Snowden And Schneier Point Out Another Reason Not To Undermine Internet Security: Information Asymmetry
from the all-using-the-same-stuff dept
Neither Edward Snowden nor Bruce Schneier needs any introduction around here. So Techdirt readers won’t require much encouragement to watch an interview of the former by the latter, conducted last week at the Harvard Data Privacy Symposium. It is frustrating that Snowden emphasizes at the start that he won’t be revealing anything new, because he believes it’s for journalists, not him, to decide what is in the public interest, and when it can be released. That said, the whole interview is well-worth watching to enjoy the interplay of two people who are experts in the field of security, although in very different ways.
Towards the end, they discuss an issue that hasn’t received much scrutiny so far: the relationship between offensive and defensive operations by intelligence services, and between surveillance and security. Here’s what Schneier says, around the 50-minute mark:
The NSA has to balance two different focuses: defend our networks, and attack their networks. Those missions made a lot more sense during the Cold War, when you could defend the US radios and attack the Soviet radios, because the radios were different. It was us and them, and we used different stuff. What’s changed since then is that we’re all using the same stuff: everyone uses TCP/IP, Microsoft Word, Firefox, Windows computers, Cisco routers.
Whenever you have a technique to attack their stuff, you are necessarily leaving our stuff vulnerable. Conversely, whenever you fix our stuff, you are fixing their stuff. This requires a different way of thinking about security versus surveillance, a different way of balancing, that we can’t simultaneously do both. And when we look at all the attack tools out there, the vulnerabilities are great but every time we hoard a zero day, hoard a vulnerability, we are leaving ourselves open to attack from anybody.
Snowden builds on that remark, referring to the recent revelation in Der Spiegel that the US has been spying successfully on North Korea‘s computers for years:
We have compromised their networks, according to the NSA documentation, since 2010. We have been hacking North Korea successfully, and yet it didn’t provide us a lot of detail, it didn’t provide us a lot of information. We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched, even though we were eating their lunch over and over, over the course of years. But then they hack us once, just one time, with Sony, and everyone in the nation is rending their garments and going: ‘this is terrible, they’re attacking our basic values,’ because it was so much more valuable to them to win once, than it it was for us to win thousands of times.
That asymmetry is why it makes no sense to put or leave vulnerabilities in that “same stuff,” as Schneier calls it. Leaving aside any self-interested desire by intelligence agencies to score points by breaking into systems elsewhere using backdoors, the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose.
Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+
Filed Under: bruce schneier, ed snowden, information asymmetry, surveillance
Comments on “Snowden And Schneier Point Out Another Reason Not To Undermine Internet Security: Information Asymmetry”
I thought this was going to be about the asymmetry between the information hoarders, who have all the data and the tools and budgets to analyze and act on it, and the information paupers, (everyone else) who have nothing and yet pay for the hoarders’ activities through taxes. It’s a kind of strategic flanking. That much power has never been assembled not to be used, and used it will be, against us all, sooner or later, if not already.
Both Bruce and Ed make excellent points. Bruce’s point about leaving security holes in widespread software leaving both sides open to zero day and backdoor attacks. Ed’s point about Western society having more of it’s infrastructure connected to the internet, and therefore more vulnerable to cyber attacks than North Korea’s infrastructure is also food for thought.
I’m still not convinced the North Korean government was behind the Sony hack. It still looks to be like North Korea is being made the scapegoat by both the real hackers, and the US government.
If this is indeed what’s happening. The real hackers are lulzing at successfully diverting attention away from themselves, and the US government is lulzing about getting to blame North Korea for Sony’s weak security. Instead of having to admit it was ‘cyber vandals’ who caused so much chaos. Which scores points with the White House’s MPAA donors.
It’s win-win! Except if you’re North Korea, but that’s how it goes when you’re the scapegoat.
Re: Re:
…I’m still not convinced the North Korean government was behind the Sony hack…
I still think this was a publicity stunt that got out of control because the producers realized that the movie actually sucked!
Re: Re:
“I’m still not convinced the North Korean government was behind the Sony hack.”
That’s because you’re smart enough not to think a thing is true based solely on the assertion by the government that it is true.
On the whole, the evidence we have about the hack does not point definitively at NK, and there’s a lot of evidence that it was someone else.
Re: Re:
You don’t think NK wins by being able to say, “See? Bad people are attacking us!” The US gov’t is justifying NK’s paranoia. The US fell into NK’s trap, whether the former had anything to do with hacking the latter or not.
Suckers!
Re: Re: Re:
From what I’ve heard of their capabilities, I wouldn’t have given them that much credit.
Asymmetric cyber warfare. The US can’t win anymore than the redcoats could win a war against ten thousand Mel Gibsons ala “The Patriot”. The cyber war and the currency war are raging (and yeah, a LOT of overlap of those) and it’s just a matter of time before it becomes very painfully apparent to everyone.
Re: The US has been destroying things in order to "save" them
ever since the Vietnam war.
The US is now destroying the Internet in order to “save” it.
The Chinese apparently aren’t going to buy from US anymore, and many others are having second thoughts.
If it weren’t for the new markets in Cuba, 😉 our IT exports would be in big trouble.
imho
“because it was so much more valuable to them to win once, than it it was for us to win thousands of times.”
This statement shows a great point. When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable. The fact that the ones in power can keep up these double standards is, in a way, amazing.
Re: imho
And it makes it even more amazing to me that the abuse of power and lack of integrity by U.S. leaders is a non-issue to the general public.
Re: Re: Not so much a non-issue as a resigned truth in this regime.
Abuse of power and lack of integrity by US leaders has become a norm to which we’ve become apathetic, because there’s nothing to do about it. It’s like corrupt or lying representatives, ideological jurists and now brutal, murderous police officers. It’s not that the typical lay-person can do anything about them, so we make do in a society we know is bent.
And some of us have the luxury of being aware. Most people are too busy trying to earn a living or raise children to even concern themselves with what is being lied about, let alone who is doing the lying and getting clean away with it.
But just because there’s no outcry doesn’t mean we don’t hate it. It means that we’re too tired to cry out, and know it wouldn’t do any good.
Re: Re: Re: Not so much a non-issue as a resigned truth in this regime.
From what I’ve seen on some of the comments sections here and elsewhere, there is a subset of people who actually like it this way because they think it’s for them and that they’re on the winning side.
Karl Bode calls it Partisan Nitwit Disease and there sure is a lot of people infected with it.
If we can find some kind of vaccine for stupidity, you should find that the will of the people will be exerted for the good of all, as it should be.
Re: Re: Re:2 Human Cognitive Biases
The status quo will always have an incumbent advantage. There will always be some people compelled to believe the current regime is the best regime, that change is only for the worse, that authority should be obeyed no matter how crazy or heinous their commands.
This is the failure of the great experiment that is Democracy, in the late twentieth century: we learned that humans do not stay informed as to their own best interests, and for many other reasons will vote against them, such as on ideological principles that actually affect their lives very little.
It is a stupidity for which we have no cure. But it raises awareness that we’ve been hacking human instinct for sometime now so as to expand our tolerance for large societies, and hacks tend to have unforeseen side-effects.
Re: imho
This’s been going on for a long time, at least as far back as Kennedy. Cubans install Soviet missiles 90 miles off the coast of Florida, unacceptable!
Er, what about all those missiles in Turkey targeting Moscow?
neither the USA, UK or any of the other ‘allied nations’ are interested in spying on anyone else, really. it’s just a way of being able to say, when the attacks come, that the attacks are terrible, dreadful, despicable! there is never any mention of what has been done by the allies to other countries and governments, that doesn’t count. it was just ‘keeping us in the game’. the main focus for all the spying is on the people! the ordinary citizens of whichever nation, because they dont have much (if anything) in the way of protection to stop the spying are so much more easy to spy on and to have it done covertly! any organisation that wants to hide things from governments or security forces will surely be much more capable of doing so, wont they?
Well, sure, for a security agency, the NSA sure doesn’t know how to do serious opsec!
The NSA no longer protects us
…any more than Law Enforcement enforces the law.
They have old names but new agendas.
Western Citizens
“the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose.”
I agree with your statement, Mr. Moody, but inasmuch as Western citizens are free to enjoy the personal benefits of strong encryption.
Proof Positive
“We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched”
Leaving aside who did/didn’t hack Sony, the statement above is proof positive that massive data surveillance (or in this case targeted surveillance) DOESN’T WORK.
Of course it wouldn’t be put this way to the tech-crippled few in power, quite the opposite .. “we need more surveillance”
We’re all targets, it’s just a matter of time
Pardon me, but not all of us use Microsoft Word or Windows.
Using them makes you totally vulnerable to attack by Microsoft.
Microsoft can even cut you off from system maintenance, as it did
with Windows XP.
See http://gnu.org/philosophy/proprietary/malware-microsoft.html.