Why NSA's Betrayal Of Internet Security Is Akin To A Massive Public Health Disaster

from the infectious-ideas dept

One of the most shocking of Snowden's revelations was that the NSA and GCHQ are deliberately weakening the Internet's security -- either by undermining standards, or by using zero-day vulnerabilities to break into systems. More recent news about the huge scale of attempts to infect computers with malware only compounds that outrage. It's hard to convey to ordinary Internet users the seriousness of what the NSA and GCHQ have done here, but in a brilliant new column in the Guardian, it looks like Cory Doctorow has done just that:
I think there's a good case to be made for security as an exercise in public health. It sounds weird at first, but the parallels are fascinating and deep and instructive.
Here's the basic insight:
If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.
Because that is precisely what the spying agencies are doing: they are intentionally withholding vital information about threats to your digital health -- the fact that programs you use are vulnerable to infections with malware, or that key security technologies you depend upon have backdoors -- regardless of the serious consequences this might have for you. If you try to imagine doctors doing the same in the case of equivalent threats to your health, you begin to get an idea of the depth of betrayal felt by computer professionals here. Doctorow goes on to point out that this is not just a matter of personal harm; the NSA and GCHQ are degrading the basic digital infrastructure of modern life:
This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us -- that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.

There is no way to weaken security in a way that makes it possible to spy on "bad guys" without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation's information security.

"Virus" has been a term of art in the security world for decades, and with good reason. It's a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what's at stake, let's expand that pathogen/epidemiology metaphor. We'd never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.
Doctorow is right on both counts: we can't allow the NSA and GCHQ to withhold vital information that endangers the digital fabric of society, and the way to stop them is to use this public health metaphor to get that message across to politicians and the general public.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+ Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    BentFranklin (profile), Mar 13th, 2014 @ 5:41am

    The NSA fancies itself as the antibodies and white blood cells of the national corpus. Unfortunately, an overabundance of defense has given this nation a case of lupus.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    Mega1987 (profile), Mar 13th, 2014 @ 6:17am

    I think we can start Calling NSA and GCHQ the AIDS/HIV of the Internet Security....

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Ninja (profile), Mar 13th, 2014 @ 7:21am

    Re:

    Beat me to it. This analogy (along with your biological comparison) is insanely appropriate. Although we do know they keep even "eradicated" pathogens stocked for future... "Uses".

    Which points us to the sad fact that while everybody would be up in arms seeking blood of the Govt if it was about health nobody seems to grasp how critical the problem is when it moves to the digital realm. You know, when "on the Internet" is added and everything becomes black magic.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 8:08am

    Another possible metaphor

    Cory is spot on. But I think that another metaphor would also be appropriate:
    The NSA has 'intimate knowledge' of our Telco infrastructure by tapping cables and through backdoors
    Think of this infrastructure as a body...anybody get the hint???

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Techanon, Mar 13th, 2014 @ 8:27am

    Re:

    You Don't Want to Know

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    me@me.net, Mar 13th, 2014 @ 8:28am

    the applicable term for what they have done

    is treason

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    JR Price (profile), Mar 13th, 2014 @ 8:37am

    Re:

    Does that make Senator Feinstein, Dr. House?

    It's never fucking lupus/the NSA...

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 9:13am

    Re: Re:

    Except that one time it was lupus!

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 9:38am

    Re: Calling NSA GCHQ etc... AIDS

    AIDS = Autocratic Internet Deficiency Syndrome

    Spread through digital communication
    Variety of attack vectors undermining natural defences
    Weakens or mimics natural immune responses (encryption)
    Exposes the host to other opportunistic diseases
    Inevitably fatal if not controlled

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 9:50am

    The analogy also raises another depressing thought: if our "constitutional" governments undermine the public health of our internet infrastructure because, terrorism, what's to prevent them from undermining our biological public health because, terrorism? Remember that the US government caught Osama bin Laden, in part, through a fake vaccination drive (http://www.scientificamerican.com/article/how-cia-fake-vaccination-campaign-endangers-us-all/). Previous to the NSA revelations, I would have viewed such a thought as paranoia and conspiracy. Now...

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    madasahatter (profile), Mar 13th, 2014 @ 10:00am

    Stupidity

    The analogy to typhus or cholera is apt. The spooks do not realize that destroying the web by spreading virus, worms, etc. will rebound on them. First, systems that are shutdown or isolated by definition are unavailable for these vectors. Secondly, like the biological diseases, these could infect your own systems. Third, an alert person might spot the infection, neutralize, and modify it to attack you much like the biological infections gain immunity, evolve.

     

    reply to this | link to this | view in thread ]

  12. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 10:02am

    lol betrayal? you keep ratcheting up the nonsense, rhetoric, and sensationalism and then you wonder why nobody cares about the crusade of the so-called "internet rights activist".

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 11:01am

    Re:

    When you end up in a re-education camp because of something you posted on the net some years before your arrest, you will wish you supported Internet rights.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 11:11am

    "The spooks do not realize that destroying the web by spreading virus, worms, etc. will rebound on them."

    Works as designed.

    Job security and jobs for friends. For ever. And ever.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 11:53am

    Re: Re:

    I'm thinking your tinfoil hat is on a bit too tight.

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    observer, Mar 13th, 2014 @ 12:36pm

    Re: Re: Re:

    While the post you're replying to is a tad extreme, it's hardly a tinfoil hat scenario. Tinfoil hat wearers are typically concerned about something that doesn't and often can't possibly exist, whereas there's hard evidence that the NSA et al have been compromising the security of the internet for their own ends.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 12:44pm

    Re:

    The problem is that this isn't sensationalism. This is what is happening right now (see also: Stuxnet).

    These people have forgotten who it is they actually work for.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    AC Unknown (profile), Mar 13th, 2014 @ 1:58pm

    Re:

    Here. Have both my "Insightful" and my "Funny" votes. This analogy is definitely a good one.

     

    reply to this | link to this | view in thread ]

  19. This comment has been flagged by the community. Click here to show it
     
    identicon
    Anonymous Coward, Mar 13th, 2014 @ 6:35pm

    Re:

    average_joe just hates it when due process is enforced.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    Ray Trygstad (profile), Mar 13th, 2014 @ 8:09pm

    The more I look at it...

    ...the more it seems that The Guardian is the only reliable, objective English-language news source.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Anonymous Coward, Mar 14th, 2014 @ 1:09am

    Re: Re: Re:

    The level of spying being carried out is a dictators dream. It puts in place the system that they would need to try and control the population at at thought police level. All it it needs is the excuse for a dictator to take over. An extreme authoritarian president places a few of his cronies and supporter in key positions and ......

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Anonymous Coward, Mar 14th, 2014 @ 7:07am

    Re: The more I look at it...

    The Guardian is about as reliable and objective as Fox News.

    Two peas in a pod.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    Urgelt (profile), Mar 14th, 2014 @ 11:16pm

    Illegality

    Releasing malware onto the internet is explicitly illegal. So why isn't the Justice Department prosecuting those who do it?

    The answer is obvious. We are no longer a law-governed democracy. Government can do whatever it wishes - assassinate citizens and foreign persons (far from any battlefield), torture, incarcerate with no due process for as long as government wishes, spy on Americans, and infect hundreds of thousands of computers (with more intended) with malware. These are all symptoms of an authoritarian state, which is rule by fiat, not rule of law. And citizens 'have no standing' to challenge government's illegal actions.

    This is a sad day in America.

     

    reply to this | link to this | view in thread ]

  24.  
    identicon
    Pragmatic, Mar 18th, 2014 @ 6:15am

    Re: Re: The more I look at it...

    Is that so? The Snowden leaks turn out to be completely accurate, so stop pretending they don't matter. They do.

     

    reply to this | link to this | view in thread ]

  25.  
    identicon
    GEMont, Mar 18th, 2014 @ 6:24pm

    Re: Illegality

    Stay tuned.

    More to come.

    You'll be going to participate in another undeclared war again real soon.

    Happy Politician Day is here again!!

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.