will improve.
In the longer term, the Internet of Things means ubiquitous
surveillance. If an object "knows" you have purchased it, and
communicates via either Wi-Fi or the mobile network, then whoever or
whatever it is communicating with will know where you are. Your car
will know who is in it, who is driving, and what traffic laws that
driver is following or ignoring. No need to show ID; your identity
will already be known. Store clerks could know your name, address, and
income level as soon as you walk through the door. Billboards will
tailor ads to you, and record how you respond to them. Fast food
restaurants will know what you usually order, and exactly how to
entice you to order more. Lots of companies will know whom you spend
your days -- and nights -- with. Facebook will know about any new
relationship status before you bother to change it on your profile.
And all of this information will all be saved, correlated, and
studied. Even now, it feels a lot like science fiction.
Will *you* know any of this? Will your friends? It depends. Lots of
these devices have, and will have, privacy settings. But these
settings are remarkable not in how much privacy they afford, but in
how much they deny. Access will likely be similar to your browsing
habits, your files stored on Dropbox, your searches on Google, and
your text messages from your phone. All of your data is saved by those
companies -- and many others -- correlated, and then bought and sold
without your knowledge or consent. You'd think that your privacy
settings would keep random strangers from learning everything about
you, but it only keeps random strangers who *don't pay for the
privilege* -- or don't work for the government and have the ability to
demand the data. Power is what matters here: you'll be able to keep
the powerless from invading your privacy, but you'll have no ability
to prevent the powerful from doing it again and again.
This essay originally appeared in the "Guardian."
http://www.guardian.co.uk/technology/2013/may/16/internet-of-things-privacy-google
or http://tinyurl.com/kzqxg3d
The Internet as a massive surveillance tool:
http://www.schneier.com/essay-418.html
The death of ephemeral conversation:
http://www.schneier.com/essay-247.html
The rise of wholesale surveillance:
http://www.schneier.com/essay-109.html
Linking online and offline behavior:
http://adage.com/article/digital/facebook-partner-acxiom-epsilon-match-store-purchases-user-profiles/239967
or http://tinyurl.com/dx7679t
The Internet of things:
http://en.wikipedia.org/wiki/Internet_of_Things
http://www.networkcultures.org/_uploads/notebook2_theinternetofthings.pdf
or http://tinyurl.com/4dmfnc
http://www.mckinseyquarterly.com/The_Internet_of_Things_2538
http://www.theinternetofthings.eu/
http://mashable.com/category/internet-of-things/
http://www.grifs-project.eu/data/File/Casagras_Final%20Report.pdf
http://www.whiteboardmag.com/4-ways-the-internet-of-things-will-radically-change-your-life/
or http://tinyurl.com/mrdeavb
http://www.alexandra.dk/uk/services/Publications/Documents/IoT_Comic_Book.pdf
or http://tinyurl.com/88hgaja
http://www.guardian.co.uk/local-government-network/2011/aug/18/internet-of-things-local-government
or http://tinyurl.com/3fzctmq
Surveillance under the Internet of things:
http://siliconangle.com/blog/2013/01/10/big-brothers-big-data-why-we-must-fear-the-internet-of-things/
or http://tinyurl.com/l5kab2r
http://www.bigbrotherwatch.org.uk/internet-of-things
Giving the Internet eyes and ears:
http://www.wired.com/opinion/2012/12/20-12-st_thompson/
Location privacy:
https://www.eff.org/issues/location-privacy
Medical devices:
https://spqr.eecs.umich.edu/papers/b1kohFINAL2.pdf
Smart electric grid:
http://epic.org/privacy/smartgrid/smartgrid.html
Drones:
http://epic.org/privacy/drones/
Google Glass:
http://www.guardian.co.uk/technology/google-glass
http://creativegood.com/blog/the-google-glass-feature-no-one-is-talking-about/
or http://tinyurl.com/capaz5b
David Brin on the transparent society:
http://www.davidbrin.com/transparentsociety.html
Science fiction story about this particular dystopia:
http://www.lightspeedmagazine.com/fiction/the-perfect-match/
Power and security:
http://www.schneier.com/essay-409.html
Another article on the subject:
http://www.wired.com/gadgetlab/2013/05/internet-of-things/
** *** ***** ******* *********** *************
The Problems with CALEA-II
The FBI wants a new law that will make it easier to wiretap the
Internet. Although its claim is that the new law will only maintain
the status quo, it's really much worse than that. This law will result
in less-secure Internet products and create a foreign industry in
more-secure alternatives. It will impose costly burdens on affected
companies. It will assist totalitarian governments in spying on their
own citizens. And it won't do much to hinder actual criminals and
terrorists.
As the FBI sees it, the problem is that people are moving away from
traditional communication systems like telephones onto computer
systems like Skype. Eavesdropping on telephones used to be easy. The
FBI would call the phone company, which would bring agents into a
switching room and allow them to literally tap the wires with a pair
of alligator clips and a tape recorder. In the 1990s, the government
forced phone companies to provide an analogous capability on digital
switches; but today, more and more communications happens over the
Internet.
What the FBI wants is the ability to eavesdrop on *everything*f.
Depending on the system, this ranges from easy to impossible. E-mail
systems like Gmail are easy. The mail resides in Google's servers, and
the company has an office full of people who respond to requests for
lawful access to individual accounts from governments all over the
world. Encrypted voice systems like Silent Circle are impossible to
eavesdrop on -- the calls are encrypted from one computer to the
other, and there's no central node to eavesdrop from. In those cases,
the only way to make the system eavesdroppable is to add a backdoor to
the user software. This is precisely the FBI's proposal. Companies
that refuse to comply would be fined $25,000 a day.
The FBI believes it can have it both ways: that it can open systems to
its eavesdropping, but keep them secure from anyone else's
eavesdropping. That's just not possible. It's impossible to build a
communications system that allows the FBI surreptitious access but
doesn't allow similar access by others. When it comes to security, we
have two options: We can build our systems to be as secure as possible
from eavesdropping, or we can deliberately weaken their security. We
have to choose one or the other.
This is an old debate, and one we've been through many times. The NSA
even has a name for it: the equities issue. In the 1980s, the equities
debate was about export control of cryptography. The government
deliberately weakened U.S. cryptography products because it didn't
want foreign groups to have access to secure systems. Two things
resulted: fewer Internet products with cryptography, to the insecurity
of everybody, and a vibrant foreign security industry based on the
unofficial slogan "Don't buy the U.S. stuff -- it's lousy."
In 1993, the debate was about the Clipper Chip. This was another
deliberately weakened security product, an encrypted telephone. The
FBI convinced AT&T to add a backdoor that allowed for surreptitious
wiretapping. The product was a complete failure. Again, why would
anyone buy a deliberately weakened security system?
In 1994, the Communications Assistance for Law Enforcement Act
mandated that U.S. companies build eavesdropping capabilities into
phone switches. These were sold internationally; some countries liked
having the ability to spy on their citizens. Of course, so did
criminals, and there were public scandals in Greece (2005) and Italy
(2006) as a result.
In 2012, we learned that every phone switch sold to the Department of
Defense had security vulnerabilities in its surveillance system. And
just this May, we learned that Chinese hackers breached Google's
system for providing surveillance data for the FBI.
The new FBI proposal will fail in all these ways and more. The bad
guys will be able to get around the eavesdropping capability, either
by building their own security systems -- not very difficult -- or
buying the more-secure foreign products that will inevitably be made
available. Most of the good guys, who don't understand the risks or
the technology, will not know enough to bother and will be less
secure. The eavesdropping functions will 1) result in more obscure --
and less secure -- product designs, and 2) be vulnerable to
exploitation by criminals, spies, and everyone else. U.S. companies
will be forced to compete at a disadvantage; smart customers won't buy
the substandard stuff when there are more-secure foreign alternatives.
Even worse, there are lots of foreign governments who want to use
these sorts of systems to spy on their own citizens. Do we really want
to be exporting surveillance technology to the likes of China, Syria,
and Saudi Arabia?
The FBI's short-sighted agenda also works against the parts of the
government that are still working to secure the Internet for everyone.
Initiatives within the NSA, the DOD, and DHS to do everything from
securing computer operating systems to enabling anonymous web browsing
will all be harmed by this.
What to do, then? The FBI claims that the Internet is "going dark,"
and that it's simply trying to maintain the status quo of being able
to eavesdrop. This characterization is disingenuous at best. We are
entering a golden age of surveillance; there's more electronic
communications available for eavesdropping than ever before, including
whole new classes of information: location tracking, financial
tracking, and vast databases of historical communications such as
e-mails and text messages. The FBI's surveillance department has it
better than ever. With regard to voice communications, yes, software
phone calls will be harder to eavesdrop upon. (Although there are
questions about Skype's security.) That's just part of the evolution
of technology, and one that on balance is a positive thing.
Think of it this way: We don't hand the government copies of our house
keys and safe combinations. If agents want access, they get a warrant
and then pick the locks or bust open the doors, just as a criminal
would do. A similar system would work on computers. The FBI, with its
increasingly non-transparent procedures and systems, has failed to
make the case that this isn't good enough.
Finally there's a general principle at work that's worth explicitly
stating. All tools can be used by the good guys and the bad guys. Cars
have enormous societal value, even though bank robbers can use them as
getaway cars. Cash is no different. Both good guys and bad guys send
e-mails, use Skype, and eat at all-night restaurants. But because
society consists overwhelmingly of good guys, the good uses of these
dual-use technologies greatly outweigh the bad uses. Strong Internet
security makes us all safer, even though it helps the bad guys as
well. And it makes no sense to harm all of us in an attempt to harm a
small subset of us.
This essay originally appeared in "Foreign Policy".
http://www.foreignpolicy.com/articles/2013/05/29/the_fbi_s_new_wiretapping_plan_is_great_news_for_criminals
or http://tinyurl.com/pmpztva
The FBI's proposal:
http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html
or http://tinyurl.com/d8btqkc
http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html
or http://tinyurl.com/cfc6r9e
http://www.newyorker.com/online/blogs/elements/2013/05/wiretapping-the-web.html
or http://tinyurl.com/kf62o2r
The equities issue:
https://www.schneier.com/essay-216.html
CALEA:
http://www.gpo.gov/fdsys/pkg/PLAW-112publ283/html/PLAW-112publ283.htm
or http://tinyurl.com/m825t5p
What happened in Greece:
http://spectrum.ieee.org/telecom/security/the-athens-affair
What happened in Italy:
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal
Vulnerabilities in the US:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2028152
The Chinese hacking Google:
http://www.washingtonpost.com/world/national-security/chinese-hackers-who-breached-google-gained-access-to-sensitive-data-us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_story.html
or http://tinyurl.com/nmywmk8
Other essays on this:
https://www.cdt.org/blogs/joseph-lorenzo-hall/1705leading-security-experts-say-fbi-wiretapping-proposal-would-undermine
or http://tinyurl.com/ksg9wj4
https://freedom-to-tinker.com/blog/felten/calea-ii-risks-of-wiretap-modifications-to-endpoints/
or http://tinyurl.com/clmv5kg
http://www.lawfareblog.com/2013/05/susan-landau-on-obama-administrations-new-wiretapping-proposal/
or http://tinyurl.com/nxxfuvt
http://blog.rubbingalcoholic.com/post/50892166507/fbi-regulation-bans-cryptography
or http://tinyurl.com/l3s5jyj
http://www.wired.com/opinion/2013/05/the-fbis-plan-for-a-wiretap-ready-internet-is-misdirected-shortsighted-and-ridiculous/
or http://tinyurl.com/chkexxw
https://www.eff.org/deeplinks/2013/05/caleatwo
http://www.latimes.com/news/opinion/editorials/la-ed-wiretap-fbi-calea-expansion-20130522,0,4866736.story
or http://tinyurl.com/nwngjfw
How the government is helping secure the Internet.
http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html
http://www.nsa.gov/research/selinux/
http://www.nsa.gov/ia/programs/suiteb_cryptography/
https://www.torproject.org/about/sponsors.html.en
http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_%28SAFER%29.aspx
or http://tinyurl.com/ltfeuyz
http://www.eweek.com/c/a/Security/DHS-Funds-OpenSource-Security-Project/
or http://tinyurl.com/3ggg5g
The "golden age of surveillance":
https://www.cdt.org/blogs/2811going-dark-versus-golden-age-surveillance
or http://tinyurl.com/6on7m7r
Surveillance on the Internet:
http://www.schneier.com/essay-418.html
Questions about Skype security:
http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
http://www.h-online.com/security/features/Skype-s-ominous-link-checking-Facts-and-speculation-1865629.html
or http://tinyurl.com/ngl97e6
http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/
or http://tinyurl.com/pb2lrzo
Forcing the FBI to use vulnerabilities to eavesdrop on people:
https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf
http://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier
or http://tinyurl.com/c7qnu2
The need for transparency:
http://www.schneier.com/essay-425.html
** *** ***** ******* *********** *************
Schneier News
I'm speaking at Cornerstones of Trust 2013, in Foster City, CA, on June 18.
http://www.cornerstonesoftrust.com/
I'm speaking at USI 2013, in Paris on June 25.
http://www.usievents.com/?locale=en
In this podcast interview, I talk about security, power, and the
various things I have been thinking about recently.
http://thecommandline.net/2013/06/03/schneier_power/
In the episode of "Elementary" that aired on May 9, about eight or
nine minutes in, there's a scene with a copy of "Applied Cryptography"
prominently displayed on the coffee table. This isn't the first time
that my books have appeared on that TV show.
http://www.schneier.com/blog/archives/2013/05/applied_cryptog.html
** *** ***** ******* *********** *************
Sixth Annual Movie-Plot Threat Semifinalists
On April 1 on my blog, I announced the Sixth Annual Movie Plot Threat Contest:
I want a cyberwar movie-plot threat. (For those who don't know,
a movie-plot threat is a scare story that would make a great
movie plot, but is much too specific to build security policy
around.) Not the Chinese attacking our power grid or shutting
off 911 emergency services -- people are already scaring our
legislators with that sort of stuff. I want something good,
something no one has thought of before.
Submissions are in, and -- apologies that this is a month late, but I
completely forgot about it -- here are the semifinalists.
1. Crashing satellites, by Chris Battey.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1254320
2. Attacking Dutch dams, by Russell Thomas.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1254733
3. Attacking a drug dispensing system, by Dave.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1262123
4. Attacking cars through their diagnostic ports, by RSaunders.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1271436
5. Embedded kill switches in chips, by Shogun.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1292422
--
Important: This email message and/or attached files may contain
confidential and/or legally privileged information. If you are not the
intended recipient, any reproduction, publication, communication,
re-transmission, disclosure, dissemination or use of the information
in this email is prohibited. If you have received this message in
error, please notify the sender immediately and delete the original
together with any attachments. It is your responsibility to check any
attachments for viruses before opening or re-transmitting them and the
sender shall not be held liable for any possible subsequent loss or
damage.
fyi from an i.t. security pioneer.
safe and secure browsing an oxymoron nowadays?
regards
rene77
---------- Forwarded message ----------
From: Bruce Schneier <schn...@schneier.com>
Date: Sat, Jun 15, 2013 at 2:14 PM
Subject: CRYPTO-GRAM, June 15, 2013
To: CRYPTO-G...@listserv.modwest.com
CRYPTO-GRAM
June 15, 2013
by Bruce Schneier
Chief Security Technology Officer, BT
schn...@schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1306.html>. These same essays and
news items appear in the "Schneier on Security" blog at
<http://www.schneier.com/blog>, along with a lively and intelligent
comment section. An RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
Government Secrets and the Need for Whistleblowers
Prosecuting Snowden
Trading Privacy for Convenience
More Links on the Snowden Documents
Essays Related to NSA Spying Documents
The Politics of Security in a Democracy
News
More on Feudal Security
Surveillance and the Internet of Things
The Problems with CALEA-II
Schneier News
Sixth Annual Movie-Plot Threat Semifinalists
A Really Good Article on How Easy it Is to Crack Passwords
Bluetooth-Controlled Door Lock
Security and Human Behavior (SHB 2013)
The Cost of Terrorism in Pakistan
** *** ***** ******* *********** *************
Government Secrets and the Need for Whistleblowers
Recently, we learned that the NSA received all calling records from
Verizon customers for a three-month period starting in April. That's
everything except the voice content: who called who, where they were,
how long the call lasted -- for millions of people, both Americans and
foreigners. This "metadata" allows the government to track the
movements of everyone during that period, and a build a detailed
picture of who talks to whom. It's exactly the same data the Justice
Department collected about AP journalists.
The "Guardian" delivered this revelation after receiving a copy of a
secret memo about this -- presumably from a whistleblower. We don't
know if the other phone companies handed data to the NSA too. We don't
know if this was a one-off demand or a continuously renewed demand;
the order started a few days after the Boston bombers were captured by
police.
We don't know a lot about how the government spies on us, but we know
some things. We know the FBI has issued tens of thousands of
ultra-secret National Security Letters to collect all sorts of data on
people -- we believe on millions of people -- and has been abusing
them to spy on cloud-computer users. We know it can collect a wide
array of personal data from the Internet without a warrant. We also
know that the FBI has been intercepting cell-phone data, all but voice
content, for the past 20 years without a warrant, and can use the
microphone on some powered-off cell phones as a room bug -- presumably
only with a warrant.
We know that the NSA has many domestic-surveillance and data-mining
programs with codenames like Trailblazer, Stellar Wind, and Ragtime --
deliberately using different codenames for similar programs to stymie
oversight and conceal what's really going on. We know that the NSA is
building an enormous computer facility in Utah to store all this data,
as well as faster computer networks to process it all. We know the
U.S. Cyber Command employs 4,000 people.
We know that the DHS is also collecting a massive amount of data on
people, and that local police departments are running "fusion centers"
to collect and analyze this data, and covering up its failures. This
is all part of the militarization of the police.
Remember in 2003, when Congress defunded the decidedly creepy Total
Information Awareness program? It didn't die; it just changed names
and split into many smaller programs. We know that corporations are
doing an enormous amount of spying on behalf of the government: all
parts.
We know all of this not because the government is honest and
forthcoming, but mostly through three backchannels -- inadvertent
hints or outright admissions by government officials in hearings and
court cases, information gleaned from government documents received
under FOIA, and government whistleblowers.
There's much more we don't know, and often what we know is obsolete.
We know quite a bit about the NSA's ECHELON program from a 2000
European investigation, and about the DHS's plans for Total
Information Awareness from 2002, but much less about how these
programs have evolved. We can make inferences about the NSA's Utah
facility based on the theoretical amount of data from various sources,
the cost of computation, and the power requirements from the facility,
but those are rough guesses at best. For a lot of this, we're
completely in the dark.
And that's wrong.
The U.S. government is on a secrecy binge. It overclassifies more
information than ever. And we learn, again and again, that our
government regularly classifies things not because they need to be
secret, but because their release would be embarrassing.
Knowing how the government spies on us is important. Not only because
so much of it is illegal -- or, to be as charitable as possible, based
on novel interpretations of the law -- but because we have a right to
know. Democracy requires an informed citizenry in order to function
properly, and transparency and accountability are essential parts of
that. That means knowing what our government is doing to us, in our
name. That means knowing that the government is operating within the
constraints of the law. Otherwise, we're living in a police state.
We need whistleblowers.
Leaking information without getting caught is difficult. It's almost
impossible to maintain privacy in the Internet Age. The WikiLeaks
platform seems to have been secure -- Bradley Manning was caught not
because of a technological flaw, but because someone he trusted
betrayed him -- but the U.S. government seems to have successfully
destroyed it as a platform. None of the spin-offs have risen to become
viable yet. The "New Yorker" recently unveiled its Strongbox platform
for leaking material, which is still new but looks good. Wired
recently gave the best advice on how to leak information to the press
via phone, email, or the post office. The National Whistleblowers
Center has a page on national-security whistleblowers and their
rights.
Leaking information is also very dangerous. The Obama Administration
has embarked on a war on whistleblowers, pursuing them -- both legally
and through intimidation -- further than any previous administration
has done. Mark Klein, Thomas Drake, and William Binney have all been
persecuted for exposing technical details of our surveillance state.
Bradley Manning has been treated cruelly and inhumanly -- and possibly
tortured -- for his more-indiscriminate leaking of State Department
secrets.
The Obama Administration's actions against the Associated Press, its
persecution of Julian Assange, and its unprecedented prosecution of
Manning on charges of "aiding the enemy" demonstrate how far it's
willing to go to intimidate whistleblowers -- as well as the
journalists who talk to them.
But whistleblowing is vital, even more broadly than in government
spying. It's necessary for good government, and to protect us from
abuse of power.
We need details on the full extent of the FBI's spying capabilities.
We don't know what information it routinely collects on American
citizens, what extra information it collects on those on various watch
lists, and what legal justifications it invokes for its actions. We
don't know its plans for future data collection. We don't know what
scandals and illegal actions -- either past or present -- are
currently being covered up.
We also need information about what data the NSA gathers, either
domestically or internationally. We don't know how much it collects
surreptitiously, and how much it relies on arrangements with various
companies. We don't know how much it uses password cracking to get at
encrypted data, and how much it exploits existing system
vulnerabilities. We don't know whether it deliberately inserts
backdoors into systems it wants to monitor, either with or without the
permission of the communications-system vendors.
And we need details about the sorts of analysis the organizations
perform. We don't know what they quickly cull at the point of
collection, and what they store for later analysis -- and how long
they store it. We don't know what sort of database profiling they do,
how extensive their CCTV and surveillance-drone analysis is, how much
they perform behavioral analysis, or how extensively they trace
friends of people on their watch lists.
We don't know how big the U.S. surveillance apparatus is today, either
in terms of money and people or in terms of how many people are
monitored or how much data is collected. Modern technology makes it
possible to monitor vastly more people -- the recent NSA revelations
demonstrate that they could easily surveil *everyone* -- than could
ever be done manually.
Whistleblowing is the moral response to immoral activity by those in
power. What's important here are government programs and methods, not
data about individuals. I understand I am asking for people to engage
in illegal and dangerous behavior. Do it carefully and do it safely,
but -- and I am talking directly to you, person working on one of
these secret and probably illegal programs -- do it.
If you see something, say something. There are many people in the U.S.
that will appreciate and admire you.
For the rest of us, we can help by protesting this war on
whistleblowers. We need to force our politicians not to punish them --
to investigate the abuses and not the messengers -- and to ensure that
those unjustly persecuted can obtain redress.
Our government is putting its own self-interest ahead of the interests
of the country. That needs to change.
This essay originally appeared on the "Atlantic."
http://www.theatlantic.com/politics/archive/2013/06/what-we-dont-know-about-spying-on-citizens-scarier-than-what-we-know/276607/
or http://tinyurl.com/mgtx6nx
Verizon documents:
http://www.guardian.co.uk/world/2013/jun/06/nsa-phone-records-verizon-court-order
or http://tinyurl.com/mfm9qs6
Metadata:
http://www.guardian.co.uk/world/2013/jun/06/phone-call-metadata-information-authorities
or http://tinyurl.com/n5zq58b
National Security Letters:
http://www.eff.org/issues/national-security-letters
http://epic.org/privacy/nsl/
http://www.eff.org/issues/foia/07656JDB
FBI spying:
http://www.schneier.com/blog/archives/2013/03/fbi_secretly_sp.html
http://www.schneier.com/blog/archives/2012/11/e-mail_security.html
FBI intercepting cell phone calls:
http://www.slate.com/blogs/future_tense/2013/02/15/stingray_imsi_catcher_fbi_files_unlock_history_behind_cellphone_tracking.html
or http://tinyurl.com/a8v5ch8
http://www.washingtontimes.com/news/2013/mar/29/feds-fbi-warrantless-cell-tracking-very-common/
or http://tinyurl.com/d3v5b6z
http://www.wired.com/threatlevel/2013/04/verizon-rigmaiden-aircard/all/
or http://tinyurl.com/d52aqkb
Turning a cell phone into a listening device:
http://news.cnet.com/2100-1029-6140191.html
Trailblazer:
http://publicintelligence.net/binney-nsa-declaration/
http://www.wired.com/threatlevel/2011/05/new-yorker-on-thomas-drake/
Stellar Wind:
http://www.activistpost.com/2012/09/stellar-wind-secret-nsa-domestic-spying.html
or http://tinyurl.com/kjk8l53
Ragtime:
http://www.washingtonian.com/blogs/dead_drop/surveillance-state/ragtime-codename-of-nsas-secret-domestic-intelligence-program-revealed-in-new-book.php#
or http://tinyurl.com/khtm7s5
http://www.slate.com/blogs/future_tense/2013/02/28/deep_state_book_uncovers_details_on_ragtime_domestic_surveillance_program.html
or http://tinyurl.com/c9h78fn
The NSA's Utah computer facility:
http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1
http://rt.com/news/utah-data-center-spy-789/
DHS data collection:
http://online.wsj.com/article_email/SB10001424127887324478304578171623040640006-lMyQjAxMTAyMDEwMzExNDMyWj.html
or http://tinyurl.com/bv998wp
Failures at Fusion Centers:
http://www.judicialwatch.org/blog/2012/10/dhs-covers-up-failures-of-u-s-counterterrorism-centers/
or http://tinyurl.com/acx2jtv
Total Information Awareness:
http://en.wikipedia.org/wiki/Information_Awareness_Office
Corporate spying on behalf of governments:
http://online.wsj.com/public/page/what-they-know-digital-privacy.html
or http://tinyurl.com/38trebe
http://www.schneier.com/essay-423.html
Overclassification:
http://www.nytimes.com/2011/11/07/opinion/national-security-and-americas-unnecessary-secrets.html
or http://tinyurl.com/lnvrxfb
http://www.foreignpolicy.com/articles/2010/10/15/telling_secrets
http://www.bradleymanning.org/news/the-scale-of-american-overclassification
or http://tinyurl.com/84h2wlg
http://www.brennancenter.org/publication/reducing-overclassification-through-accountability
or http://tinyurl.com/lqhn3u8
http://articles.baltimoresun.com/2011-08-18/news/bs-ed-drake-20110817_1_espionage-act-drake-case-government-workers
or http://tinyurl.com/mxk4558
http://thinkprogress.org/security/2012/05/30/491988/government-overclassification/
or http://tinyurl.com/k65d6ht
Transparency and accountability:
http://www.theatlantic.com/politics/archive/2013/05/transparency-and-accountability-dont-hurt-security-theyre-crucial-to-it/275662/
or http://tinyurl.com/l35moqr
Ruminations on our future police state:
http://web.archive.org/web/20130312013840/https://frank.geekheim.de/?page_id=128
or http://tinyurl.com/kluz58q
The Internet is a surveillance state:
http://www.schneier.com/essay-418.html
StrongBox:
http://www.newyorker.com/online/blogs/newsdesk/2013/05/strongbox-and-aaron-swartz.html
or http://tinyurl.com/b4mnrx8
http://www.newyorker.com/strongbox
http://source.mozillaopennews.org/en-US/articles/new-yorker-launches-strongbox/
or http://tinyurl.com/l5mms4q
http://boingboing.net/2013/05/15/new-yorker-launches-new-leak-s.html
https://github.com/deaddrop/deaddrop
Wired's advice on how to leak:
http://www.wired.com/opinion/2013/05/listen-up-future-deep-throats-this-is-how-to-leak-to-the-press-today/
or http://tinyurl.com/a9xdwyu
National Whistleblowers Center:
http://www.whistleblowers.org
http://www.whistleblowers.org/index.php?option=com_content&task=view&id=984&Itemid=173
or http://tinyurl.com/kgpe3zx
Obama's war on whistleblowers:
http://www.theatlanticwire.com/politics/2011/05/obamas-war-whistle-blowers/38106/
or http://tinyurl.com/6xlssug
http://www.thenation.com/article/173521/obamas-crackdown-whistleblowers
or http://tinyurl.com/d6dunx2
http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer
Manning's treatment:
http://www.wired.com/threatlevel/2012/03/manning-treatment-inhuman/
Action against the AP:
http://www.nytimes.com/2013/05/26/us/leaks-inquiries-show-how-wide-a-net-is-cast.html
or http://tinyurl.com/lzqv56l
"Aiding the enemy" charges against Manning:
http://www.newrepublic.com/article/112554#
Political solutions:
http://joshuafoust.com/nine-dashed-off-points-on-the-nsa-scandal/
http://www.npr.org/blogs/itsallpolitics/2012/03/30/149556051/supreme-court-limits-damage-payments-to-whistle-blowers
or http://tinyurl.com/kkh7yn8
This essay is being discussed on Reddit:
http://www.reddit.com/r/politics/comments/1g1eyz/bruce_schneier_democracy_requir%20es_an_informed/
or http://tinyurl.com/lqs5se6
** *** ***** ******* *********** *************
Prosecuting Snowden
Edward Snowden broke the law by releasing classified information. This
isn't under debate; it's something everyone with a security clearance
knows. It's written in plain English on the documents you have to sign
when you get a security clearance, and it's part of the culture. The
law is there for a good reason, and secrecy has an important role in
military defense.
But before the Justice Department prosecutes Snowden, there are some
other investigations that ought to happen.
We need to determine whether these National Security Agency programs
are themselves legal. The administration has successfully barred
anyone from bringing a lawsuit challenging these laws, on the grounds
of national secrecy. Now that we know those arguments are without
merit, it's time for those court challenges.
It's clear that some of the NSA programs exposed by Snowden violate
the Constitution and others violate existing laws. Other people have
an opposite view. The courts need to decide.
We need to determine whether classifying these programs is legal.
Keeping things secret from the people is a very dangerous practice in
a democracy, and the government is permitted to do so only under very
specific circumstances. Reading the documents leaked so far, I don't
see anything that needs to be kept secret. The argument that exposing
these documents helps the terrorists doesn't even pass the laugh test;
there's nothing here that changes anything any potential terrorist
would do or not do. But in any case, now that the documents are
public, the courts need to rule on the legality of their secrecy.
And we need to determine how we treat whistleblowers in this country.
We have whistleblower protection laws that apply in some cases,
particularly when exposing fraud, and other illegal behavior. NSA
officials have repeatedly lied about the existence, and details, of
these programs to Congress.
Only after all of these legal issues have been resolved should any
prosecution of Snowden move forward. Because only then will we know
the full extent of what he did, and how much of it is justified.
I believe that history will hail Snowden as a hero -- his
whistleblowing exposed a surveillance state and a secrecy machine run
amok. I'm less optimistic of how the present day will treat him, and
hope that the debate right now is less about the man and more about
the government he exposed.
This essay was originally published on the "New York Times" Room for Debate blog
http://www.nytimes.com/roomfordebate/2013/06/11/in-nsa-leak-case-a-whistle-blower-or-a-criminal/before-prosecuting-snowden-investigate-the-government
or http://tinyurl.com/kxrardv
It's part of a series of essays on the topic.
http://www.nytimes.com/roomfordebate/2013/06/11/in-nsa-leak-case-a-whistle-blower-or-a-criminal
or http://tinyurl.com/lkhzedp
There's a big discussion of this on Reddit.
http://www.reddit.com/r/technology/comments/1g7497/bruce_schneier_prosecuting_snowden_i_believe_that/
or http://tinyurl.com/l3yfzw6
** *** ***** ******* *********** *************
Trading Privacy for Convenience
Ray Wang makes an important point about trust and our data:
This is the paradox. The companies contending to win our trust
to manage our digital identities all seem to have complementary
(or competing) business models that breach that trust by selling
our data.
...and by turning it over to the government.
The current surveillance state is a result of a government/corporate
partnership, and our willingness to give up privacy for convenience.
If the government demanded that we all carry tracking devices 24/7, we
would rebel. Yet we all carry cell phones. If the government
demanded that we deposit copies of all of our messages to each other
with the police, we'd declare their actions unconstitutional. Yet we
all use Gmail and Facebook messaging and SMS. If the government
demanded that we give them access to all the photographs we take, and
that we identify all of the people in them and tag them with
locations, we'd refuse. Yet we do exactly that on Flickr and other
sites.
Ray Ozzie is right when he said that we got what we asked for when we
told the government we were scared and that they should do whatever
they wanted to make us feel safer. But we also got what we asked for
when we traded our privacy for convenience, trusting these
corporations to look out for our best interests.
We're living in a world of feudal security. And if you watch "Game of
Thrones," you know that feudalism benefits the powerful -- at the
expense of the peasants.
Last night, I was on "All In" with Chris Hayes. One of the things we
talked about after the show was over is how technological solutions
only work around the margins. That's not a cause for despair. Think
about technological solutions to murder. Yes, they exist -- wearing a
bullet-proof vest, for example -- but they're not really viable. The
way we protect ourselves from murder is through laws. This is how
we're also going to protect our privacy.
Ray Wang's essay:
http://blogs.hbr.org/cs/2013/06/beware_trading_privacy_for_con.html
The internet is a surveillance state:
https://www.schneier.com/essay-418.html
The government/corporate surveillance partnership:
https://www.schneier.com/essay-423.html
Ray Ozzie's remarks:
http://www.boston.com/business/innovation/blogs/inside-the-hive/2013/06/07/ray-ozzie-nsa-spying-got-what-asked-for-now-time-wake/42AqxBSvgu0X3xXGIx7WFK/blog.html
or http://tinyurl.com/l3yfzw6
Me on Chris Hayes:
http://video.msnbc.msn.com/all-in-/52186804/#52186804
http://video.msnbc.msn.com/all-in-/52186831/#52186831
** *** ***** ******* *********** *************
More Links on the Snowden Documents
http://www.guardian.co.uk/world/2013/jun/06/us-tech-giants-nsa-data
http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html
or http://tinyurl.com/mm3ttqt
http://www.slate.com/blogs/the_slatest/2013/06/07/prism_explained_powerpoint_slides_glenn_greenwald_profiled_and_other_reccommended.html
or http://tinyurl.com/lvpx739
The whistleblower is Edward Snowden. I consider him an American hero.
http://www.guardian.co.uk/world/2013/jun/09/edward-snowden-nsa-whistleblower-surveillance
or http://tinyurl.com/pkm26ps
Someone needs to write an essay parsing all of the precisely worded
denials. Apple has never heard the word "PRISM," but could have known
of the program under a different name. Google maintained that there
is no government "back door," but left open the possibility that the
data could have been just handed over. Obama said that the government
isn't "listening to your telephone calls," ignoring 1) the metadata,
2) the fact that computers could be doing all of the listening, and 3)
that text-to-speech results in phone calls being read and not listened
to. And so on and on and on.
An NSA spying timeline:
https://www.eff.org/nsa-spying/timeline
Speculation about PRISM:
http://unhandled.com/2013/06/07/a-taxonomy-of-prism-possibilities/
http://earlywarn.blogspot.com/2013/06/brainstorming-few-hypotheses-about-prism.html
or http://tinyurl.com/qgeuuby
Defenses of NSA surveillance:
http://www.forbes.com/sites/timworstall/2013/06/07/nsas-prism-sounds-like-a-darn-good-idea-to-me-this-is-what-governments-are-for/
or http://tinyurl.com/lyrqs5k
https://www.nytimes.com/2013/06/07/opinion/making-a-mountain-out-of-a-digital-molehill.html
or http://tinyurl.com/kjqb7ve
http://whohastimeforthis.blogspot.com/2013/06/sensationalizing-cyber-surveillance.html
or http://tinyurl.com/keljyyk
More essays worth reading:
http://www.theatlantic.com/national/archive/2013/06/birth-of-the-surveillance-state/276650/
or http://tinyurl.com/lfvb32d
http://www.theatlantic.com/technology/archive/2013/06/security-state-creep-the-real-nsa-scandal-is-whats-legal/276625/
or http://tinyurl.com/lnlwde4
http://www.wired.com/threatlevel/2013/06/nsa-numbers/
http://www.salon.com/2013/06/07/dont_defend_the_dragnet/
http://www.theatlantic.com/politics/archive/2013/06/the-irrationality-of-giving-up-this-much-liberty-to-fight-terror/276695/
or http://tinyurl.com/lrk2jcr
http://www.slate.com/blogs/future_tense/2013/06/09/edward_snowden_why_did_the_nsa_whistleblower_have_access_to_prism_and_other.html
or http://tinyurl.com/l4pfgb4
http://kieranhealy.org/blog/archives/2013/06/09/using-metadata-to-find-paul-revere/
or http://tinyurl.com/l6qvege
http://blogs.fas.org/secrecy/2013/06/surveillance-legitimacy/
http://www.linkedin.com/today/post/article/20130610082630-2259773-president-obama-s-flawed-defense-of-surveillance-4-responses
or http://tinyurl.com/lfnbofj
NSA surveillance reimagined as children's books:
http://www.guardian.co.uk/media/gallery/2013/jun/09/nsa-kids-books-twitter-pictures#/?picture=410409133&index=0
or http://tinyurl.com/opt85ar
Claims that PRISM foiled a terrorist attack have been debunked:
http://www.buzzfeed.com/bensmith/public-documents-contradict-claim-email-spying-foiled-terror
or http://tinyurl.com/lyq7vse
A collection of headlines:
http://thelibertarianforum.com/topic/2327-the-nsa-and-the-surveilance-state-scandals/
or http://tinyurl.com/knxqj35
Interesting comments by someone who thinks Snowden is a well-intentioned fool.
http://www.schneier.com/blog/archives/2013/06/government_secr.html#c1497091
or http://tinyurl.com/ktje7kj
The *Economist* speculates on the political factors that would lead
Obama to allow this.
http://www.economist.com/blogs/democracyinamerica/2013/06/why-we-spy
or http://tinyurl.com/lcaxmvw
** *** ***** ******* *********** *************
Essays Related to NSA Spying Documents
Here's a quick list of some of my older writings that are related to
the current NSA spying documents:
The Internet Is a Surveillance State," 2013.
https://www.schneier.com/essay-418.html
The importance of government transparency and accountability, 2013.
https://www.schneier.com/essay-423.html
The dangers of a government/corporate eavesdropping partnership, 2013.
https://www.schneier.com/essay-425.html
Why Data Mining Won't Stop Terror, 2006.
https://www.schneier.com/essay-108.html
The Eternal Value of Privacy, 2006.
https://www.schneier.com/essay-114.html
The dangers of our "data shadow," 2008.
https://www.schneier.com/essay-219.html
The politics of security and fear, 2013.
https://www.schneier.com/essay-427.html
The death of ephemeral conversation, 2006.
https://www.schneier.com/essay-129.html
The dangers of NSA eavesdropping, 2008.
https://www.schneier.com/essay-100.html
** *** ***** ******* *********** *************
The Politics of Security in a Democracy
Terrorism causes fear, and we overreact to that fear. Our brains
aren't very good at probability and risk analysis. We tend to
exaggerate spectacular, strange and rare events, and downplay
ordinary, familiar and common ones. We think rare risks are more
common than they are, and we fear them more than probability indicates
we should.
Our leaders are just as prone to this overreaction as we are. But
aside from basic psychology, there are other reasons that it's smart
politics to exaggerate terrorist threats, and security threats in
general.
The first is that we respond to a strong leader. Bill Clinton famously
said: "When people feel uncertain, they'd rather have somebody that's
strong and wrong than somebody who's weak and right." He's right.
The second is that doing something -- anything -- is good politics. A
politician wants to be seen as taking charge, demanding answers,
fixing things. It just doesn't look as good to sit back and claim that
there's nothing to do. The logic is along the lines of: "Something
must be done. This is something. Therefore, we must do it."
The third is that the "fear preacher" wins, regardless of the outcome.
Imagine two politicians today. One of them preaches fear and draconian
security measures. The other is someone like me, who tells people that
terrorism is a negligible risk, that risk is part of life, and that
while some security is necessary, we should mostly just refuse to be
terrorized and get on with our lives.
Fast-forward 10 years. If I'm right and there have been no more
terrorist attacks, the fear preacher takes credit for keeping us safe.
But if a terrorist attack has occurred, my government career is over.
Even if the incidence of terrorism is as ridiculously low as it is
today, there's no benefit for a politician to take my side of that
gamble.
The fourth and final reason is money. Every new security technology,
from surveillance cameras to high-tech fusion centers to airport
full-body scanners, has a for-profit corporation lobbying for its
purchase and use. Given the three other reasons above, it's easy --
and probably profitable -- for a politician to make them happy and say
yes.
For any given politician, the implications of these four reasons are
straightforward. Overestimating the threat is better than
underestimating it. Doing something about the threat is better than
doing nothing. Doing something that is explicitly reactive is better
than being proactive. (If you're proactive and you're wrong, you've
wasted money. If you're proactive and you're right but no longer in
power, whoever is in power is going to get the credit for what you
did.) Visible is better than invisible. Creating something new is
better than fixing something old.
Those last two maxims are why it's better for a politician to fund a
terrorist fusion center than to pay for more Arabic translators for
the National Security Agency. No one's going to see the additional
appropriation in the NSA's secret budget. On the other hand, a
high-tech computerized fusion center is going to make front page news,
even if it doesn't actually do anything useful.
This leads to another phenomenon about security and government. Once a
security system is in place, it can be very hard to dislodge it.
Imagine a politician who objects to some aspect of airport security:
the liquid ban, the shoe removal, something. If he pushes to relax
security, he gets the blame if something bad happens as a result. No
one wants to roll back a police power and have the lack of that power
cause a well-publicized death, even if it's a one-in-a-billion fluke.
We're seeing this force at work in the bloated terrorist no-fly and
watch lists; agents have lots of incentive to put someone on the list,
but absolutely no incentive to take anyone off. We're also seeing this
in the Transportation Security Administration's attempt to reverse the
ban on small blades on airplanes. Twice it tried to make the change,
and twice fearful politicians prevented it from going through with it.
Lots of unneeded and ineffective security measures are perpetrated by
a government bureaucracy that is primarily concerned about the
security of its members' careers. They know the voters are more likely
to punish them more if they fail to secure against a repetition of the
last attack, and less if they fail to anticipate the next one.
What can we do? Well, the first step toward solving a problem is
recognizing that you have one. These are not iron-clad rules; they're
tendencies. If we can keep these tendencies and their causes in mind,
we're more likely to end up with sensible security measures that are
commensurate with the threat, instead of a lot of security theater and
draconian police powers that are not.
Our leaders' job is to resist these tendencies. Our job is to support
politicians who do resist.
This essay originally appeared on CNN.com.
http://www.cnn.com/2013/05/20/opinion/schneier-security-politics/index.html
or http://tinyurl.com/njp48xh
This essay has been translated into Swedish.
http://opassande.se/2013/06/04/sakerhetspolitiken-i-en-demokrati/
Preaching fear:
http://www.dailykos.com/story/2013/05/06/1207262/-David-Gregory-is-haunted-by-a-New-Age-of-Terror-that-exists-in-his-imagination
or http://tinyurl.com/nc5tryv
My essay on how to fight terrorism:
http://www.schneier.com/essay-292.html
Fusion Centers:
http://www.wired.com/dangerroom/2012/10/fusion-centers
TSA prohibited from allowing small knives:
http://www.latimes.com/business/money/la-fi-mo-tsa-to-delay-allowing-small-knives-on-planes-20130422,0,3679780.story
or http://tinyurl.com/ckql2r3
Another essay along similar lines:
http://www.economist.com/blogs/democracyinamerica/2013/06/surveillance-0
or http://tinyurl.com/q7xhay3
** *** ***** ******* *********** *************
News
All of the anti-counterfeiting features of the new Canadian $100 bill
are resulting in people not bothering to verify them.
http://www.globalpost.com/dispatch/news/the-canadian-press/130516/mounties-say-crooks-passing-fake-polymer-bank-notes-british-
or http://tinyurl.com/ldn8y8m
For a while now, I have been thinking about what civil disobedience
looks like in the Internet Age. DDOS attacks, and politically
motivated hacking in general, are certainly a part of that. This is
one of the reasons I found Molly Sauter's recent thesis, "Distributed
Denial of Service Actions and the Challenge of Civil Disobedience on
the Internet," so interesting.
http://www.scribd.com/doc/141893154/DISTRIBUTED-DENIAL-OF-SERVICE-ACTIONS-AND-THE-CHALLENGE-OF-CIVIL-DISOBEDIENCE-ON-THE-INTERNET
or http://tinyurl.com/pq6djfo
One of the problems with the legal system is that it doesn't make any
differentiation between civil disobedience and "normal" criminal
activity on the Internet, though it does in the real world.
This 127-page report on "The Global Cyber Game" was just published by
the UK Defence Academy. I have not read it yet, but it looks really
interesting.
http://www.da.mod.uk/publications/library/technology/20130508-Cyber_report_final_U.pdf/view
or http://tinyurl.com/pkuoga3
This blog post by Aleatha Parker-Wood, on the one-shot vs. the
iterated Prisoner's Dilemma, is very applicable to the things I wrote
in "Liars & Outliers":
https://plus.google.com/107475727645912993113/posts/3BVKXUhqSrV
Interesting report from the Pew Internet and American Life Project on
teens, social media, and privacy:
http://www.schneier.com/blog/archives/2013/05/new_report_on_t_1.html
The research by G. Gigučre and B.C. Love, "Limits in decision making
arise from limits in memory retrieval," in "Proceedings of the
National Academy of Sciences," v. 110 no. 19 (2013) has applications
in training airport baggage screeners.
http://www.pnas.org/content/110/19/7613.short?rss=1
Nassim Nicholas Taleb on risk perception:
https://www.facebook.com/permalink.php?story_fbid=10151501872108375&id=13012333374
or http://tinyurl.com/p5m4eag
This article wonders if we are finally thinking sensibly about terrorism.
http://nationalinterest.org/commentary/finally-talking-terror-sensibly-8511
or http://tinyurl.com/naq48px
There are also these:
http://www.theatlanticwire.com/national/2013/04/refusing-be-terrorized-time-terror/64265/
or http://tinyurl.com/pupye9o
http://dish.andrewsullivan.com/2013/04/16/terrorism-is-rare/
http://www.balloon-juice.com/2013/04/15/something-else-to-talk-about/
or http://tinyurl.com/c3yk4hm
http://fivethirtyeight.blogs.nytimes.com/2013/04/23/polls-show-growing-resolve-to-live-with-terror-threat/
or http://tinyurl.com/d7fzdtg
http://www.debate.org/opinions/is-it-justifiable-to-violate-certain-civil-liberties-in-the-name-of-national-security
or http://tinyurl.com/dxc4csq
President Obama used my "refuse to be terrorized" line:
http://www.politico.com/politico44/2013/04/obama-takeaway-from-the-week-americans-refuse-to-be-162163.html
or http://tinyurl.com/cchxy23
This bit on why we lie, by Judge Kozinski, is from a federal court
ruling about false statements and First Amendment protection:
http://www.schneier.com/blog/archives/2013/05/why_we_lie.html
Interesting article on a greatly increased aspect of surveillance:
"the ordinary citizen who by chance finds himself in a position to
record events of great public import, and to share the results with
the rest of us."
http://www.newyorker.com/online/blogs/elements/2013/05/mother-jones-video-rise-of-little-brother.html
or http://tinyurl.com/ovrzhsf
New paper by Daniel Solove: "Privacy Self-Management and the Consent Dilemma":
http://ssrn.com/abstract=2171018
Someday I need to write an essay on the security risks of secret
algorithms that become part of our infrastructure. This paper gives
one example of that. Could Google tip an election by manipulating
what comes up from search results on the candidates?
http://www.schneier.com/blog/archives/2013/06/the_security_ri_3.html
Eugene Spafford answers questions on CNN.com.
http://globalpublicsquare.blogs.cnn.com/2013/05/23/cyber-security-expert-answers-readers-questions/
or http://tinyurl.com/p9h8sds
Interesting speculative article on tagging and location technologies.
http://www.wired.com/dangerroom/2009/06/inside-the-militarys-secret-terror-tagging-tech/
or http://tinyurl.com/qgao2u
Ignore the sensationalist headline. This article is a good summary of
the need for trust in IT, and provides some ideas for how to enable
more of it.
http://www.theregister.co.uk/2013/06/03/trust_nobody_with_your_personal_data_ever/
or http://tinyurl.com/lw97ezr
The psychology of conspiracy theories.
https://www.nytimes.com/2013/05/26/magazine/why-rational-people-buy-into-conspiracy-theories.html
or http://tinyurl.com/ozhlb23
Ricin as a terrorist tool:
http://www.schneier.com/blog/archives/2013/05/ricin_as_a_terr.html
** *** ***** ******* *********** *************
More on Feudal Security
Facebook regularly abuses the privacy of its users. Google has stopped
supporting its popular RSS feeder. Apple prohibits all iPhone apps
that are political or sexual. Microsoft might be cooperating with some
governments to spy on Skype calls, but we don't know which ones. Both
Twitter and LinkedIn have recently suffered security breaches that
affected the data of hundreds of thousands of their users.
If you've started to think of yourself as a hapless peasant in a "Game
of Thrones" power struggle, you're more right than you may realize.
These are not traditional companies, and we are not traditional
customers. These are feudal lords, and we are their vassals, peasants,
and serfs.
Power has shifted in IT, in favor of both cloud-service providers and
closed-platform vendors. This power shift affects many things, and it
profoundly affects security.
Traditionally, computer security was the user's responsibility. Users
purchased their own antivirus software and firewalls, and any breaches
were blamed on their inattentiveness. It's kind of a crazy business
model. Normally we expect the products and services we buy to be safe
and secure, but in IT we tolerated lousy products and supported an
enormous aftermarket for security.
Now that the IT industry has matured, we expect more security "out of
the box." This has become possible largely because of two technology
trends: cloud computing and vendor-controlled platforms. The first
means that most of our data resides on other networks: Google Docs,
Salesforce.com, Facebook, Gmail. The second means that our new
Internet devices are both closed and controlled by the vendors, giving
us limited configuration control: iPhones, ChromeBooks, Kindles,
BlackBerry PDAs. Meanwhile, our relationship with IT has changed. We
used to use our computers to do things. We now use our
vendor-controlled computing devices to go places. All of these places
are owned by someone.
The new security model is that someone else takes care of it --
without telling us any of the details. I have no control over the
security of my Gmail or my photos on Flickr. I can't demand greater
security for my presentations on Prezi or my task list on Trello, no
matter how confidential they are. I can't audit any of these cloud
services. I can't delete cookies on my iPad or ensure that files are
securely erased. Updates on my Kindle happen automatically, without my
knowledge or consent. I have so little visibility into the security of
Facebook that I have no idea what operating system they're using.
There are a lot of good reasons why we're all flocking to these cloud
services and vendor-controlled platforms. The benefits are enormous,
from cost to convenience to reliability to security itself. But it is
inherently a feudal relationship. We cede control of our data and
computing platforms to these companies and trust that they will treat
us well and protect us from harm. And if we pledge complete allegiance
to them -- if we let them control our email and calendar and address
book and photos and everything -- we get even more benefits. We become
their vassals; or, on a bad day, their serfs.
There are a lot of feudal lords out there. Google and Apple are the
obvious ones, but Microsoft is trying to control both user data and
the end-user platform as well. Facebook is another lord, controlling
much of the socializing we do on the Internet. Other feudal lords are
smaller and more specialized -- Amazon, Yahoo, Verizon, and so on --
but the model is the same.
To be sure, feudal security has its advantages. These companies are
much better at security than the average user. Automatic backup has
saved a lot of data after hardware failures, user mistakes, and
malware infections. Automatic updates have increased security
dramatically. This is also true for small organizations; they are more
secure than they would be if they tried to do it themselves. For large
corporations with dedicated IT security departments, the benefits are
less clear. Sure, even large companies outsource critical functions
like tax preparation and cleaning services, but large companies have
specific requirements for security, data retention, audit, and so on
-- and that's just not possible with most of these feudal lords.
Feudal security also has its risks. Vendors can, and do, make security
mistakes affecting hundreds of thousands of people. Vendors can lock
people into relationships, making it hard for them to take their data
and leave. Vendors can act arbitrarily, against our interests;
Facebook regularly does this when it changes peoples' defaults,
implements new features, or modifies its privacy policy. Many vendors
give our data to the government without notice, consent, or a warrant;
almost all sell it for profit. This isn't surprising, really;
companies should be expected to act in their own self-interest and not
in their users' best interest.
The feudal relationship is inherently based on power. In Medieval
Europe, people would pledge their allegiance to a feudal lord in
exchange for that lord's protection. This arrangement changed as the
lords realized that they had all the power and could do whatever they
wanted. Vassals were used and abused; peasants were tied to their land
and became serfs.
It's the Internet lords' popularity and ubiquity that enable them to
profit; laws and government relationships make it easier for them to
hold onto power. These lords are vying with each other for profits and
power. By spending time on their sites and giving them our personal
information -- whether through search queries, e-mails, status
updates, likes, or simply our behavioral characteristics -- we are
providing the raw material for that struggle. In this way we are like
serfs, toiling the land for our feudal lords. If you don't believe me,
try to take your data with you when you leave Facebook. And when war
breaks out among the giants, we become collateral damage.
So how do we survive? Increasingly, we have little alternative but to
trust *someone*, so we need to decide who we trust -- and who we don't
-- and then act accordingly. This isn't easy; our feudal lords go out
of their way not to be transparent about their actions, their
security, or much of anything. Use whatever power you have --- as
individuals, none; as large corporations, more -- to negotiate with
your lords. And, finally, don't be extreme in any way: politically,
socially, culturally. Yes, you can be shut down without recourse, but
it's usually those on the edges that are affected. Not much solace, I
agree, but it's something.
On the policy side, we have an action plan. In the short term, we need
to keep circumvention -- the ability to modify our hardware, software,
and data files -- legal and preserve net neutrality. Both of these
things limit how much the lords can take advantage of us, and they
increase the possibility that the market will force them to be more
benevolent. The last thing we want is the government -- that's us --
spending resources to enforce one particular business model over
another and stifling competition.
In the longer term, we all need to work to reduce the power imbalance.
Medieval feudalism evolved into a more balanced relationship in which
lords had responsibilities as well as rights. Today's Internet
feudalism is both ad hoc and one-sided. We have no choice but to trust
the lords, but we receive very few assurances in return. The lords
have a lot of rights, but few responsibilities or limits. We need to
balance this relationship, and government intervention is the only way
we're going to get it. In medieval Europe, the rise of the centralized
state and the rule of law provided the stability that feudalism
lacked. The Magna Carta first forced responsibilities on governments
and put humans on the long road toward government by the people and
for the people.
We need a similar process to rein in our Internet lords, and it's not
something that market forces are likely to provide. The very
definition of power is changing, and the issues are far bigger than
the Internet and our relationships with our IT providers.
This essay originally appeared on the "Harvard Business Review" website.
http://blogs.hbr.org/cs/2013/06/you_have_no_control_over_s.html
It is an update of this earlier essay on the same topic.
https://www.schneier.com/essay-406.html
"Feudal security" is a metaphor I have been using a lot recently; I
wrote this essay without rereading my previous essay.
There is another way the feudal metaphor applies to the Internet.
There is no commons; every part of the Internet is owned by someone.
This article explores that aspect of the metaphor.
http://newamerica.net/publications/articles/2011/digital_feudalism_enclosures_and_erasures_from_digital_rights_management_
http://tinyurl.com/k9lwexw
Power and security:
https://www.schneier.com/essay-409.html
The need for trust:
https://www.schneier.com/essay-412.html
The Internet giants reimagined as "Game of Thrones" players:
http://blog.hootsuite.com/wp-content/uploads/2013/05/GoT-social-infographic-final1.jpg
or http://blog.hootsuite.com/wp-content/uploads/2013/05/GoT-social-infographic-final1.jpg
** *** ***** ******* *********** *************
Surveillance and the Internet of Things
The Internet has turned into a massive surveillance tool. We're
constantly monitored on the Internet by hundreds of companies -- both
familiar and unfamiliar. Everything we do there is recorded,
collected, and collated -- sometimes by corporations wanting to sell
us stuff and sometimes by governments wanting to keep an eye on us.
Ephemeral conversation is over. Wholesale surveillance is the norm.
Maintaining privacy from these powerful entities is basically
impossible, and any illusion of privacy we maintain is based either on
ignorance or on our unwillingness to accept what's really going on.
It's about to get worse, though. Companies such as Google may know
more about your personal interests than your spouse, but so far it's
been limited by the fact that these companies only see computer data.
And even though your computer habits are increasingly being linked to
your offline behavior, it's still only behavior that involves
computers.
The Internet of Things refers to a world where much more than our
computers and cell phones is Internet-enabled. Soon there will be
Internet-connected modules on our cars and home appliances.
Internet-enabled medical devices will collect real-time health data
about us. There'll be Internet-connected tags on our clothing. In its
extreme, *everything* can be connected to the Internet. It's really
just a matter of time, as these self-powered wireless-enabled
computers become smaller and cheaper.
Lots has been written about the "Internet of Things" and how it will
change society for the better. It's true that it will make a lot of
wonderful things possible, but the "Internet of Things" will also
allow for an even greater amount of surveillance than there is today.
The Internet of Things gives the governments and corporations that
follow our every move something they don't yet have: eyes and ears.
Soon everything we do, both online and offline, will be recorded and
stored forever. The only question remaining is who will have access to
all of this information, and under what rules.
We're seeing an initial glimmer of this from how location sensors on
your mobile phone are being used to track you. Of course your cell
provider needs to know where you are; it can't route your phone calls
to your phone otherwise. But most of us broadcast our location
information to many other companies whose apps we've installed on our
phone. Google Maps certainly, but also a surprising number of app
vendors who collect that information. It can be used to determine
where you live, where you work, and who you spend time with.
Another early adopter was Nike, whose Nike+ shoes communicate with
your iPod or iPhone and track your exercising. More generally, medical
devices are starting to be Internet-enabled, collecting and reporting
a variety of health data. Wiring appliances to the Internet is one of
the pillars of the smart electric grid. Yes, there are huge potential
savings associated with the smart grid, but it will also allow power
companies - and anyone they decide to sell the data to -- to monitor
how people move about their house and how they spend their time.
Drones are another "thing" moving onto the Internet. As their price
continues to drop and their capabilities increase, they will become a
very powerful surveillance tool. Their cameras are powerful enough to
see faces clearly, and there are enough tagged photographs on the
Internet to identify many of us. We're not yet up to a real-time
Google Earth equivalent, but it's not more than a few years away. And
drones are just a specific application of CCTV cameras, which have
been monitoring us for years, and will increasingly be networked.
Google's Internet-enabled glasses -- Google Glass -- are another major
step down this path of surveillance. Their ability to record both
audio and video will bring ubiquitous surveillance to the next level.
Once they're common, you might never know when you're being recorded
in both audio and video. You might as well assume that everything you
do and say will be recorded and saved forever.
In the near term, at least, the sheer volume of data will limit the
sorts of conclusions that can be drawn. The invasiveness of these
technologies depends on asking the right questions. For example, if a
private investigator is watching you in the physical world, she or he
might observe odd behavior and investigate further based on that. Such
serendipitous observations are harder to achieve when you're filtering
databases based on pre-programmed queries. In other words, it's easier
to ask questions about what you purchased and where you were than to
ask what you did with your purchases and why you went where you did.
These analytical limitations also mean that companies like Google and
Facebook will benefit more from the Internet of Things than
individuals -- not only because they have access to more data, but
also because they have more sophisticated query technology. And as
technology continues to improve, the ability to automatically analyze
this massive data stream will improve.
In the longer term, the Internet of Things means ubiquitous
surveillance. If an object "knows" you have purchased it, and
communicates via either Wi-Fi or the mobile network, then whoever or
whatever it is communicating with will know where you are. Your car
will know who is in it, who is driving, and what traffic laws that
driver is following or ignoring. No need to show ID; your identity
will already be known. Store clerks could know your name, address, and
income level as soon as you walk through the door. Billboards will
tailor ads to you, and record how you respond to them. Fast food
restaurants will know what you usually order, and exactly how to
entice you to order more. Lots of companies will know whom you spend
your days -- and nights -- with. Facebook will know about any new
relationship status before you bother to change it on your profile.
And all of this information will all be saved, correlated, and
studied. Even now, it feels a lot like science fiction.
Will *you* know any of this? Will your friends? It depends. Lots of
these devices have, and will have, privacy settings. But these
settings are remarkable not in how much privacy they afford, but in
how much they deny. Access will likely be similar to your browsing
habits, your files stored on Dropbox, your searches on Google, and
your text messages from your phone. All of your data is saved by those
companies -- and many others -- correlated, and then bought and sold
without your knowledge or consent. You'd think that your privacy
settings would keep random strangers from learning everything about
you, but it only keeps random strangers who *don't pay for the
privilege* -- or don't work for the government and have the ability to
demand the data. Power is what matters here: you'll be able to keep
the powerless from invading your privacy, but you'll have no ability
to prevent the powerful from doing it again and again.
This essay originally appeared in the "Guardian."
http://www.guardian.co.uk/technology/2013/may/16/internet-of-things-privacy-google
or http://tinyurl.com/kzqxg3d
The Internet as a massive surveillance tool:
http://www.schneier.com/essay-418.html
The death of ephemeral conversation:
http://www.schneier.com/essay-247.html
The rise of wholesale surveillance:
http://www.schneier.com/essay-109.html
Linking online and offline behavior:
http://adage.com/article/digital/facebook-partner-acxiom-epsilon-match-store-purchases-user-profiles/239967
or http://tinyurl.com/dx7679t
The Internet of things:
http://en.wikipedia.org/wiki/Internet_of_Things
http://www.networkcultures.org/_uploads/notebook2_theinternetofthings.pdf
or http://tinyurl.com/4dmfnc
http://www.mckinseyquarterly.com/The_Internet_of_Things_2538
http://www.theinternetofthings.eu/
http://mashable.com/category/internet-of-things/
http://www.grifs-project.eu/data/File/Casagras_Final%20Report.pdf
http://www.whiteboardmag.com/4-ways-the-internet-of-things-will-radically-change-your-life/
or http://tinyurl.com/mrdeavb
http://www.alexandra.dk/uk/services/Publications/Documents/IoT_Comic_Book.pdf
or http://tinyurl.com/88hgaja
http://www.guardian.co.uk/local-government-network/2011/aug/18/internet-of-things-local-government
or http://tinyurl.com/3fzctmq
Surveillance under the Internet of things:
http://siliconangle.com/blog/2013/01/10/big-brothers-big-data-why-we-must-fear-the-internet-of-things/
or http://tinyurl.com/l5kab2r
http://www.bigbrotherwatch.org.uk/internet-of-things
Giving the Internet eyes and ears:
http://www.wired.com/opinion/2012/12/20-12-st_thompson/
Location privacy:
https://www.eff.org/issues/location-privacy
Medical devices:
https://spqr.eecs.umich.edu/papers/b1kohFINAL2.pdf
Smart electric grid:
http://epic.org/privacy/smartgrid/smartgrid.html
Drones:
http://epic.org/privacy/drones/
Google Glass:
http://www.guardian.co.uk/technology/google-glass
http://creativegood.com/blog/the-google-glass-feature-no-one-is-talking-about/
or http://tinyurl.com/capaz5b
David Brin on the transparent society:
http://www.davidbrin.com/transparentsociety.html
Science fiction story about this particular dystopia:
http://www.lightspeedmagazine.com/fiction/the-perfect-match/
Power and security:
http://www.schneier.com/essay-409.html
Another article on the subject:
http://www.wired.com/gadgetlab/2013/05/internet-of-things/
** *** ***** ******* *********** *************
The Problems with CALEA-II
The FBI wants a new law that will make it easier to wiretap the
Internet. Although its claim is that the new law will only maintain
the status quo, it's really much worse than that. This law will result
in less-secure Internet products and create a foreign industry in
more-secure alternatives. It will impose costly burdens on affected
companies. It will assist totalitarian governments in spying on their
own citizens. And it won't do much to hinder actual criminals and
terrorists.
As the FBI sees it, the problem is that people are moving away from
traditional communication systems like telephones onto computer
systems like Skype. Eavesdropping on telephones used to be easy. The
FBI would call the phone company, which would bring agents into a
switching room and allow them to literally tap the wires with a pair
of alligator clips and a tape recorder. In the 1990s, the government
forced phone companies to provide an analogous capability on digital
switches; but today, more and more communications happens over the
Internet.
What the FBI wants is the ability to eavesdrop on *everything*f.
Depending on the system, this ranges from easy to impossible. E-mail
systems like Gmail are easy. The mail resides in Google's servers, and
the company has an office full of people who respond to requests for
lawful access to individual accounts from governments all over the
world. Encrypted voice systems like Silent Circle are impossible to
eavesdrop on -- the calls are encrypted from one computer to the
other, and there's no central node to eavesdrop from. In those cases,
the only way to make the system eavesdroppable is to add a backdoor to
the user software. This is precisely the FBI's proposal. Companies
that refuse to comply would be fined $25,000 a day.
The FBI believes it can have it both ways: that it can open systems to
its eavesdropping, but keep them secure from anyone else's
eavesdropping. That's just not possible. It's impossible to build a
communications system that allows the FBI surreptitious access but
doesn't allow similar access by others. When it comes to security, we
have two options: We can build our systems to be as secure as possible
from eavesdropping, or we can deliberately weaken their security. We
have to choose one or the other.
This is an old debate, and one we've been through many times. The NSA
even has a name for it: the equities issue. In the 1980s, the equities
debate was about export control of cryptography. The government
deliberately weakened U.S. cryptography products because it didn't
want foreign groups to have access to secure systems. Two things
resulted: fewer Internet products with cryptography, to the insecurity
of everybody, and a vibrant foreign security industry based on the
unofficial slogan "Don't buy the U.S. stuff -- it's lousy."
In 1993, the debate was about the Clipper Chip. This was another
deliberately weakened security product, an encrypted telephone. The
FBI convinced AT&T to add a backdoor that allowed for surreptitious
wiretapping. The product was a complete failure. Again, why would
anyone buy a deliberately weakened security system?
In 1994, the Communications Assistance for Law Enforcement Act
mandated that U.S. companies build eavesdropping capabilities into
phone switches. These were sold internationally; some countries liked
having the ability to spy on their citizens. Of course, so did
criminals, and there were public scandals in Greece (2005) and Italy
(2006) as a result.
In 2012, we learned that every phone switch sold to the Department of
Defense had security vulnerabilities in its surveillance system. And
just this May, we learned that Chinese hackers breached Google's
system for providing surveillance data for the FBI.
The new FBI proposal will fail in all these ways and more. The bad
guys will be able to get around the eavesdropping capability, either
by building their own security systems -- not very difficult -- or
buying the more-secure foreign products that will inevitably be made
available. Most of the good guys, who don't understand the risks or
the technology, will not know enough to bother and will be less
secure. The eavesdropping functions will 1) result in more obscure --
and less secure -- product designs, and 2) be vulnerable to
exploitation by criminals, spies, and everyone else. U.S. companies
will be forced to compete at a disadvantage; smart customers won't buy
the substandard stuff when there are more-secure foreign alternatives.
Even worse, there are lots of foreign governments who want to use
these sorts of systems to spy on their own citizens. Do we really want
to be exporting surveillance technology to the likes of China, Syria,
and Saudi Arabia?
The FBI's short-sighted agenda also works against the parts of the
government that are still working to secure the Internet for everyone.
Initiatives within the NSA, the DOD, and DHS to do everything from
securing computer operating systems to enabling anonymous web browsing
will all be harmed by this.
What to do, then? The FBI claims that the Internet is "going dark,"
and that it's simply trying to maintain the status quo of being able
to eavesdrop. This characterization is disingenuous at best. We are
entering a golden age of surveillance; there's more electronic
communications available for eavesdropping than ever before, including
whole new classes of information: location tracking, financial
tracking, and vast databases of historical communications such as
e-mails and text messages. The FBI's surveillance department has it
better than ever. With regard to voice communications, yes, software
phone calls will be harder to eavesdrop upon. (Although there are
questions about Skype's security.) That's just part of the evolution
of technology, and one that on balance is a positive thing.
Think of it this way: We don't hand the government copies of our house
keys and safe combinations. If agents want access, they get a warrant
and then pick the locks or bust open the doors, just as a criminal
would do. A similar system would work on computers. The FBI, with its
increasingly non-transparent procedures and systems, has failed to
make the case that this isn't good enough.
Finally there's a general principle at work that's worth explicitly
stating. All tools can be used by the good guys and the bad guys. Cars
have enormous societal value, even though bank robbers can use them as
getaway cars. Cash is no different. Both good guys and bad guys send
e-mails, use Skype, and eat at all-night restaurants. But because
society consists overwhelmingly of good guys, the good uses of these
dual-use technologies greatly outweigh the bad uses. Strong Internet
security makes us all safer, even though it helps the bad guys as
well. And it makes no sense to harm all of us in an attempt to harm a
small subset of us.
This essay originally appeared in "Foreign Policy".
http://www.foreignpolicy.com/articles/2013/05/29/the_fbi_s_new_wiretapping_plan_is_great_news_for_criminals
or http://tinyurl.com/pmpztva
The FBI's proposal:
http://www.slate.com/blogs/future_tense/2013/03/26/andrew_weissmann_fbi_wants_real_time_gmail_dropbox_spying_power.html
or http://tinyurl.com/d8btqkc
http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html
or http://tinyurl.com/cfc6r9e
http://www.newyorker.com/online/blogs/elements/2013/05/wiretapping-the-web.html
or http://tinyurl.com/kf62o2r
The equities issue:
https://www.schneier.com/essay-216.html
CALEA:
http://www.gpo.gov/fdsys/pkg/PLAW-112publ283/html/PLAW-112publ283.htm
or http://tinyurl.com/m825t5p
What happened in Greece:
http://spectrum.ieee.org/telecom/security/the-athens-affair
What happened in Italy:
http://en.wikipedia.org/wiki/SISMI-Telecom_scandal
Vulnerabilities in the US:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2028152
The Chinese hacking Google:
http://www.washingtonpost.com/world/national-security/chinese-hackers-who-breached-google-gained-access-to-sensitive-data-us-officials-say/2013/05/20/51330428-be34-11e2-89c9-3be8095fe767_story.html
or http://tinyurl.com/nmywmk8
Other essays on this:
https://www.cdt.org/blogs/joseph-lorenzo-hall/1705leading-security-experts-say-fbi-wiretapping-proposal-would-undermine
or http://tinyurl.com/ksg9wj4
https://freedom-to-tinker.com/blog/felten/calea-ii-risks-of-wiretap-modifications-to-endpoints/
or http://tinyurl.com/clmv5kg
http://www.lawfareblog.com/2013/05/susan-landau-on-obama-administrations-new-wiretapping-proposal/
or http://tinyurl.com/nxxfuvt
http://blog.rubbingalcoholic.com/post/50892166507/fbi-regulation-bans-cryptography
or http://tinyurl.com/l3s5jyj
http://www.wired.com/opinion/2013/05/the-fbis-plan-for-a-wiretap-ready-internet-is-misdirected-shortsighted-and-ridiculous/
or http://tinyurl.com/chkexxw
https://www.eff.org/deeplinks/2013/05/caleatwo
http://www.latimes.com/news/opinion/editorials/la-ed-wiretap-fbi-calea-expansion-20130522,0,4866736.story
or http://tinyurl.com/nwngjfw
How the government is helping secure the Internet.
http://www.schneier.com/blog/archives/2007/01/nsa_helps_micro_1.html
http://www.nsa.gov/research/selinux/
http://www.nsa.gov/ia/programs/suiteb_cryptography/
https://www.torproject.org/about/sponsors.html.en
http://www.darpa.mil/Our_Work/I2O/Programs/SAFER_Warfighter_Communications_%28SAFER%29.aspx
or http://tinyurl.com/ltfeuyz
http://www.eweek.com/c/a/Security/DHS-Funds-OpenSource-Security-Project/
or http://tinyurl.com/3ggg5g
The "golden age of surveillance":
https://www.cdt.org/blogs/2811going-dark-versus-golden-age-surveillance
or http://tinyurl.com/6on7m7r
Surveillance on the Internet:
http://www.schneier.com/essay-418.html
Questions about Skype security:
http://www.schneier.com/blog/archives/2013/01/who_does_skype.html
http://www.h-online.com/security/features/Skype-s-ominous-link-checking-Facts-and-speculation-1865629.html
or http://tinyurl.com/ngl97e6
http://arstechnica.com/security/2013/05/think-your-skype-messages-get-end-to-end-encryption-think-again/
or http://tinyurl.com/pb2lrzo
Forcing the FBI to use vulnerabilities to eavesdrop on people:
https://www.cs.columbia.edu/~smb/papers/GoingBright.pdf
http://en.wikipedia.org/wiki/Computer_and_Internet_Protocol_Address_Verifier
or http://tinyurl.com/c7qnu2
The need for transparency:
http://www.schneier.com/essay-425.html
** *** ***** ******* *********** *************
Schneier News
I'm speaking at Cornerstones of Trust 2013, in Foster City, CA, on June 18.
http://www.cornerstonesoftrust.com/
I'm speaking at USI 2013, in Paris on June 25.
http://www.usievents.com/?locale=en
In this podcast interview, I talk about security, power, and the
various things I have been thinking about recently.
http://thecommandline.net/2013/06/03/schneier_power/
In the episode of "Elementary" that aired on May 9, about eight or
nine minutes in, there's a scene with a copy of "Applied Cryptography"
prominently displayed on the coffee table. This isn't the first time
that my books have appeared on that TV show.
http://www.schneier.com/blog/archives/2013/05/applied_cryptog.html
** *** ***** ******* *********** *************
Sixth Annual Movie-Plot Threat Semifinalists
On April 1 on my blog, I announced the Sixth Annual Movie Plot Threat Contest:
I want a cyberwar movie-plot threat. (For those who don't know,
a movie-plot threat is a scare story that would make a great
movie plot, but is much too specific to build security policy
around.) Not the Chinese attacking our power grid or shutting
off 911 emergency services -- people are already scaring our
legislators with that sort of stuff. I want something good,
something no one has thought of before.
Submissions are in, and -- apologies that this is a month late, but I
completely forgot about it -- here are the semifinalists.
1. Crashing satellites, by Chris Battey.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1254320
2. Attacking Dutch dams, by Russell Thomas.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1254733
3. Attacking a drug dispensing system, by Dave.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1262123
4. Attacking cars through their diagnostic ports, by RSaunders.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1271436
5. Embedded kill switches in chips, by Shogun.
https://www.schneier.com/blog/archives/2013/04/sixth_movie-plo.html#c1292422
--
Important: This email message and/or attached files may contain
confidential and/or legally privileged information. If you are not the
intended recipient, any reproduction, publication, communication,
re-transmission, disclosure, dissemination or use of the information
in this email is prohibited. If you have received this message in
error, please notify the sender immediately and delete the original
together with any attachments. It is your responsibility to check any
attachments for viruses before opening or re-transmitting them and the
sender shall not be held liable for any possible subsequent loss or
damage.
Reply all
Reply to author
Forward
0 new messages