Take Back the Internet

Government and industry have betrayed the Internet, and us.

By subverting the Internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our Internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical Internet stewards.

This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can -- and should -- do.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don't cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the Internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the Internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems -- these will be harder for the NSA to subvert.

The Internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver. This group needs to dedicate its next meeting to this task. This is an emergency, and demands an emergency response.

Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the Internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.

Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's Internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country.

Generations from now, when people look back on these early decades of the Internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose.

Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.

Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.

To the engineers, I say this: we built the Internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.

This essay previously appeared in the Guardian.

EDITED TO ADD: Slashdot thread. An opposing view to my call to action. And I agree with this, even though the author presents this as an opposing view to mine.

EDITED TO ADD: This essay has been translated into German.

Posted on September 15, 2013 at 11:53 AM • 64 Comments

Comments

DavidSeptember 15, 2013 1:21 PM

I like your blog, but I disagree with one statement in this post: "This is not the Internet the world needs, or the Internet its creators envisioned. We need to take it back."

DARPA, rather than Al Gore or the HTML and Gopher guys, invented the internet. They've owned it all along. Take it back from whom?

CuriousSeptember 15, 2013 1:56 PM

The following might have been mentioned already by someone at some point (can't tell, sry, I spend too much time on other stuff to digest all I see off blogs and articles). I had to guard my laundry today and brought a book, incidentally I read about the following:

According to the authors of 'Privacy on the line' (Diffie & Landau, 2nd ed paperback) on page 236, it is mentioned how there was a concern about peoples privacy and IN THAT acknowledging that despite nobody being subject to having their privacy compromised in having their encrypted comms actually unlocked, in context of what was called "The clipper controversy", many years ago.

Just a few years ago, I didn't give a damn about internet security or privacy to be honest and I would probably not cared for considering that anyones privacy even could be at stake if authorities simply went about their business. So these days, having aquired the taste of being much less forgiving so to speak, and so the point I wanted to make here was: that I thought it was refreshing to read about how people supposedly gave a damn years ago.

Just a day ago, in one my country's bigger newspaper, there was an article by their people having an opinion piece, outright dismissing people making a comparison between NSA to some former known surveillance regime; and even though that text was critical of all the news coming off the Snowden event and such, I thought the explicit "people-becoming-dumbfounded-by-making-comparisons" point of the author was ultimately meaningless. As if making comparisons couldn't make sense by the merit of simply providing an argument along with making a comparion.

I would like to take the opportunity to just mention that the same paper had another comment piece from some other guy prior to this online (some director), and to my surprise that article was apparently visible for less than 24 hours and then I could only find it via a direct url after that, not showing up in the online papers search feature from what I could see. That same paper closed down a few other comment sections with no warning or no notice on other social issues. As if it wasn't bad enough that readers aren't really allowed to make use of the papers comment field on the online news articles at all execpt for select news articles at the papers discretion. And, I caught this same paper in printing a paraphrase off the UN secretary general's recent speech, passing it as having quoted him, but really with extra meaning added to it. After contacting the reporters it became obvious that this single word 'overwhelming', easily translated into this other single word, had become six words added to the quote in their news piece, adding a spin to it all. And then it was claimed to me they based that piece of fact off something they just read in some news bulletin from elwewhere, but without listing it as source material.

We live in interesting times apparently.

yes September 15, 2013 1:56 PM

Correct Bruce and please help lead an effort to teach others to care.

I forgive you for supporting obama, the man of no truth, if you do so.

Everyone I speak with says meh I have nothing to hide. But when they do care it will be too late, as the saying goes.

Surveillance state, increased domestic, militarization, a leader that is an american idol tyrant.. not good.

Sorry I cannot help picking on Barry; he is the embodiment of the abdication of accountability, and he has relentlessly ramped the surveillance for political purposes (IRS anyone?) and that's where it will come to break us first.

regards,

avnerSeptember 15, 2013 1:59 PM

The black knights who should Take The Internet Back are the local governments: Mayors have the power to deploy private metro nets and set-up peer arrangements, and have the political motivation to protect their constituents' privacy. But... we must give them a fool-proof open infrastructure kit, otherwise their IT guys will just go out and buy the same old crackenware they're already used to.

Jeff JohnsonSeptember 15, 2013 2:06 PM

I understand privacy is a sensitive issue with everyone, but I like to emphasize the value of the Internet as a public arena. For example, setting aside the question "why not both?", if I had to choose between privacy and net neutrality, I'd pick neutrality in an instant. For example if people had to pay for every visitor to their blog, or other types of privatized commercialized compartmentalization of the net, it would not be what it is today. There is very good freedom to publish and consume what you want.

If we think of the Internet as public space with free access, why should there be an expectation of privacy we would not have in the town square? And how is protecting privacy not in some real and potentially dangerous sense, keeping the net safe for criminals and terrorists to enjoy its benefits absent the sunlight of public scrutiny?

I realize there are lots of nuances that complicate this picture. Certainly securing financial data from criminals is essential, securing user identities, as well as securing critical control of infrastructure, manufacturing, and other physical resources. And if NSA compromise of the mathematical integrity of security technologies creates vulnerabilities waiting to be discovered by or leak out to malicious parties, that is extremely bad.

But overall, given that we already suffer the indignities of hosts of corporate spies trading our profiles and habits and emails, how is it worse for the government to have access? I think the strongest response to that is that the government has effectively unlimited power to abuse the information that private entities do not have. From that standpoint, there are two distinct technical/political fights against government abuse we can engage in: 1. We can try to secure data and defend privacy, or 2. We can fight to constrain government power to abuse surveillance information, and restore transparency and public dialog, and restore citizen access to courts for remedies, an access that is too frequently denied on the grounds of state secrets privilege.

To summarize, if we regard the Internet as a public sphere that guarantees public speech, maybe privacy is the wrong fight. Maybe the better fight is to establish better parity between the public and government on transparency and public scrutiny. If they are going to spy, we need to know it and establish boundaries that can be monitored by transparent public processes and judicial procedures with real power to punish and constrain government abuse of power. If the government submits to public oversight and scrutiny, if we can see their data in exchange for them being able to see ours, that seems like a reasonable tradeoff.

Frank EinsteinSeptember 15, 2013 2:32 PM

@Jeff Johnson
For example, setting aside the question "why not both?", if I had to choose between privacy and net neutrality, I'd pick neutrality in an instant.

Luckily privacy does not have to be a choice between "privacy or this" or "privacy or that".

Jens O. MeiertSeptember 15, 2013 3:33 PM

In all brevity, have we, or the security community, reached out to standards bodies like IETF, also the W3C, for comment?

(I’ve just done so by emailing the W3C press contact, but it’s fairly light-weight, and I’m undecided how to proceed at this point.)

CuriousSeptember 15, 2013 3:36 PM

@Jeff Johnson's text above

I am going to ramble on here about making the assumption that the idea or notion of a 'public space' having any deep meaning at all.

"To summarize, if we regard the Internet as a public sphere that guarantees public speech, maybe privacy is the wrong fight."
How about: no! (as if we thought "we ought to regard the internet as being a public sphere that guarantees public speech")

I have to say that I am pretty sure "free speech" would have no sensible connotation to this notion of a 'public sphere'. Except, perchance when regarded in some way of ironizing, whereby so called 'freedom' would be understood as being only meaningful in being a set of limitations (you are free to do this, but not that, etc). 'Having freedom' is not a phenomena as such, 'being free' (except when used as a reference to 'freedom', then it is not) is, and so these two terms make up a critically important distinction in how we relate to the way we live in a lot of ways I will say, because if someone thinks you are 'having a freedom' when you 'are not free' (free to do x or y), then obviously one could not possibly be talking about the same thing (someones life in particular, as individuals or as a parituclar group of particular individuals).

Ultimately, being 'free' has nothing at all to do with 'freedom' as these denominations is related to phenomena as such and the 'universal' has nothing to do with 'public'.

Ergo, I have to say that an argument or a sentiment for treating people equally couldn't possibly infer a rationale in which 'equality 'would come to mean that people is really treated equally. A point being made here is similar to the is/ought problem, in which an assortment of aspects (social aspects) cannot simply be prescribed as being such as if it had to be taken for granted, or something being so called a priori, as if living in a/the 'public sphere' were to be a form of existential that actually determines how the world must be understood as functioning as. In other words, I have to say I do no function like a human being living in society simply because I am living in a/the public sphere or simply because I am living in a/the society. I am not social because I am living in what is understood as being a "social" environment.

Any idea of there even being a possibility of choosing there to be a 'public sphere' would imo be a fallacy of sorts. So an attempt for making the argument that there would become some kind of different public sphere, or even no public sphere at all, one risks making a fallacious argument. Insofar as thinking or speculating that every internet user would come up with some kind of 'moral ought', one could easily disprove thát as a being an actual choice, because it simply could not be a choice (morals are choice based, not subscription based ideas or beliefs, and choosing to doubt something is not the same as doubting and you can't think a thought), the same improbable way a choice could be valid under torture or threat, something contrived. In the event of anyone considering stating that 'I' were to have an obligation of sorts for making a choice, or for taking responsibility in how the internet is supposed to work, it should be fairly obvious that the internet is not owned by people, it is owned by corporations and/or state authorities, and as such I have no moral obligation at all for how the internet is supposed to work because it is simply none of my business, it would not be fair. Either the internet works, or it doesn't, my opinion doesn't really come into it. This is not something paradoxical, or you people will have misread my text and/or misunderstood me writing this particular comment.

http://en.wikipedia.org/wiki/Is–ought_problem

Enough proofreading. :| Alot of text, not sure if I will regret this somehow.

Muddy RoadSeptember 15, 2013 4:05 PM

The Snowden Revelations are proof positive we cannot trust the government or corporations at all. We MUST operate on the basis of NO TRUST no matter how their lips move and their PR people gyrate.

I am so proud and relieved Bruce Schneier taken the call to literally re-invent the internet based on a NO TRUST model.

Obviously the corporations and government have a vested interest in their intricate domestic spying apparatus and NO CHANGE can be expected from them.

When both Clapper and Alexander egregiously lied to Congress, and thus the American people, NOTHING happened. That was a very bad sign indeed.

It was a clear indication of thorough corruption at the highest levels. Now Clapper is in charge of the committee to investigate abuse. Laugh or cry?

It's up to men and women, like Bruce, to take back the internet for the people.

Somehow, I think they can and will do it.

Thanks Bruce!

Don't let them get you down...and they will try!

jonesySeptember 15, 2013 4:12 PM

@avner

Fine idea, start local and work up and out. The mayors would have much to gain - the respect and kind regard of their neighbors and constituents as well as their own privacy; they'd also have much to lose - state and federal grants and revenue-sharing, and years of expensive legal wrangling before various courts. But it would be lovely to see. Too bad they didn't make a start with the cable companies and then later with ISPs, because they'd have firmer ground and leverage.

@Jeff Johnson et al

No offense, but I cringe every time I see things framed as either-or, when it's invalid, unnecessary, or both.

Privacy in public is a matter of no great expectations yet with the weight of history whereby we tend to accord some privacy to others in the commons by making a point not to listen into their conversations. We come to the town square to see and do and mingle but not to pry - a matter of good manners.

Privacy for all the rest is reasonable not only to expect but to demand. For instance, the idea that because emails are sent clear-text they are public is absurd: whether you or the postal service steam open an envelope or an admin sits at a computer and calls up and opens a file off a server are both physical, volitional acts. The expectations and law that applies to the former should just as validly apply to the latter. If it helps, consider anything past the routing information or the file header to be inside an envelope, just as with addresses on paper mail.

It's one thing to trade the convenience of Google Mail for print ads that are targeted based on an company-internal bot scanning for keywords, the practice having been clearly spelled out and agreed to beforehand; it's another entirely to accede to practices that do not have our consent, whether done by corporations or government.

Again, we can take measures to secure our data AND we can fight to constrain government and corporate powers. There is no need to separate the two by setting them up as either-or choices; it's a false construct.

Get the corporations (they're comprised of our neighbors, no?) out of our data. Keep the government (which is supposed to be us, yes?) out of our data.

(And for the commons' sake, enough already with the EULAs kitchen-sink provisions, or the "by opening this you agree to everything in it even though you haven't read it yet". One could argue that the nigh-automatic action by the general populace to click "yes" and get on with it is what prepared us for accepting the wholesale slurping of our data when we surf the Web - no matter how "anonymized" we're assured it to be.)

JonSeptember 15, 2013 4:13 PM

I have never received any NSL or gag order, and I will continue to say so until I am ordered not to.

Jon

Nick PSeptember 15, 2013 4:17 PM

Might just present this one debate style and keep it simple.

Against Bruce: Not Engineer's Problem

"Please repeat after me: Surveillance is a political and legal problem, not a technical problem. We have to all become outraged and start a big and public online and offline campaign to take back the law into the hands of the people and their representatives and away from secret organizations “overseen” by secret courts in a system that goes beyond Kafka’s worst nightmares." (2nd counter article)

Pretty much what I've been saying here. *Every* technical solution will be beaten by governments using the law, including their monopoly on "use of force." To his credit, Bruce did mention the political angle and emphasize its importance in this essay.

The other article's economic arguments are good points as well. Especially the IP v6 comparison. That was hard even though there's routes to interoperability with existing internet services. Just imagine replacing all kinds of key protocols and trying to make them work with infrastructure hardware designed for obsolete, surveillance-aiding protocols. And getting adoption by the majority. All I can say is... "Good luck."

For Bruce: Will Solve *Another* Problem

So, Bruce's technical recommendation isn't likely to reduce NSA's effectiveness due to The Existing System. However, Bruce is totally right that we need to replace our existing protocols and infrastructure. The lowest layers were built for another era. We need to update them and bake security in from the ground up. There's more problems going on than the NSA. Re-engineering the Internet for better security will help stop THEM. And we might also boost performance, maintenance, etc while we're at it.

Example: I've often favored UDT over TCP because UDT is FAST, doesn't have TCP's known attack vectors, easier to use, can run from user-mode, and could probably be implemented with more assurance. We've already knocked out several problems before we even begin discussing how it could be *improved*. ;) That's how we have to approach the situation for the rest of the protocols too.

I also propose making the new design run over ethernet wire, allow IP encapsultation of transport stack, and have other interoperability boosting features. Each deployment gets to determine how much legacy stuff they want to wall off. This will help migration. New, safer routing and transport protocols would be nice. DNS could use an update (or replacement). Authentication, although not necessarily identification, of information sources (and ability to filter) on the transport network should be mandatory and *fast*. All crypto primitives must be the fastest possible to ensure most people stick with encryption, which is on by default. I had some security boosting ideas here for protocol design.

Whether NSA gets put down or not, we'd all benefit from making the Internet a safer place. Old Bernstein maxim: it should be easy to do it the safe way and hard to do it the unsafe way. We should use that when we're making "optimization" decisions. ;)

Clive RobinsonSeptember 15, 2013 4:54 PM

@ Jon,

    Furthermore, you do have privacy in the town square. You wear pants, don' you?

It used to be rather more than that. If you think back to the time the constitution was written there were very few people and most of the American continent was in effect "public space" therefore you had a very good expectation of privacy almost anywhere outside of a town or city.

But even inside a town or city there were more people inside buildings than on the streets and walkways so you had a better expectation of privacy on the street than you did in a building.

Thus if two people wanted a meeting in private they just went into the middle of a field and talked or walked down the street and talked.

This generalised notion of not having privacy in a public place is in reality very very recent and realy only started when the first security cameras started appearing. Prio to that it only came up occasionaly in serious criminal cases where people had as part of an investigation been followed in public by the authorities or the police had pushed their luck to far claiming some incriminating evidence or act had been seen from a public place.

avnerSeptember 15, 2013 5:29 PM

@jonesy
"they'd also have much to lose" - you're probably right, but scale too can matter. Perhaps a consortium led by 4-5 large enough cities will be a challenge - financially and politically - even for the Federal Government.

Jeff JohnsonSeptember 15, 2013 5:29 PM

@jonesy
Good reply. I can see that the Internet can accommodate both public and private communications, and I acknowledged that briefly (financial transactions, authenticated identities, protection of critical functions from malicious intent).

How do you respond to the point about the perfection of privacy giving powerful tools to criminals and terrorists? Isn't some kind of compromise on privacy worth considering as long as we can provide for a guarantee of open public discourse and access to legal remedy in the event that government abuses its power either by error or by intent to punish or weaken political dissent?

Even if government has total access to communications we nominally consider and intend to be private or restricted, there is still pretty good anonymity by sheer volume of data. I realize anonymity isn't quite privacy, but in most cases it is a reasonable facsimile. That government access really doesn't harm anyone until that unlikely event that an innocent person becomes a subject of interest (likely for someone, but unlikely for most people). At this point if individuals have (as constitutionally we are supposed to have) iron clad legal protections against harassment, threats, and other government bullying merely because of suspicion, and recourse to courts with real clout to make government pay for abusive violations and intimidation, isn't the worst aspect of privacy violation, the fear of Kafkaesque nightmares, fairly well mitigated? And then we preserve the utility of the net, reasonable privacy, but we don't take from law enforcement some powerful tools that can really save lives.

This whole argument is predicated on the assumption that we really can push back politically to restore eroded protections against the abuse of government secrecy that enables government to use secrecy for more than protecting sources and methods, but in addition to protect themselves politically from public scrutiny of errors, incompetence, abuse of unconvicted suspects, and overreach. If we perfected privacy, government still has the refuge of secrecy and huge potential to abuse power. If on the other hand we solve the transparency and individual legal protection issue, the privacy matter becomes far less fearsome.

BerndSeptember 15, 2013 5:45 PM

German election day is near. Please ask Glenn Greenwald to release something about our survailance agencies called "Verfassungsschutz", "Bundesnachrichtendienst" and "Militärischer Abschirmdienst".
As you probably know from history class, our country has experience with mass surveilance and therefore we hear absolutely nothing about what exactly our secret agencies do. There are no whistle blowers in germany...

Muddy RoadSeptember 15, 2013 5:46 PM

Re: "Surveillance is a political and legal problem..."

It's a fact the government and corporations will use the law and their money to beat down any grass roots approach to re-taking the internet for the people.

However, the laws are clearly outdated even now, as soon as they are passed. They are weak and not nearly as omnipotent as they would pretend.

Also, there is a new benefit for the people: We know without any doubt at all the government and corporations cannot be trusted. Ever.

Last, the internet is new. I am thinking there will be technical breakthroughs in regards to privacy and security that are unimaginable right now.

Various people have tried to warn us over the years of what has happened and is going on, we only listened with one ear.

I think we all owe thanks and gratitude to Ed Snowden for getting us to listen with both ears.

Whoever ItisSeptember 15, 2013 6:05 PM

This is a great overview.

As far as practical steps, perhaps we could focus on what existing technologies can be implemented. Also some tutorials and similar instructions would be beneficial.

For example, if one tries to implement Perfect Forward Secrecy there's an immediate problem. Assuming we're Linux based, generally speaking you have to upgrade to a later version of Apache or switch over to Nginx. Then you may also run into problems based on the version of Openssl being used.

I did this recently and found it was difficult since few distributions were capable of this. Just a simple guide for someone on how to do something like this without spending days of trial and error, or not even bothering, could be helpful.

Another simple example is to educate people on how to generate their own private keys and not let the CA do it for you. I recently saw a major VPS provider write a blog on how to get an SSL certificate. And they went right through that step accepting the default of letting the CA generate your private key.

While there are large tasks to conquer, there also seem to be many that can be done right now. Thanks again for your efforts.

Marcio LimaSeptember 15, 2013 6:37 PM

You can turn the life of the surveillance agencies a little harder around the world designing better software and hardware but at end of the day privacy is a political and law problem. The world needs better laws to prevent governments and corporation to plot against the citizen. Some kind of a Privacy Protection Chart in the UN. If we have Nuclear and Chemical weapons treaties why not privacy protection treat.

Dave CrosswellSeptember 15, 2013 6:41 PM

DARPA don't own the internet.
They used to, then gave it back to the people, who are the ones that paid for its creation after all, initially for educational purposes.
It is definitely used for that, even within the broader informational conveyancing sense.

We have the most innovative environment in the history of the species at stake, that specific parties wish to purloin for purposes of surveillance for every purpose from population control to marketing that they wish to downgrade to the equivalent of high speed, cable T.V., replete with ads and, if we don't want to be relegated to the status of mere production units to maintain a state wherein we will be treated as 'overhead' and therefore to be reduced as a cost as much as possible, we need to cast off complacency, start behaving with the level of intelligence we are supposed to be endowed with (though looking round, I'm inclined to doubt that summation), and begin reasserting ourselves as having basic human rights. Because that, basically, is what is being taken from us here.

Unless, of course, everybody is comfortable with the allocation of a suburban box - which you will pay for anyway, as part of the (insert appropriate national environment name here) dream and the 'right' to desert other responsibilities in order to go to work to support an economic structure whereby you manufacture the products to earn the money to purchase the products you manufacture.

We are being pharmed, people!
Wake up!

tzSeptember 15, 2013 8:49 PM

Closed source is subject to a national security letter.

How can we trust anything we can't see inside. Even if they merely publish the source under a "don't modify" license, but so it can be examined and the binaries can be generated and compared it would help.

Open source can only be coerced to build a contaminated binary or add a bad patch. But then we need to maybe do a Gentoo version so instead of mirroring binaries, we are mirroring only source.

Perhaps we just need two tiers of mirroring, one that copies over the archives, the second that rebuilds them from source and validates the hashes - so european or NZ or India or Russia should rebuild the same thing. And perhaps add a digital signature, that if only a US source breaks it should be blacklisted along the lines of Diginotar.

It goes beyond crypto to the RNGs and PRNGs - at least I can see the Linux kernel. Or the flavors of BSD. What is Windows doing? OSX/iOS?

For routers, if we could do this with DD-WRT, we should. Beyond that, figure out a way a clean router can proxy SSL using Perfect Forward Security and choose the stronger algorithms going out - even if the browsers are crippled. The best would be to create a router(client) to router(server) ala safepassage and stronghold that would use solid crypto. And add an IPSEC tunnel between them. DD-WRT/Tomato/whatever need not be Tor, but it could be a strong gateway, not just a gate in a fence but a turnstyle.

JerryHSeptember 15, 2013 9:03 PM

The PRISM (created 2007) non-revelations are only
"shocking and appalling" to those who do not believe
that the private contractor & NSA mandate is to exceed
their mandate. What to expect from the Cheney Bush
permanent contractor security in triplicate economic boom to the
economies of Virginia, Maryland, and DC? Anymore
quotes from Ben Franklin that he didn't say? No?

In forums like this where ppl know better we don't hear
about "Barry" the "tyrant" from the amazing right wing noise
machine. We don't read too much about the party that
purges elected moderates leaving T-party inmates
like Sen. Cruz in charge in the charge to the Nov 2014 elections.

Their "reasonable" moderates?
Hawks like Graham and McCain. Beyond those two we
have Rand Paul, the binary opposite isolationist
even when he's not giving interviews to Alex Jones
fighting those Infowars on the "Obama Prisonplanet"
or is it PRISMplanet?

SoothsayerSeptember 15, 2013 9:15 PM

I don't agree with the core premise of this position.

I agree better engineering can prevent "cheap" targeting but rest is just posturing.

I really don't care if government reads EVERY thing I write in my emails :-) 30 - 40 years back we were writing letters and they are pretty insecure.

There is no such thing as privacy .. if you live in a any society you are in public, internet has made your circle larger and your "privacy" will shrink in the exact proportion! (there should be an theorem for this conjecture)


FigureitoutSeptember 15, 2013 10:42 PM

Doesn't really sound like anyone's really taking your call to action Bruce. Gone are the days people "shoot for the stars" and basically all I see is some more fluff and less fundamentals. We need new fundamentals, not more fluff.

It's an impossible project and we're doomed to the derpa-derp. It'll be one big porno-reddit social network and I'm never transmitting my keys over it.

BuckSeptember 15, 2013 10:55 PM

The way I see it, we do have an either-or choice to make regarding privacy... A choice between either "privacy for all" or "privacy or none". Until one of those extremes is reached, we'll remain in a temporary period of "privacy for some" with the members of that "some" in constant flux.

Maybe today, the NSA knows all the dirty little secrets with total opaqueness to guard their own... Perhaps tomorrow, a deeply embedded cell of Russian spies will seize control of their surveillance infrastructure... Possibly, the Chinese have been providing subverted silicon for decades and are just waiting for the right time to activate their backdoors...

Either way, I foresee a great bit of growing pains... Do we allow privacy for all, fully expecting that some will misuse this privilege for personal gain? Or could we cede personal privacy expectations to ensure that all are operating on a level playing field?

Well, I suppose we could still nuke the world into oblivion; then "privacy for all" and "privacy for some" would actually be the same option... :-\

Prinz Wilhelm Gotha-Saxe-CobergSeptember 15, 2013 11:25 PM

@Muddy Road

Also, there is a new benefit for the people: We know without any doubt at all the government and corporations cannot be trusted. Ever.

Right wing: Sure, companies can be trusted. But government has a tendency to engorge on taxpayers' money and enlarge itself. It needs to be trimmed back.

Left wing: Sure, government can be trusted. But companies have a tendency to engorge on customers' money and enlarge themselves. They need to be trimmed back.

Centrists: We feed all animals in this jungle equally. Equal rights to all man-eating monsters, whether they be government or corporate!

Malatesta: Since humanity neither wishes to, nor can, live in isolation it is inevitable that those people who have neither the means, nor a sufficiently developed social conscience to permit them to associate freely with those of a like mind and with common interests, are subjected to the organization by others, generally constituted in a class or as a ruling group, with the aim of exploiting the labor of others for their personal advantage.

Bruce could be clearer on this, that what he is suggesting falls under the polsci definition of anarchism. Or self-organizing communities, if one wishes to avoid the poisoning of definitions the state in the West has carried out for over a century.

65535September 16, 2013 12:24 AM

Thanks for you honest appraisal of our digital world and how to stay a safe. Most of my thoughts have been covered in the in comments (both in this blog and the Guardian). I’ll keep it short.

1. I agree with your statement: “I am saddened to say it, but the US has proved to be an unethical steward of the Internet…”

2. More people need to come forward. “There's safety in numbers, and this form of civil disobedience is the moral thing to do.” If top internet companies like Giggle, Disgracebook, MicroSquish lie about their collusion with NSA it sends a strong signal to all of their employees to do the same. I wonder if their financials statements are truthful.

3. Many schools, business and governmental agencies are making de facto use of the internet and forcing it on people. It’s not only an engineering problem but political/legal trap.

4. I see a slippery slope where this spying or misuse of information could tilt the entire playing field including news reporters, lawyers, judges, IRS cases, accountants, credit score companies, doctors, politicians, and customers lists for small business. The damage could be enormous.

5. Lastly, I will note Andrew Russell works for Stevens Institute of Technology which has a satellite campus in Washington DC. That makes me a little uneasy. How far does NSA and K street reach?

name.withheld.for.obvious.reasonsSeptember 16, 2013 12:25 AM

COUNT ME IN!!!

What I can I initially offer is a transparency framework for project management. It is still I rough form but I expected to release it next year. It is a counter to the belief that compartmentalized security is effective in maintaining structural integrity. No, structural integrity is what you use to achieve structural integrity. I'd never fly in a plane engineered and built by lawyers.

itsec1September 16, 2013 12:56 AM

"this is going play directly into the hands of totalitarian governments that want to control their country's Internet for even more extreme forms of surveillance."
Exactly true. That is what has been happened for more than a decade in those countries, and the current situation improves it.

JonSeptember 16, 2013 1:25 AM

# Buck - The point is 'some privacy for all'

# Sooth - "Give me six lines written by the most honest of men and I'll find something in there to hang him"

# Clive - That being the point. Going out in public doesn't immediately extinguish all your rights to privacy.

# marks are the new @ signs.

J.

TomSeptember 16, 2013 2:41 AM

Before sending us a letter/order first they install a surveillance camera here and these videos can be used in court against us.
can you ask your source about these nano sized cameras implanted into wall's stucco? how to detect and remove them?

WinterSeptember 16, 2013 4:43 AM

# Sooth - "Give me six lines written by the most honest of men and I'll find something in there to hang him"

Soo true:

Ham Sandwich Nation: Due Process When Everything Is a Crime
http://www.columbialawreview.org/...


The effectiveness of this approach may be seen in the longstanding aphorism that a good prosecutor can persuade a grand jury to indict a ham sandwich.

Mike the goat (angora edition)September 16, 2013 5:42 AM

@whoever itis - I am genuinely surprised that any legitimate CA would generate a private key on your behalf. This breaks everything. What is so hard with a CSR?

RichSeptember 16, 2013 6:37 AM

@ avner
Cities which regulate cable companies can adjust the tarrifs to make sure home servers are allowed. For the most part the big guys don't want you running your own mail server.

States can make sure fair trade laws make it clear that any ads making bandwidth claims must include the lower of upload and download rates.

LukerSeptember 16, 2013 7:10 AM

Two, we can design. We need to figure out how to re-engineer the Internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems -- these will be harder for the NSA to subvert.

Hi, I'm actually working on this. I'm a master-student in a EU country.
As my master thesis I started designing and implementing a new authentication / authorization / cryptography protocol.

The name will be "Fenrir", and I will post it here again as soon as I have something working (I started one month ago).

The main objective of this project is to have an alternative for SSL/TLS, Kerberos, OAuth and every other auth scheme.

It is a federated protocol based on a new key-exchange algorithm.

I used proverif and scyther to verify it, but I will need more people to look at it (again, once it is almost finished). Can I count on you all to try to break and test it as soon as I release it publicly?

Mike AckerSeptember 16, 2013 7:22 AM

Education is key

i find it disappointing today that i see so many advertisements and essays claiming that two-factor authentication or bio-metric authentication will solve security problems.

such solutions may be well intentioned, no matter. the serious security issue is that un-authorized programming in the end points is being used to facilitate most "hacking" where "hacking" is the improper expropriation and misuse of data.

once we understand this we will insist on software inventory controls. there can be no meaningful discussion of cryptography until after the endpoints have been certified free of un-authorized programming.

interestingly cryptography is a key requirement in this process. the subject of cryptography includes the study of digital signatures. digital signatures are required to authenticate true copies of digital documents,-- and programs, -- any digital "object", actually.

this extends to electronic business transactions. tax returns. checks. online commerce. the old pen&ink methods do not extend well to high-speed digital commerce.

To sum things up, I see two major areas in which I think education may be helpful:

1. Learn to certify the endpoint computers to be free of un-authorized programming.

2. Learn to use public key encryption to authenticate sensitive transmittals

Finally, we all recognize that much of the internet is used for essays, blogs, articles, and such -- none of which requires security. The "internet" per.se. -- is just a data transport. We just need to learn to use it better.

SimpleNotSimpleSeptember 16, 2013 7:33 AM

It isn't possible to take back the internet. A government agency with vast resources will always be able to outmaneuver a private company, organization, or open source community. Despite Snowden's revelations, we don't know the full extend of the NSA's toolbox for getting at information and for breaking encryption.

This is the new world order. The government can do whatever it likes with your digital life. The constitution is unenforceable when a spy agency has secrecy and vast resources on its side.

Mike the goat (pygmy edition)September 16, 2013 7:50 AM

@simplenotsimple - There is a real danger in being defeatest. The internet needs to adapt to this. We should never have been sending so much in the clear anyway. As to SSL being 'broken' I suspect that they were using a combination of forcing large tech companies to hand over their private keys and CA subversion to acquire certificates for MITM attacks. By solving the trust problem and decentralizing our dependence on a select number of 'trust gods' we can move on from this. This is a blessing as it will only make the internet more secure in the long run and lead to a necessary discourse on the benefits of trustworthy computing, open hardware, etc.

bloozelSeptember 16, 2013 11:43 AM

I don't think there are any technological or political solutions to the surveillance problem.
In the end, any surveillance resistant technology will just be outlawed, and because 80% of the population are idiots the democracy will prevent any significant political changes from happening.

As a software developer (nerd) I can't help feeling betrayed by the non-nerds.
Like many other nerds, I have helped the non-nerds to use computers and transform the society, and like many other nerds I hate the surveillance and most of the other interferences with technology that those non-nerds have been manipulated to support.

Like others, my fascination with technology made me share my skills openly with anyone interested and I realize know that this was a mistake...if Obama wants a surveillance planet he should learn how to use a compiler himself.

Alex R.September 16, 2013 12:38 PM

I can't whistle-blow. I don't know anything. Is there a fund I can donate to which gives whistle-blowers legal help? I don't mean something general like the EFF, but a specific fund or organization that protects whistle-blowers?

Jan WillemSeptember 16, 2013 3:20 PM

@Muddy_Road: agree with you.
@Bruce: great text. I hope we will succeed in rebuilding / reinventing the internet. Now based on no trust at all.

Dirk PraetSeptember 16, 2013 5:59 PM

Our elected politicians won't do diddly-squat until public opinion turns against them. None of the numerous revelations from Ed Snowden's document trove have so far touched the right string with the silent majority.

If I were Glenn Greenwald, I would be looking for some document/fact that - however insignificant at first glance - has the potential to stir up the hearts and minds of common people. The believed to be untouchable Rupert Murdoch and his News of the World were brought down following the public outrage over hacking murdered 13-year-old Milly Dowling's phone. In "V for Vendetta", a tipping point is reached when an agent shoots an innocent kid wearing a Guy Fawkes mask. If any political change is to come from Snowden's revelations, than we need at least one story with a high emotional impact that the average citizen can entirely relate to, and at which point our weasel politicos will be stepping over each other to switch sides.

@ Bruce

From Star Trek: Generations (1994)

Kirk: I take it the odds are against us, and the situation is grim.

Picard: You could say that.

Kirk: You know, if Spock were here, he'd say that I was an irrational, illogical human being by taking on a mission like that. Sounds like fun!

@ Soothsayer

I really don't care if government reads EVERY thing I write in my emails

This is the traditional argument being fed to people in defending surveillance overreach. It's a fallacy that has been debunked countless times in the past. May I recommend a particularly good academic paper on the issue by Prof. Daniel J. Solove of the George Washington University Law School ? It was written in 2007. Privacy is not dead because governments and CEO's like Scott McNealy and Mark Zuckerberg tell us so. It dies when people like you and me start believing their lies.

@ Luker

As my master thesis I started designing and implementing a new authentication / authorization / cryptography protocol.

Please feel free to ping me when you're done.

Nick PSeptember 16, 2013 9:59 PM

@ Dirk Praet

"In "V for Vendetta", a tipping point is reached when an agent shoots an innocent kid wearing a Guy Fawkes mask. If any political change is to come from Snowden's revelations, than we need at least one story with a high emotional impact that the average citizen can entirely relate to, and at which point our weasel politicos will be stepping over each other to switch sides. "

Exactly. Perfect example. And it has to be drummed up to the tipping point. Mainstream media, I expect, will appear to go with the public rather than squelch them. And that will squelch them.

How mainstream media can shut down the rebellion

The public will hear about the "situation," whatever it is. They'll get fired up in clusters and groups. It will probably be decentralized with many different groups having similar feelings and vision, but separately led/managed. If they achieve critical mass, they can affect the situation. If they don't act quick enough, they'll run out of energy or loose focus. So, the goal for establishment (and their media) will be to keep the public reaction disorganized, diverted and distracted.

(If I was a PowerPoint guy, I'd say "It's the Three D's!")

The establishment, if smart, won't shut down the story. It's easier for them to influence if they keep rapport with the public, at least their demographic. So, they'll bring up the story and voice their concern about it too. They'll drum up the emotion. The trick is that they'll push a different interpretation that diverts people's attention from where their efforts should be. I've seen this happen repeatedly with TV media, radio stories, false emails, false facebook stories, etc. It works. People are given what they want to hear, they get fired up, they gripe in social circles, and then it blows over.

That by itself often works plenty. The other side will be to turn the public on each other. The American people are very petty in politics with plenty of heated issues that don't actually decide their future, but are more important than those that do. ;) They also relish the opportunity to feel their group is superior, while smearing or "giving understanding to" the others. The establishment media only need to feed several versions, democrat or republican for example, that fuel public's habit of butting heads. And then, they'll be wasting their energy on each other. That the favorite TV or radio pundits of most political groups are selective and self-serving about their factual accuracy will just add fuel to the fire.

So, the modus operandi is:

1. Appearance of understanding, openness and representing same issues.

2. Diversion of natural reaction toward an ineffective response.

3. Promoting political infighting to further distract.

4. Nearing completion, give them something else to focus on so they'll feel *done* with "that month's problem."

Works almost every time. ;)

the helping handSeptember 17, 2013 5:27 AM

I think we have some good algorithms to encrypt data for secure transmission. The secure implementation in products and without backdoor is the key and this can be supported by us.

A big goal has to be to secure the endpoint of transmission (=devices / software) and to raise information security awareness between the ears. The first point could be supported by developing real (open source) alternatives for Windows. As far as I know Linux (my first contact was with Linux on a 5 1/4" floppy) it was just a system for "freaks" who want to adjust any tiny parameter of a tiny function. The better this can be used by kids, teens, their parents (the generation before them would be nice to support, but not the top priority) the more it will be accepted and installed for normal use.

To raise awareness we have to talk and explain more about what is going on today and that everyone needs privacy. We have to collect good statements why the argument "I have nothing to hide because I am one of the good guys." is worthless today.

Jeff JohnsonSeptember 17, 2013 8:35 AM

The idea of re-engineering security based on open-source technologies seems like a good one. I hope the IETF can provide the necessary element of formal structure and coordination. I don't think anarchic development will fill all the holes, though it may have much to contribute.

But Nick P above makes strong points that solving the technology problems do not solve all the problems, and I think do not solve all the biggest problems. Government secrecy and abuse of power, and invulnerability to prosecution and oversight, is the number one problem that must be dealt with politically. Making the technology harder to crack will only escalate government's use of more nefarious means of intimidation, such as confiscation of property, restriction of movement, incarceration, and even bodily harm or threats of bodily harm. Unless we can reign them in legally and politically using laws and courts with real consequences for government abuse of power.

The question that it seems nobody is willing to talk about is this one: suppose a perfect technological open source solution to privacy is developed, one that is entirely or nearly entirely invulnerable to government surveillance. One thing this will acheive, which I see as very negative, is that this puts very powerful tools into the hands of terrorists and criminals, and takes the currently used powerful tools away from law enforcement. Are we really sure this is the right thing to do?

I see the pre-occupation with privacy as representing three impulses:

1. one is the natural normal human need to conceal personal feelings, ideas, desires, activities, etc. from people who know you, who matter in your life, whose opinions can hurt you and dramatically affect your quality of life because of their personal proximity. When this sentiment is extended to the vast population as a whole, your personal matters shrink to insignificance. They are boring anonymous petty concerns, and a inordinate amount of concern over whether someone at the NSA or Google might look at my gmail starts to resemble a perverse vanity.

2. Second there is the fear that having complete access to personal details makes one vulnerable to abuse, intimidation, blackmail, and other kinds of threats from government agents who are intent on damaging, threatening, or destroying innocent people for political or power related reasons. This is a large and very valid concern about privacy. On the other hand, we are talking about a government that could make your house explode any time it wants by targeting you with the largest arsenal of the most powerful weapons ever known to humanity. We trust them with these weapons for one major reason: we trust our democracy and constitutional protections, and we trust that our military defenders are for the most part benevolent and self-regulating when individuals step out of bounds.

3. Third, there is a fear that illegal activities, whether drug, sex, crime, or terror related, will be detected by law enforcement, and you will suffer the consequences of prison or death. A legitimate concern for criminals and terrorists, but not for most people.

The UK has an extensive public surveillance system of CCTV cameras. This is an important test case. Do citizens feel unable to move about in public because they are being watched? Or do they feel protected because of the deterrent effect, and in the knowledge that if someone does something violent they are likely to be tracked down and punished? Such a system of course has the potential for abuse. But what is the record in the UK? Does this system largely punish innocent people, victims of government agents out of control land acting above the law? Or does it largely prevent and punish crime?

A surveillance system, like any technology, our vast military capabilities for example, is a double edged sword. It can do good or evil. What determines which it shall be? It is our political and legal protections, it is our democracy, it is transparency, free press, free speech, free assembly, and the right to petition government over grievances. So of the three problems above, #2 and #3 are the ones I feel deserve the most focus, and a lot of that is applying political pressure to Congress to reign in government abuse of secrecy. But too many people seem emotionally upset over #1. Too many people assume that the government is an enemy that must be fought, rather than our government that we must fix. This is a kind of 2nd amendment mentality of the Patriot/Survivalist ilk, an encryption war on the government that, like the armed conflict, should not be fought and can not be won. Instead the real fight, and the best fight, is to make sure that even if the government has every bit of information about us, they can not use it to hurt us, harass us, intimidate us, or illegally detain or punish us. And this must be done politically.

name.withheld.for.obvious.reasonsSeptember 17, 2013 8:57 AM

@Jeff Johnson

WOW, a preoccupation with privacy. I guess there was no purpose in drafting the 4th amendment. Those stupid framers didn't know what they were talking about...they must of been preoccupied with some other foreign concept.

Jeff, you obviously haven't read Bruce's book 'Lias and Outliers', your comments would not stand if you had done so. I don't know where you get your anecdotal clap trap supposutions (don't even qualify as a hypothesis) but you need to re-evaluate your "suppositions" and see what they are based on. First, I would suggest you reference you propositions with the constitution, the federalist papers, and discuss with any learned colleague that has a background in modern democratic principles. Your comments remind me of being black in 1963, begin a citizen but not be equal. I suppose I would have been pre-occupied with race.

Jeff JohnsonSeptember 17, 2013 11:23 AM

@name.withheld (for reasons not so obvious)

My real name is Jeff Johnson, and I publicly stand by my remarks under my first amendment rights.

I think of the fourth amendment as applying to my property, my home, and my person. To me it seems unreasonable that a digital copy of my phone metadata constitutes a seizure of my property. It's already effectively the property of the phone company. Maybe it's a search, but for me the very bothersome part of a search is the intrusion on my personal physical space and the interruption of my life. Stop-and-Frisk, for example, is a horrible 4th amendment violation, and it bothers me much more than NSA data gathering does. Electronically copying data, and submitting it for inspection to automated electronic search algorithms does absolutely nothing to impeded my free movement, deprive me of property, or intrude on my time, and I hardly think it is what the founders had in mind when they wrote the word "search".

Such "search and seizuire" of electronic data only becomes a problem for the individual when government agents focus on that individual's data and make decisions or take actions based on that information that really can affect the physical person, property, or freedoms. And here is where I think we should be focusing on our constitutional protections, not on preventing the government from digitally copying and storing electronic data, which is very inobtrusive. Again, consider the thought experiment: even with perfect data privacy, the government has the most massive arsenal of weapons ever assembled, and if they want to stomp on people they can. The post-9/11 creep that really has me worried is the over-use of state secrets privilege, the blocking of whole court cases merely because a portion of relevant evidence is classified, the over use of classification itself, and the invulnerability of government to lawsuits when they unlawfully detain people at airports or otherwise abuse them merely for purposes of intimidation. These are the things we need to stop. They are problems with or without privacy, and they are by far the worse problem compared with data gathering and snooping.

I'm not saying there should be no privacy. I'm saying that I think a focus on privacy, rather than a focus on reigning in government abuse of power and secrecy, in terms of over all priority is nothing but a distraction. Even if we had perfect privacy, the government could abuse the shit out of us physically.

And of course you really haven't made any effective counter argument to my main points, other than to suggest I read "Lies and Outliers", which I haven't yet done.

The point that everyone ignores, for reasons I can't fathom, is that protecting electronic privacy puts power in the hands of terrorists and takes it from law enforcement. Are there no compromises to be made here? How far are we to go for the sake of idealistic purity?

rodmarSeptember 17, 2013 12:03 PM

@Jeff Johnson

The question that it seems nobody is willing to talk about is this one: suppose a perfect technological open source solution to privacy is developed, one that is entirely or nearly entirely invulnerable to government surveillance. One thing this will acheive, which I see as very negative, is that this puts very powerful tools into the hands of terrorists and criminals, and takes the currently used powerful tools away from law enforcement. Are we really sure this is the right thing to do?

This is an argument that you see over and over again and its wrong.
It is possible and not very hard to be untraceable and to create anonymous communication channels especially in a smaller scale and terrorist groups and criminal organizations have the resources and technical know how to do use or develop them. They are already using them, so any new privacy solution would not help terrorist groups or criminal organizations.

Nevertheless I think that any engineer that is trying to design a privacy system would think about it. He would be designing a system for users to be able to retain control of the data they publish online, a system that would give users secure channels where they could exchange any type of data in a secure and private way that no one would be able to eavesdrop. But they would always think in ways that the system could be used for criminal activities.

To solve this we could have a compromise by adding some type of accountability in the system where the users real identity or activities could be revealed when performing some type of illegal activity. The problem with this solution is that it will always be prone to abuse. It will never work because the same entities that would have the power to revoke someone's privacy would be the same ones that define was is illegal and what is not (and they can change this definition to suit their needs).

What all this incident has shown is that the government and their agencies are not interested in compromises, they want it all. So an engineer trying to develop a privacy solution will have no other way but to forget the political and social implications and just do what he does best, focus on the technical problem and develop a system that gives them nothing.

How the system will be used is another issue.

Another question is how to start developing such a system.
In this post Schneier talks about re-engineering the Internet. I don't think this is the right way to tackle the problem. We don't need to re-engineer the Internet. We don't need to change the way IP works or the way routers route packets. We need to re-engineer the way users use the Internet, and more specifically the way network capable applications interact with each other over the Internet. Because privacy is not something you can force through a standard because its not something that will make the Internet perform better. Privacy is for the users of the Internet and ultimately its them that will determine if a new technology will strive or not. They need to feel the need to use it and they need to get some added value from using it (the same way they felt the need to create a facebook account when facebook first appeared).

New technology would have to change the way users communicate, not the way packets are routed over the Internet. We don't need support from the network to develop a new Internet. We have the tools that allows us to create overlay networks that run over IP networks but work in a complete different way. We need to eliminate the need for intermediaries in the communication. If I want a communication channel to talk to someone over the Internet I shouldn't need to rely on any server to mediate that communication, I should be able to connect directly to the other person. We no longer use dumb terminals and even the smartphones that we use nowadays are more then capable of handling almost anything that we through at them.

What we need to "re-engineer" the Internet is people with technical skills, a good dose of ingenuity and a github repo.

Jeff JohnsonSeptember 17, 2013 12:26 PM

@Dirk Praet:
I have skimmed over the link you posted, in which Daniel Solove addresses the "I have nothing to hide" defense of surveillance.

I agree that "nothing to hide" is a weak defense of surveillance. I also think that a better defense of surveillance would be phrased as "I have much to hide from most people, but when necessary I reveal what must be revealed". Of course privacy is psychologically important to humans. We don't want our parents, our siblings, our co-workers, our employers to know everything about us, and we like to feel that we only reveal things when we choose to do so.

No you can't photograph me naked. But when I go to the doctor, I make compromises in exposing my body for good health related reasons. No you can't look at my financial data, because you have no reason to, but I share it with my accountant or my lawyer when necessary to accomplish important goals.

So what about NSA surveillance? There are good reasons why the NSA might wish to be able to see who called who when investigating a good lead based on solid evidence producing real probable cause. At the time an individual comes under suspicion for credible reasons, if phone metadata and bank charges have been stored over a several year period, a whole network of contacts, movements, habits, can be revealed going backwards in time. This could prove to be critical information in discovering a cell or preventing an attack that could save the lives of many people.

On the other hand, absent probable cause, such data could sit idly on NSA computers, just as it would have sat on phone company or bank computers, effectively harmless.

The real fear is if this data is abused to harm us. This is the real fear of allowing one's self to be photographed naked, or if our most private thoughts are recorded in writing. The real fear is that they can be used to mock, ridicule, embarrass, blacklist, blackball, or blackmail us. There is such a thing as need to know, and most people never have a need to know what we choose to keep private.

But there are strong arguments to be made that under certain circumstances, which can not be predicted in advance, the NSA or other law enforcement may have a real urgent need to know things, as a tax accountant, a doctor, a lawyer, or other professional might have a need to know.

The major difference, of course, is we choose when to and not to reveal information to service professionals. If data went into some kind of escrow system, and government notified us, or even asked our consent when they perceive an actual need to access and use the information (as opposed to merely storing it provisionally) that would be an ideal compromise between privacy and expediency for purposes of legitimately investigating crimes or security threats.

But I think such a system is not quite practical. For example terrorists would be alerted when they were "on the radar". But some kind of electronic escrow system, perhaps overseen by an independent agency with public scrutiny, where all access and use of data is rigorously audited, and restricted by access control, such that access can only be allowed under the terms of securely digitally signed warrants meticulously reviewed by reformed FISA courts, and where such audits are obtainable under FOIA requests by individuals who become aware they are suspects, who are arrested and charged, who in any way are harassed or subjected to indignities, embarassments, or other affronts by the government because of the access to surveillance data. This audit data could be used in defense in court, or possibly in civil cases against the government if it represents abuse of power and violation of law.

There are possibly, in other words, ways to use the political process and technology, beyond merely hiding and encrypting everything, to reach some balance between privacy and the need for surveillance and security.

Jeff JohnsonSeptember 17, 2013 12:59 PM

@Rodmar,
Thanks for your thoughtful and informed comments.

You mention including accountability and consent in a privacy system.

What about the idea I mentioned in my last post? An electronic escrow system for "dragnet" broad scope surveillance data? If such a system were open source, Congressionally mandated, operated by an independent government service agency with no law enforcement responsibilities, included rigorous auditing and access control, only accessible using certificates issued under FISA warrants, audits available under FOIA, and possibly even transparency to the public of what data is stored and how (i.e. database schemas made public).

Such a system would not unfortunately permit consent, being too impractical for law enforcement purposes. But it would substitute auditing and accountability, and could serve not only as a basis for law enforcement, but also for trial defense and civil cases against the government.

It represents a big compromise, it minimizes the trust of government, restrains government and provides public recourse, while still enabling some fairly powerful tools to benefit legitimate law enforcement activity.

name.withheld.for.obvious.reasonsSeptember 17, 2013 2:45 PM

@Jeff Johnson

"...stand by my remarks under my first amendment rights."

And I will stand with you...

Your concern for the "Stop and Frisk" issue is cogent and timely. The issue to me, and I do not wish to denigrate your rights, is to convey the idea the framers had around the 4th amendment. The history is facinating, it is the "why" behind the constitution that is most relevant. A great basis for understanding the framers thinking can be had from two sources, the personal letters of Madison and Jefferson (and his biography) and the Federalist Papers. But, in order to understand the context I recommend fully embracing Thomas Paine's "Common Sense". Paine captured the nature of the conflict and the struggle. Few people realize that their were two events occuring during the revolution. One, the escape from tyranny, and two, the possibility of being a free people. A very bold move on their part. It's enough to take one bite of the apple so to speak. So, Jeff; I would make every effort to enjoin your rights as a citizen sovereign. And, as Bruce mentions in his book, Liars and Outliers, you need defectors.

I am a defector, not malicious, challenging conventional thought and wisdom. Not as an exercise in and of itself, but to answer the blight that be on this land--laid down by the willfully ignorant and innane. My defection is purposeful, and thus the name, without a bit of anonimity I cannot speak loudly to the voices that would quiet me by other means. Rarely do I met an argument that is forceful enough to repress my speech--many have tried and some have gone so far as to use explosive devices to end my speech. Seems it was something I said to Donald Rumsfeld. I believe I suggested he knew little of history, and even less of strategy. I guess it was when the third mortar round went off that I knew somehting was amiss. But hey, mortars are no substitute for a cogent argument.

And Jeff, if you get a chance, just go through a couple of the federalist papers (Hamilton, Jay, Madison) really do express the premise behind the thinking of the time. It is a pity they cannot be here today--but I would be ashamed--ashamed of the disrespect we have given their efforts.

Dirk PraetSeptember 17, 2013 7:13 PM

@ Jeff Johnson

But some kind of electronic escrow system, perhaps overseen by an independent agency with public scrutiny, where all access and use of data is rigorously audited, ...

I appreciate the balance you're trying to find between privacy and national security. It's the sort of debate that should have taken place in public before the NSA was authorised to do what Edward Snowden and some other whistleblowers before him have revealed.

The 4th Amendment to the United States Constitution and part of the Bill of Rights explicitly prohibits unreasonable searches and seizures and requires any warrant to be judicially sanctioned and supported by probable cause (not "reasonable articulable suspicion"). My interpretation thereof is that it was framed exactly to prevent the blanket surveillance the NSA has put in place.

If administration or Congress for whatever reason thought that it needed amendment, the only correct way to go about that was by amending the Constitution, not by secret interpretations of newly adopted legislation authorising secret courts to issue secret orders to allow mass surveillance by a secret agency.

One may argue that post 9/11 the perceived threat posed by gazillions of highly skilled and well-organised terrorists was so imminent and severe that there was simply no time to amend the Constitution in the usual way. In which case a number of transparant temporary measures could have been put in place pending adoption of such a constitutional amendment. This never happened either, and without Snowden there wouldn't even have been a public debate.

In hindsight, we now know that 9/11 was the result of a massive intelligence failure where the US IC completely failed to connect the dots. A decade and billions of dollars later, the NSA's intrusive surveillance dragnet still failed to stop the Boston bombers, and for the same reason. We have also learned that the threat posed by Al Quaeda and its affiliates was massively exaggerated and that the US for all practical purposes was facing a small group of mostly incompetent religious fanatics. When the Founding Fathers framed the Constitution, The Bill of Rights and the first ammendments, they were up against a somewhat more formidable enemy: a colonial power and its army. Still, they passed the 4th Amendment.

In the end, I believe that the US is well within its rights to turn itself into an Orwellian surveillance state if it so chooses, and with or without the system of checks and balances you are proposing. What I have a much bigger problem with is the idea that it is also in its rights to treat the rest of the world - even its allies - like cattle, spying on everyone and everything it sees fit.

Through Snowden, we learned that the NSA over here in Belgium is spying on EU Institutions and on SWIFT. Over the last couple of days, headlines in all national newspapers are dominated by the NSA also having implanted an APT at Belgacom, our biggest and partly state owned telecom operator and ISP. The entire internal infrastructure was fully owned, with sources close to the investigation pointing to C&C servers in the US. If the US was interested in Belgacom's BICS operation in the Middle East and Africa, they could have negotiated a deal with Belgacom and/or the Belgian government. They chose not to and just steal that information. Because they (think they) can. That's what rogue agencies and rogue states do.

OVer the last decades, US foreign policy has alienated many nations across the globe, especially in the Middle East and other muslim countries. An out-of-control NSA today is doing the same thing in Europe and South America, and it will eventually and inevitably come at a cost, both politically and economically. I guess that's the price you ultimately pay for the pursuit of world dominance thinly disguised as "a war on terror". I'm sorry to say, but nobody outside the US is buying that argument any more. The sooner the USG and the NSA get that, the better.

Naive? I don't think soSeptember 19, 2013 4:09 AM

You say that the Internet community must take back the Internet from governments. This is the same community that has so far failed to come to grips with the many less favourable uses of the Internet which, if the Internet remains unregulated, will continue to flourish. The failure here is the marked failure of the community that you wish to take back control of the Internet to deal with spammers, cyber bullies, cyber criminals, terrorists and others who spread hate on the web, etc.

If you wish to have my backing for an Internet without government interference then you will need to come up with, not only a way to counter the government 'abuses' of the Internet (and how are they abuses of cyber space when there are no laws in cyber space - they are only abuses of the laws of the physical world, if indeed they can be proven to be that, which I doubt), but you will also have to show how you intend to deal with 'other' misusers (bullies, criminals, terrorists, etc).

(And before anyone jumps down my throat about PRISM or any other cyber based surveillance programme not being an abusive surveillance programme, I very much doubt that government controlled agencies would be able to spend that much money without someone asking what it was for. The answers that would have had to be given would have been scrutinised by so many lawyers, not to mention politicians, that if it were illegal abuse of their charter it would have come to light then. Cyber criminals on the other hand ...)

Robert de ForestSeptember 24, 2013 12:13 PM

I hope my reply isn't too late to be seen.

In 2000 David Madore proposed a method of protecting free speech by giving all possible origins of a publication plausible deniability: http://www.madore.org/~david/misc/freespeech.html

This proposal demonstrates that technical measures can dramatically change social discussion. In order to subvert David's proposal a state would have to give up the presumption of innocence. At that point nobody living in that state can seriously claim their country hasn't gone too far and many would likely flee or revolt.

Obviously there are countries which do not presume innocence (whether they claim to or not), but the remaining countries still hold enough sway over global society that this kind of tool could still be powerful in guiding discussion.

(I don't recall if I've already mentioned this paper before in the comments of another post, so I apologize if this post is redundant.)

Nick PSeptember 24, 2013 12:49 PM

@ Robert de Forest

It's an interesting idea. However, it suffers from the same major failing of most anonymous publishing schemes: too few people will use it for it to be effective. Matter of fact, the lay person would think of this as going so out of the way and using so much trickery that it would mostly be used by dishonest people. Law enforcement would press the "child molester," "drug dealers," "piracy," and "terrorist" buttons saying it was mostly them using it and they needed "lawful intercept" abilities. They'd straight up seize computers that were part of the network during investigations, deterring many from participating.

If any of this sounds familiar, it's the kind of thing that started happening to networks such as Tor when they became popular among groups LEO's target. And I think this proposal is easier to attack than Tor and some other systems. This one stood out a bit:

"If it can be proved that your pad was generated after the other ones, you lose. It is up to you to find ways to arrange for this to be practically impossible."

Most people do the minimum for performance and usability reasons. The absolute minimum is three pads, recommended min is five pads. And they must somehow ensure the temporal order can't be discovered. Not screwing this up is asking too much of average whistleblower or journalist. The main adversary we're discussing, the NSA, has the capability to pull traffic analysis on all the pads floating around. They might see which of other people's pads you pulled, which you published, etc.

So, instead of the entire OTP search space, the algorithm might be to do a few permutations of the very *small* number of pads most people were working with and have an automated analysis for language (or other) patterns done on it. And if users also included PGP sigs, the analysis would be as simple as finding "PGP" or another word/phrase in the signature.

So, this idea was fun to read and all. Yet, the main legal and usability threats that undermine anonymity networks will still affect it. There might be technical threats. And our current environment of "presumed innocence" is not corrupted (in public's mind) by LEO's looking into people going to extraordinary lengths to hide their communications. Most people think they're probably guilty anyway. And if they don't think so, the past shows that they can be convinced of this via media. So, that scheme won't cut it.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..