My TEDx Talk

I spoke at TEDxCambridge last month on security and power. Here's the video.

Posted on October 2, 2013 at 6:46 AM • 18 Comments

Comments

Jack DanielsOctober 2, 2013 7:20 AM

Someone should start a public non-profit non-governmental version of NIST, to set security standards without NSA interference.

ScottOctober 2, 2013 11:12 AM

@Jack Daniels

While I agree, it won't solve the problem of inserting backdoors into software and stealing keys. Without a solution at the congressional level, all we can do is protect ourself in the handful of cases when we can use some sort of encrypted communication application combined with Tor.

BryanOctober 2, 2013 11:37 AM

Yes, this is a must watch. It may even be understandable by many lay people, though I do tend to overestimate their abilities often.

It is important to understand the environment before one makes moves to secure one's own information. Tor is good, but not perfect security. With enough taps, even Tor data paths can be traced even if the contents are still hidden. Enforced legislation with working oversight is a must of any path forward.

MeltFouseOctober 2, 2013 12:07 PM

Very clear and concise talk about the realities of the Internet. It is a good jumping off point to begin a far reaching discussion on how to "balance" Internet power.

Boycotting GoogleOctober 2, 2013 12:23 PM

Any chance you could post this on a non-Google site, perhaps archive.org if under a CC license?

unimportantOctober 2, 2013 1:32 PM

@Bryan

IMO, the proposed take on the situation is that you should protest and demand oversight to counter what is going on. The proposal will not be fruitful as long as the public awareness is not focused on what is really going on behind the scenes: The increasing bureaucracy will purposefully incriminate every and all innocents with laughable but strong laws which can only be justified within a certain limited mindset. Property for the people/slaves will be outlawed. Taxation will become insane. 401(k) will be lost. Privacy will only be allowed for the elite but not for the people/slaves.

WillOctober 2, 2013 1:48 PM

Great talk. And I agree we need a balance.

But the problem is that we are talking about going to the bargaining table and striking a 20 or 50 year deal about the future integrity of the internet with congressmen who couldn't care less about any past the next election. All they care about is who is funding the next election.

The government is past the point of rational behavior. They are lying about every single thing in sight. Its like giving money to a drug addict and taking their word that they are going to quit and spend it on food. Even if they do pass some bill, there is no way we can believe they would abide by the law anyway, when they are breaking every law right now without any consequences or anyone ever getting arrested.

Change can only come by reducing their power, which will come by reducing the amount of money they have at their disposal. When there isn't enough money for the hackers and databases and taps, change can happen.

unimportantOctober 2, 2013 2:15 PM

@Will: The government is [...] lying.

Politicians loose accountability when brought near the end of a monetary cycle. One important point in balancing society is the return of accountability. But we should not focus on politicians alone. The system also involves unaccountable judges which will defend manipulated markets.

WillOctober 2, 2013 2:53 PM

@unimportant Agreed. Its the whole system. And we also need tech solutions to validate any political change. We can't just go march on Washington saying "Don't spy on us" and think we'll get somewhere. Things like Perfect Forward Secrecy, Bitcoin, and open source are the only way there can ever be any proof of back doors not existing, encryption keys not being compromised. We need to march on washington for these tech solutions and to get rid of these pointless patents, etc. Otherwise we are back to the same problem of trusting a top secret agency that does top secret spying where everything is confidential to tell us the truth.

ScottOctober 2, 2013 3:03 PM

@Will

Proof only works if people examine it. A crypto protocol inside a 100,000 line program is next to impossible to truly review. We need to modularize our protocols, breaking out each distinct part of every crypto protocol into an individual protocol that can be reused with other protocols, and easily evaluated. The protocols can then be coded into their own individual modules, all of which should be as simple and concise as possible, and easy to validate for correctness. This doesn't happen with modern crypto standards like TLS or PGP, for each of which the specification is over 90 pages.

It's easier to review ten 10-page standards separately, than one 100-page standard, and the code along with it.

unimportantOctober 2, 2013 3:33 PM

@Will

Bitcoins is not anonymous but pseudonymous ;) The system can unveil every layer of transaction when it has obtained the knowledge of a fraction of the Bitcoin wallets (like a Sudoku game). I would consider Bitcoins in the middle between anonymous cash and identifiable bank transactions. And as soon as cash will be outlawed, the freedom of your money transactions will be gone as well: It is not your money any more, but under constant system's watch and regulation.

unimportantOctober 2, 2013 6:43 PM

@Scott: It's easier to review ten 10-page standards separately

Agreed. It is also my simple 2-page answer to the Waasnaar restriction which extends EAX with a 56-bit encryption key of a diffused plaintext and an independent 128-bit authoration key (using two disjoint nonce tweaks).

WinterOctober 3, 2013 3:15 AM

@Neil in Chicago
"Good thing you didn't go to the center of power."

The sad thing is that these arguments were already made by Adam Smith in "The Wealth of Nations" back in the 18th century. But that is the part of his work that is hardly ever cited.

http://www.gutenberg.org/ebooks/3300


To improve land with profit, like all other commercial projects, requires an exact attention to small savings and small gains, of which a man born to a great fortune, even though naturally frugal, is very seldom capable. The situation of such a person naturally disposes him to attend rather to ornament, which pleases his fancy, than to profit, for which he has so little occasion. The elegance of his dress, of his equipage, of his house and household furniture, are objects which, from his infancy, he has been accustomed to have some anxiety about. The turn of mind which this habit naturally forms, follows him when he comes to think of the improvement of land. He embellishes, perhaps, four or five hundred acres in the neighbourhood of his house, at ten times the expense which the land is worth after all his improvements; and finds, that if he was to improve his whole estate in the same manner, and he has little taste for any other, he would be a bankrupt before he had finished the tenth part of it. There still remain, in both parts of the united kingdom, some great estates which have continued, without interruption, in the hands of the same family since the times of feudal anarchy. Compare the present condition of those estates with the possessions of the small proprietors in their neighbourhood, and you will require no other argument to convince you how unfavourable such extensive property is to improvement.

ESVOctober 3, 2013 2:39 PM

I like most of what you've got to say here, but the notion that government -- the least transparent organization in society -- can, should, or must be the driver of corporate transparency seems completely backwards.

It seems much more likely that Government is the very thing that enables corporate entities to persist in a lack of transparency.

ClayOctober 4, 2013 11:14 PM

One thing that I disagreed with was Bruce's point that balanced power is more 'stable.' One semester of International Relations and a general knowledge of WWI leads me to believe that balanced power is actually unstable. What's stable is overwhelming power. Who's more likely to get into a fight, two people of roughly the same size and strength, or Shaq and and someone who's 5'1 and 100 pounds?

I'm not saying that overwhelming power is better -- I think that whenever two forces are at odds, if both have equally valid goals, then the 'fairest' outcome is balanced power. But let's not pretend that it's more stable. Two factions of roughly equal power are two groups who have a legitimate shot at becoming the more powerful of the two. Conflict tends to happen when both sides think they can win, and tends to not happen when a single outcome is inevitable.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Resilient Systems, Inc.