Security vs. Surveillance

Both the "going dark" metaphor of FBI Director James Comey and the contrasting "golden age of surveillance" metaphor of privacy law professor Peter Swire focus on the value of data to law enforcement. As framed in the media, encryption debates are about whether law enforcement should have surreptitious access to data, or whether companies should be allowed to provide strong encryption to their customers.

It's a myopic framing that focuses only on one threat -- criminals, including domestic terrorists -- and the demands of law enforcement and national intelligence. This obscures the most important aspects of the encryption issue: the security it provides against a much wider variety of threats.

Encryption secures our data and communications against eavesdroppers like criminals, foreign governments, and terrorists. We use it every day to hide our cell phone conversations from eavesdroppers, and to hide our Internet purchasing from credit card thieves. Dissidents in China and many other countries use it to avoid arrest. It's a vital tool for journalists to communicate with their sources, for NGOs to protect their work in repressive countries, and for attorneys to communicate with their clients.

Many technological security failures of today can be traced to failures of encryption. In 2014 and 2015, unnamed hackers -- probably the Chinese government -- stole 21.5 million personal files of U.S. government employees and others. They wouldn't have obtained this data if it had been encrypted. Many large-scale criminal data thefts were made either easier or more damaging because data wasn't encrypted: Target, TJ Maxx, Heartland Payment Systems, and so on. Many countries are eavesdropping on the unencrypted communications of their own citizens, looking for dissidents and other voices they want to silence.

Adding backdoors will only exacerbate the risks. As technologists, we can't build an access system that only works for people of a certain citizenship, or with a particular morality, or only in the presence of a specified legal document. If the FBI can eavesdrop on your text messages or get at your computer's hard drive, so can other governments. So can criminals. So can terrorists. This is not theoretical; again and again, backdoor accesses built for one purpose have been surreptitiously used for another. Vodafone built backdoor access into Greece's cell phone network for the Greek government; it was used against the Greek government in 2004-2005. Google kept a database of backdoor accesses provided to the U.S. government under CALEA; the Chinese breached that database in 2009.

We're not being asked to choose between security and privacy. We're being asked to choose between less security and more security.

This trade-off isn't new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2013, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important.

Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance. For a variety of technical reasons, computer security is extraordinarily weak. If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they're in. If they're not, it's because you're not high enough on their priority list to bother with. Widespread encryption forces the listener -- whether a foreign government, criminal, or terrorist -- to target. And this hurts repressive governments much more than it hurts terrorists and criminals.

Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications. In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way.

This essay previously appeared as part of the paper "Don't Panic: Making Progress on the 'Going Dark' Debate." It was reprinted on Lawfare. A modified version was reprinted by the MIT Technology Review.

Posted on February 3, 2016 at 6:09 AM • 33 Comments

Comments

RobertFebruary 3, 2016 9:24 AM

Dear Mr. Schneier,

I wish you were a politician I could elect. The US and the entire world would be a better place. Many thanks for your effort. Nevertheless, I have no hope that things will change in our favor. Too many power groups have a too big interest in surveillance and control. I have given up.

Rachel CohenFebruary 3, 2016 9:44 AM

Thank you again for providing food for thought on the larger picture of why encryption is important. I am a criminal defense attorney by trade and a mom of four young boys in everyday life. I worry on a few fronts about data and its potential abuse. I don't appreciate having my right to oversee my children's data gathering waived under FERPA and contract for 3rd party vendors to use their data (and that of other public school children) for research but this is more problematic because so few companies or public school entities worry about encryption for anything other than transmission ("at rest" data seems rarely to be kept in encrypted status). I also understand that people like the whole "if you aren't guilty why are you worried" thought process (I heard this a lot when practicing criminal law because the idea that a government or other actor turning blind to incorrect assumptions or acting maliciously in a way that could cause harm to one's liberty is hard to swallow). The fact is that corporate actors don't necessarily keep a "moral compass" like individuals and even when they do, it isn't going to reach the standard we might assume. Also, government actors are pretty much the same. It is important to provide everyone the opportunity to at least consider protections for their communications and so-called protected communications (doctor, attorney, clergy, etc. privileges) should be more than words. In an age where data is king and we are encouraged (often shamed) into technology prime communication, it is really important to consider that potential harm is not just going to come to those guilty of things we consider criminal.

camiloFebruary 3, 2016 9:56 AM

"Of course, criminals and terrorists have used, are using, and will use encryption to hide their planning from the authorities, just as they will use many aspects of society's capabilities and infrastructure: cars, restaurants, telecommunications. In general, we recognize that such things can be used by both honest and dishonest people. Society thrives nonetheless because the honest so outnumber the dishonest. Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process. Weakening encryption for everyone is harmful in exactly the same way."

As much as the poisoning of a terrorist in a restaurant is a terrible example - terrorists are nevertheless humans and as such have rights such as due process, fair trial, etc. - there is another possible imaginary scenario in which common sense will also prove end-to-end encryption to be much more a security solution than a security problem: If we all used end-to-end encrypted communications, would that make us less, or more vulnerable to the criminals and terrorists that are being used as excuse to weaken and defeat end-to-end encryption?

Exactly!

Right now, encryption is the strongest and most robust defense and protection we have against both common criminals and criminal governments, and that is exactly why it’s under attack. If we lose it, there will not be much more left to lose when it comes to securing our right to privacy, the basic judicial principles that depend on it, and the fundamental democratic guarantees that these judicial principles represent.

If government and intelligence agencies get it their way, they will not only legalize and legitimize spying on us - which they partly already have -, they will more importantly, technologically implement it.

The question is if we really want to support the illegal spying of all of us, the criminal breach of everyone’s privacy, along with the many other civil liberties and judicial principles that are inextricably tied to it.

And how we approach this problem is not by letting others decide for us; we have to take part in deciding if we want to live in a world where hiding from intelligence agencies and criminals, who will target us through the exact same vulnerabilities, becomes the norm, while we simultaneously finance and perpetuate the violation of our own rights and the complete destruction of democracy - our political system and our justice system - through our tax money?

Petitions like "Security for all" are simply not enough, it's just a first step of being heard, of showing we are here. But legislating, and directing our legislators according to our will is a whole different game. Making the political system and the justice system work really requires transparency, oversight and accountability, and democracy, just like security, is not a product, it's a process and as such an ongoing and constant - political - battle we can't renounce to, without renouncing to ourselves.

aboniksFebruary 3, 2016 9:57 AM

You're never going to get policy advisors to take the "encryption helps dissidents" argument seriously.

Dissidents that provide us some sort of benefit are treated as a disposable temporary luxury item. The perceived value of that benefit is more than outweighed by the perceived danger inherent in giving our own homegrown dissidents access to secure communications channels. Further, the implication that the US is not one of those "repressive countries" is pretty hard to swallow unless you're blinded by nationalism or fear of the Red Menace and other attendant risks of leaving people alive to conspire outside your borders.

Telling politicians and functionaries whose careers and personal power are based on defining security, enforcing law, and applying punishment that they should help anyone avoid detection and arrest is Quixotic, at best. Encouraging the public to believe that those same lawkeepers will be (or indeed could be) swayed by that kind of argument borders on the disingenuous.

There are lots of reasons for the powerless to desire access to strong and readily available encryption. There are very few good reasons for the powerful to let them have it.

WaelFebruary 3, 2016 10:01 AM

Compare this with the tactic of secretly poisoning all the food at a restaurant. Yes, we might get lucky and poison a terrorist before he strikes, but we'll harm all the innocent customers in the process.

Excellent analogy with one exception: it's "publicly poisoning all the food". Hey, if you're healthy then you shouldn't worry about eating the poison :)

911February 3, 2016 10:21 AM

You're preaching to the choir.
Wake me when you develop a cure for encryption.
Your cure is as bad as the disease.

{ continue; }February 3, 2016 10:35 AM

I have several white papers that detail breaches involving the compromise of keys and/or certificates. They're not required to report the breach because the data was encrypted. Keys and certificates are the number 1 target. And no, encrypting data doesn't just make the attacker move on to an easier target. Old networking technology like this is making security more difficult and reminds me of bacteria that developed antibiotic resistance. Of course, a lot of people are getting rich selling this stuff.

No Solution But CollapseFebruary 3, 2016 11:02 AM

The fact is we are run by criminal governments everywhere who do not respect laws that get in the way of their agendas.

Until the hollowed-out, financialised economies of the world collapse in the forthcoming global depression (looks good for 2016/17), then there is no hope for any substantive changes, since the solution is political and not based on technological silver bullets. Indeed bulk surveillance will just accelerate in all possible combinations.

Let the facade of supposed democratic governments collapse in a burning heap and re-build our institutions from the ground up, based around a true socialist democratic model that serves the 99% - not the plutocratic police states we have now serving the 1%.

Shutting down the plethora of military welfare recipients is also essential, excepting those most critical to national security. These must be majorly reformed (and downsized) so they are fully accountable and focus on genuine threats instead of shutting down dissenting voices they don't like, and trawling for pissant crimes.

Short of abandoning telecommunications, the Internet etc, there is simply no way to avoid being caught in the Stasi dragnet on Prison Planet in 2016. Of course, true extremists will do exactly this and win by not playing the cyber game.

Similarly, if governments want to truly eradicate terrorist threats then they need to engage in honest foreign policy discussions and admit that they caused the problem in the first place by recklessly and callously killing millions on military adventures. The obvious links between fundamentalists in the ME right now and French, US, British, Qatari and Turkish arms/training/funding is a good place to start for the mea culpas.

Indeed, lets quote the former DIA head around the US agenda CAUSING the rise of ISIL in the first place:

Lt. Gen. Flynn, speaking safely from retirement, is the highest ranking intelligence official to go on record saying the United States and other state sponsors of rebels in Syria knowingly gave political backing and shipped weapons to Al-Qaeda in order to put pressure on the Syrian regime:


Hasan: In 2012 the U.S. was helping coordinate arms transfers to those same groups [Salafists, Muslim Brotherhood, Al Qaeda in Iraq], why did you not stop that if you’re worried about the rise of quote-unquote Islamic extremists?

Flynn: I hate to say it’s not my job…but that…my job was to…was to to ensure that the accuracy of our intelligence that was being presented was as good as it could be.

...

Hasan: You are basically saying that even in government at the time you knew these groups were around, you saw this analysis, and you were arguing against it, but who wasn’t listening?

Flynn: I think the administration.

Hasan: So the administration turned a blind eye to your analysis?

Flynn: I don’t know that they turned a blind eye, I think it was a decision. I think it was a willful decision.

Hasan: A willful decision to support an insurgency that had Salafists, Al Qaeda and the Muslim Brotherhood?

Flynn: It was a willful decision to do what they’re doing.

Since treason is a capital offense, I'm sure they'll get right onto this.....

CorbinFebruary 3, 2016 11:08 AM

[] "...the most important aspects of the encryption issue: the security it provides against a much wider variety of threats." []


And that "wider variety of threats" is precisely "the government" itself.

Certainly in the U.S., by far the biggest daily threat to one's security, privacy, liberty and property is the government. The clear historical record of consistent government abuses & direct criminality against the populace is stunning. Yet most people ignore it, preferring to falsely view their government as a trusted force of endless benevolence and protection.

Government politicians & bureaucrats are the "threat".

DarthFebruary 3, 2016 11:24 AM

@Rachel - "if you aren't guilty why are you worried"

How about, "if I'm not guilty, then why are you snooping?"

I never bought into that whole "if you have nothing to hide..." business. Same reason I don't want cameras following me into the bathroom or my bedroom, same reason I wouldn't want a microphone in my living room (think "Smart TV") or the cockpit of my car (OnStar). My own business is my own business, not the government's or anyone else's.

X-RayFebruary 3, 2016 12:57 PM

@Janice Wheeler

I don't know why does this blog attracts so many anarchists.

How so, what poster, what did they say? Please do not level an accusation without presenting any manner of evidence against, effectively, all posters. How is that fair?

I have posted here and lurked very off and on for well over ten years. Usually off, but I have found this blog is very popular amongst information security professionals. It is especially popular with IT SEC professionals who are educated about the history of totalitarianism and believe in the concept of "free" nations. This certainly does mean not a small percentage have or do work in intelligence.

The concept of right weighing of matters, of reasoning, is also high here. Amongst the regular posters anyway. To contrast against unprofessionals way out of their depth who operate by mere brute instinct.

Such people run by fear and emotion, and are guided really entirely by mere unconscious thought processes they are very far from grasping consciously.

Kind of like that kid in the Sixth Sense, "I see dead people. They don't know they're dead."

Dead, asleep, automatons -- various terms can be used.

That is mentionable, because that is exactly how totalitarian nations function. Blindly and without the capacity for either taste, feelings, or hearing.

Freedom is a very new thing for nations. It requires intelligence and care to maintain and continue. It is extremely rare in the history of the world, and in current times. We don't have as much as we should, but we are getting there.

We can certainly lose it all, if we do not abide by the dire warnings of those who founded the bedrock of liberty on which these nations were formed.

We can certainly lose it all, if we forget, and say, "It can never happen here, it can never happen to us."


X-RayFebruary 3, 2016 1:18 PM

@aboniks

You're never going to get policy advisors to take the "encryption helps dissidents" argument seriously.

..

Telling politicians and functionaries whose careers and personal power are based on defining security, enforcing law, and applying punishment that they should help anyone avoid detection and arrest is Quixotic, at best. Encouraging the public to believe that those same lawkeepers will be (or indeed could be) swayed by that kind of argument borders on the disingenuous.

..

There are lots of reasons for the powerless to desire access to strong and readily available encryption. There are very few good reasons for the powerful to let them have it.

Right, and well said, in some ways.

If you mean, for instance, your nation will not seek to protect "dissidents" in their own nation, there is certainly some truth to that.

If, however, you mean your nation, which is at the least nominally "free", by the subtext of your conversation, will not do this for dissidents of other nations, especially those specifically opposed to the very concepts of freedom? Then, no, that is not correct.

The reason for that is multiplefold, and has to do with intelligence, and other ironic reasons:

1. "Free" nations have as their base, default adversary nations which are specifically opposed to freedom, historically and currently
2. There will always be dissident groups in these adversarial nations which are ripe for funding, groups which are opposed to their current regime because they are totalitarian, and groups which also see "Democracy" as the right way to go.
3. Ensuring there are secure and 'as ubiquitous as possible' pathways of communication, remotely, with such groups substantially helps them in terms of communicating, remotely, with intelligence and other forces, such as human rights groups
4. totalitarian nations invariably curtail their people's access to information -- just as cults do (which are also totalitarian in nature). There is good reason for tyrannical groups to do this. Because exposure even to benign and mundane outside information can cause them to "fall away", and the bubble of delusion their government puts on them be broken by even the smallest pin of outside information. This ensures positive dissident groups grow.
5. This helps ensure that dissident groups which work with intelligence do not stand out when they use secure communications means to communicate with each other


These are well worked, deeply understood strategies. Not only widely understood, but specifically, technically, understood. For instance, behind every Soviet Russian mole, there was exposure to outside, banned information... and their 'crisis of conscience' which led them to be so bold as to engage in such works.


But, locally, nationally? No. Free nations have a hard time often accepting dissidence within their own nation. Partly, however, this is because when someone calls themselves a "dissident" in a nation which does abide by significant liberty principles and actions... then what, exactly, are they dissident of? That? Conversely, everyone has strong opinions on how government does good or bad, at all levels, and that is open and constant communication. It is not labeled "dissident" by anyone. Not seriously, anyway.


Does this mean that "the authorities" in free nations are right to argue for "no encryption" by their various fronts on that war... be it mandated backdoors, or be it lowered encryption capabilities, or be it demands for bulk, dragnet style surveillance? No. No, they are not.

But it is not people opposed to the freedom we have who want that.

It is people who want more freedoms, more rights, more justice. People who do not want to see such powers abused. As totalitarian countries do fully abuse such powers, and significantly so.

And they have a history of doing so.

The US has gotten away from that. During the times of Hoover - much of the last century - the FBI did wiretap and extort every federal level of politician, for the purposes of control.

It is not at all hard to do that again, and much worse. And it is not at all hard for groups with those powers to take those powers and use them for the financial profit of their groups, as well as the aforementioned "power" profit.


ThomasFebruary 3, 2016 1:41 PM

The difference between surveillance and security is the difference between feeling safe and being safe.

If you don't know better then surveillance might make you feel safer; the world is fully of nasties and at least somebody is doing something.

"Benign security theater" (things that make you feel more secure without really affecting your actual level of security) is something our host has commented on before:
https://www.schneier.com/blog/archives/2007/01/in_praise_of_se.html

Surveillance to me seems "counterproductive security theater", it may make you feel more secure but it actually makes you less so.

Real DealerFebruary 3, 2016 1:46 PM

The last time I tried to get friends, family and co-workers to use encryption was a complete failure.

Basically, the gold standard system, PGP, is too hard. Every device and email, text client must be set to do encryption, and of course generating and sharing keys is a real PIA. Of course $$$ is involved in purchasing software, and can we really trust American corporations anymore, or not? (Of course not.)

Short version: Everyone yawned and said: "no thanks".

I have to think among a dynamic group of criminals it's the same. Getting a large group of people to use a common core of encryption seems about as hard as herding cats.

Only criminals with the very best technical skills and discipline will use encryption. Real life suggests the one place where having access to encrypted files might be valuable is in the case of a really smart lone actor.

So, no, the internet is not going dark. Police want back doors simply because they want them for the power rush. " Ah ha! I can even read your encrypted porno account". It's another cheap power grab for just 'cause: Just 'cause they want it.

Even if real and easy encryption becomes available to the unwashed mass, I don't see it being used much to perpetrate crimes. The most stupid crooks will still get caught by posting pics of their trophies on Facebook while bragging on twitter.

The smart ones will avoid electronics altogether to make plans and communicate important data.

BTW, I don't think NSA can break or get around encryption done right. They lie about what they can do all the time. Why didn't NSA and the rest know about the French attack ahead of time? One French official alluded the intelligence services get multiple threat plans every day?

Which one is real?

That's a fundamental question which has nothing to do with encryption.

Alien JerkyFebruary 3, 2016 2:28 PM

Assume for the moment that the powers that be get their wish and all encryption is back-doored (sounds like a flick some reality star made) and/or banned from use. Also assume you want a secure communication with your partners of nefarious deeds. Since all communication must be plain text, seems all you and the bandidos need to do is make up code words where a single word, or a specific ordering of conversation has a completely unrelated meaning.

"The duck had a blue feather"

Randomly picking sentences and assigning them to mean something wholly unrelated to the actual meaning would subvert all those laws in a legal way. This would put the corporations and spook agencies back in the same predicament.

Besides all this, seems if they spent some of that technology money on human intelligence, doing old-fashion embed and observe spying, I think they would get much better intel than hoping the bad guys only comuunicate through social media and email.

Jesse ThompsonFebruary 3, 2016 2:52 PM

> Widespread encryption forces the listener -- whether a foreign government,
> criminal, or terrorist -- to target. And this hurts repressive governments
> much more than it hurts terrorists and criminals.

Bruce, know your audience. This is meant to be an article to persuade Government agencies and their decision makers, isn't it?

Then, you have to speak their language.

* Government = us

* Foreign Government = Members of same golf club; Might as well be us

* Repressive Government = Very much us

* Terrorist = Our theatrical mooks

* Criminals = The portion of the population we get to enslave for free private prison labor this week

* Ordinary Citizens = THE ENEMY

So, quit making your article try to pander to ordinary people or you will never perk the attention of government officials. You have to keep laser-focused on what government officials will absorb from their own perspective.

Tell them how supporting strong, end to end encryption solutions and publishing all bug fixes as widely as possible to your citizens/enemies as well as to foreign powers and to their citizen/enemies will help empower them as a repressive government. Tell them how evening the playing field will prevent them being hamstrung, and whistle-blown, and doxxed. Tell them how the enemy (ordinary people's) use of end to end encryption will make them overconfident and easy pray for ordinary, and even legal (important only because honesty is less effort) investigation.

Better still, tell them how this policy will help the reader's favorite agency gain leverage over other three letter agencies in the same government. For this bit to work, go ahead and rely on the reader's failure at critical thinking to prevent them from realizing that sword has to cut both ways.

Otherwise, as long as you are talking about empowering the individual, and especially as long as you are talking about arming dissidents against repressive governments, your intended audience will scoff and say "Haha, yeah, that is the precise opposite of the effect that we are after. Nice try bud!"

BoppingAroundFebruary 3, 2016 4:07 PM

[Completely off-topic] Wael,
> Hey, if you're healthy then you shouldn't worry about eating the poison :)

Or as the military types say, everything is air-droppable at least once.

Janice Wheeler,
Good morning Mr Wallace, how are you?

Lawrence D’OliveiroFebruary 3, 2016 4:09 PM

Encryption is a tool, not a weapon. Tools have predominantly constructive uses, even though they can be used by both good people and bad people. Weapons, on the other hand, are primarily destructive, so restricting their availability primarily hurts the bad people, not the good ones.

That’s why it makes sense to put tight controls on weapons, but not on tools.

AngkarFebruary 3, 2016 5:20 PM

This militarized junta we call a government has got all its bureaucrats treating every scientific advancement as a weapon instead of a right, and fighting to keep it from the public to preserve their monopoly on an insanely totalitarian notion of force. Poison the food is a perfect metaphor to reach statist apparatchiks who've had the concept of rights brainwashed out of them. It's nice and concrete, and it won't panic them because they don't know that food is a right just like the rights they want to poison with surveillance: privacy, freedom of association, and freedom of information.

Snoopy the DogFebruary 3, 2016 9:56 PM

>>Society thrives nonetheless because the honest so outnumber the dishonest.

Your entire argument rests on the validity of this statement. I wish it were true. I hope it is true. Then everything else follows, should be as you say, and frankly that's a world I understand and am comfortable in.

However.

The quote above is worth unpacking because in so doing we see it might not support your argument after all.

It used to be true that if the honest outnumbered the dishonest then the damage the dishonest could do could be kept in check. When a six gun is what you could wreak chaos with, or say a gang with say Winchesters, then yes, the numerical advantage of the honest could eventually be brought to bear effectively on the dishonest and the cost in human life and to society was bearable.

But we are moving into a world which gives unbelievable leverage to the dishonest. I am not talking cyber attacks (although aimed at SCADA equipment responsible for maintaining water supplies and the electric grid, cyber attacks may already be bad enough). No I am talking about custom designed viruses and bacteria and other forms of chemical and germ warfare, previously the providence of nation states. Thanks to DIYBio These technologies can and will fall into the hands of mere assholes and religious headcases in our lifetimes.

At the possible xtreme, these technologies gives small groups and possibly mere individuals the power to deconstruct large swaths of civilization. IF that were ever to occur, rest assured the reaction on the part of people would be to deconstruct what remains of civilization.

So, sure, in the world you grew up in, your logic holds. But this is not the world you grew up in and it's becoming less so everyday.

So what now is your counter-argument? I really wish I had a valid one, but I honestly can't think of one. Ther is a very strong case to be made that privacy and civil liberties are going to have to take a back seat to security unless we can think of some way to counter the nihilistic impulses of each and every member of society.

We spend a lot of money spying and trying to stop people from doing things they want to do. i would like to see us spend as much making people who do not want to do bad things to begin with. I don't know if that means spreading social justice across the glovbe or genetically engineering people to be less violent ,hierarchical and power mad or what, but I feel strongly that we're fighting a war we're going to lose because we keep picking the wrong battles to fight.

Civilization is threatened by people wielding technology. Technology isnot going to stop, no matter what. Yet the only thing we think to do is try to stop it's spread to bad people.How about if we used technology to make people less bad? That way we're not trying to stop technology and we're not left trying to forever stop epople from doing what it is they want to do- two battles we'll eventually lose.

PrivateFebruary 4, 2016 1:41 AM

If the world would be a perfect place and all humans well behaving we would not need one or the other. But there we are in an imperfect world trying to make the best out off it.

We go currently backwards in evolution. The "Innocent till proven guilty" concept in a quite recent idea, and currently everything points to that this concept will be going down....

We are missing the practical enforcement of the values we hold dear. The watchers are not effectively watched...history and a brief look at the news for some countries should teach us that is when things start getting really out of hand.

There is something happening which is very, very worrisome and not fully realized by many people.

We lost the trust in "our" watchers i.e. we no longer trust them to protect us and we start to protect ourselves against others, them and the unkown. It is now "us&them", which is bad, very bad. The people of a state should trust their government also with execution of law and investigations, if that trust is lost it leads to people ignoring rules, first one, then a second, ....a bad road to take

Law enforcement and also security are both necessary and needed. Protection of citizens is a difficult challenge, and I'm pretty sure that most government employees of agencies have a strong feeling that they protect their country and people. But the price is that they dismantle what makes their country: freedom and many of our values that make our society.

If somebody is interested, what this means in practice for a cellular network, that comply to the local telecommunication law and where users expect them to protect them from viruses, malware and hackers. Here is an article on the "inner conflict", but you would need to read german or suffer google translate.

http://www.fiff.de/publikationen/fiff-kommunikation/fk-2015/fk-2015-4/fk-2015-4-content/fk-2015-4-p8

marcFebruary 4, 2016 2:58 AM

People have a right to be secure in their persons, their transactions, their written and spoken communications. Encryption is a valid way to secure those rights in a digital world, that works for people. I don't see an issue with extending those rights to people we might not socially sanction either; equality of rights is part of living in a democracy. We extend rights to everyone because the benefits to everyone vastly outweigh other alternatives.
The discussion of the security trade offs for and against encryption, as you have done, don't frame the issue strongly, and likewise I suspect you find your position to be an up hill battle with the public. It also plays to the framing of the police industry: that in this new digital era we are still understanding, the new rules have to be formed amid the point of view of the police agenda.
Its just not a police issue. Its about what kind of society people want to live in, in the impending future, when those in power have "total information awareness" and they have nothing, except the knowledge that the purpose of power is to be used.

Stuart LynneFebruary 4, 2016 3:28 AM

The (possibly) bigger issue is that while the threat of terrorism and child porn is the most often used reasons that law enforcement needs these tools the vast majority of use is for much more mundane things.

I certainly wouldn't mind if ONLY actual real threats to national security and tracking down child porn purveyors was what was being discussed.

But unfortunately law enforcement at all levels want access. So lets target drug cartels, then drug distribution, then dealers, then users. Its a slippery slope and we see prosecutors applying rico statutes with abandon and over charging just to get a plea bargain.

BuckFebruary 4, 2016 6:44 PM

@Snoopy the Dog

No I am talking about custom designed viruses and bacteria and other forms of chemical and germ warfare, previously the providence of nation states. Thanks to DIYBio These technologies can and will fall into the hands of mere assholes and religious headcases in our lifetimes.
If that's your biggest fear, I would suggest looking into finding some financial backing for clean air and water, modern sewage systems and waste disposal, nutritious foods, and social constructs that do not require contagious sick people to regularly interact with their peers... The human immune system can be quite an effective buffer when well-exercised but not over-taxed!

Snoopy the DogFebruary 5, 2016 7:09 AM

@Buck

Come on. Be serious. I am obviously talking about viruses and biological agents maliciously custom engineered to inflict mass casualties, possibly by being immune to current biological defense systems, both natural and and human-created.

We talk and reason as though that's not coming down the pike at us. Bruce's columns are great; I agree with the sentiments expressed here regarding privacy and the known and proven dangers of having a Big Brother Stasi-style state; it's no joke and a completely plausible avenue through which our nation will be destroyed from within. But how does that fact make DIYBio less of a threat?

Sorry but it seems to me that I am trying to reason about the full spectrum of real threats we face, both current and near-future. I am trying to put together a coherent framework with which to guide our thinking and actions as a species. What I see here and what I don't see Bruce addressing is how we should deal with threats when the threat's characteristics is meaningfully different from what we've all grown up with. When the threat's characteristics include things such as "it takes a team of five and a five million dollars to kill hundreds of millions".

His threat assessment and recommendations for action are good so long as the threat remains within the implied boundaries of his unconscious assumptions. but, with certainity, we're not going to be that lucky.

I am not just being a gadfly; I think Bruce is a first-class, highly expert, yet broad thinker and they're as rare as hen's teeth. So I am trying to engage him and the reader's of this forum to truly engage with the problem - security- as it actually is, in its fullness and complexity.

X-RayFebruary 5, 2016 8:11 AM

@Snoopy the Dog

regarding:
https://www.schneier.com/blog/archives/2016/02/security_vs_sur.html#c6716508

Good response, good points.

And "DIYbiowarfare" is a real threat, like similar ones. First time I heard of that consideration was 2012. A co-worker consultant went on about "bathtub created germ warfare in apartments". You should expect pushback here, at least, as much of the topics are sorrounding 'cry wolf' threats. But, there are also plenty of real threats, and the reason *why* 'cry wolf' threats are disliked is exactly because they obscure real threats.

Ultimately, however, I believe "DIYbiowarfare" is just one scenario of many. So larger picture is we need to get the world stable. Having reached a good agreement with Iran, this leaves North Korea, and large portions of unstable populations across the Muslim world. Not any of their regimes, however, at this current time. Only "ISIS", if they can be called a "regime".

In the US, specifically, internally, there remains some severe problems with the justice system that needs to be worked out.

You can't incarcerate for extremely long periods of time people whose only crime was using drugs, of the illegal variety. Just to escape what is such a miserable life, they feel a need to do so. That is not a solution, and it is a heavy injustice.

Such things create environments of instability.

Even with "DIYbiowarfare", you usually are still talking about the well financed, the highly obscure and well trained. And so the major threat is from either direct or indirect nation state financing.

North Korea is the major remaining threat on that level.


BuckFebruary 5, 2016 4:25 PM

@Snoopy the Dog

Come on. Be serious.
Oh, I'm being completely serious, but perhaps my message was lost in translation. For arguments sake, I'll assume that it is indeed possible (and easy enough) to design viruses or bacteria that can consistently bypass/deconstruct the immune system over large swaths of the population... You still need an effective transmission vector to reach epidemic proportions. What I propose would allow those who came in contact with an infectious symptomatic patient to effectively self-quarantine. This is not possible at the moment, because doing so would mean loss of sustenance and shelter from the elements, leading to eventual death and likely additional unnecessary infections. That does not mean it must always remain impossible in the future though...

AnonFebruary 5, 2016 6:29 PM

Was the lack of encryption really the central problem with the OPM hack? If a hacker owns your network completely enough to steal your entire database, what's to stop them from stealing the keys used to encrypt the database. The keys have to be stored somewhere.

mntFebruary 7, 2016 10:47 AM

@Buck:

The kind of threats that Snoopy is talking about, will become more common in the future. Molecular Manufacturing is going to eventually bring it within the grasp of single individuals with very moderate amount of resources. http://crnano.org/dangers.htm Even though we see it coming (and that site has been around for over a decade), there might not be much we can do about it. MNT or other technologies might shift the balance significantly in favor of attackers. Defending against that is going to be hard.

Clive RobinsonFebruary 7, 2016 2:12 PM

With regards bio-weapons...

So far --as we know-- the have not been effectivly weaponised, in part it is because of conflicting requirments.

Overly simply you have three stages to get to first base,

1, Requirments.
2, Design.
3, Development.

Of your vector, but you then have two more bases to get through before you have the basis of a bio-weapon. The first being the "vector production" phase the second being the "deployment phase".

It's actually quite hard to produce bio-vectors in quantity --it's one of the reasons Botox is the most expensive thing on earth by weight-- and even harder to package store and transport them. All jokes aside they can have a very short shelf life, and in the event of an accident, it's not simple to clean up the resulting mess (if it was they would be no use as a weapon).

But even the difficulties and costs of the second base "production phase" pale in comparison to having an effective delivery system and methodology for the third base "deployment phase".

The methodology of the deployment phase should be clarified before the requirments phase of forst base.

To be effective as a weapon a biological vector needs to have certain charecteristics. One of which is that it does not "blow back" against those deploying it, otherwise they will be the first victims and "out of the game" before they can get at the actual intended victims in any significant numbers. Thus from some limited asspects a long incubation period is desirable which tends to reduce a bio-weapons lethality.

The worlds number one killing pathogen currently is malaria, but a quick look at the figures shows it has a very low mortality rate. In 2015 WHO indicates[1] there were ~214million reported clinical events but only 438 thousand deaths, even though aproximatly half the worlds population is at risk and few of them have sufficient medical help.

Further what was considered the most dangerous pathogen just a couple of years ago has had a remarkable change in it's death rate. Ebola was concidered a certain death in quite horrific circumstances but the last outbreak spured the medical research community along with changes in the law and the results are quite frankly astounding.

And this is the point, we can expect any bio-vector to be of limited effect as a weapon. And when compared to recruiting a bunch of hot heads who want to go out and kill themselves and others with guns and explosive vests, it is neither as economic or as effective...

Biological and chemical weapons sound great in theory and adult fiction, but in practice they have not shown that they have real worth on the battlefield or against civilian populations in asymetric warfare.

Even nuclear accidents are showing that "dirty bombs" are not likely to be as dangerous as previously thought[2]. Each year Chernobyl effectivly "re-writes" the book on our understanding, with wildlife flourishing in areas that were once thought to be impossible for life to exist for any length of time due to the high levels of background radiation.

[1] http://www.who.int/features/factfiles/malaria/en/

[2] http://www.iflscience.com/environment/long-term-trends-show-how-after-chernobyl-wildlife-thriving

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.