Snowden And Schneier Point Out Another Reason Not To Undermine Internet Security: Information Asymmetry

from the all-using-the-same-stuff dept

Neither Edward Snowden nor Bruce Schneier needs any introduction around here. So Techdirt readers won't require much encouragement to watch an interview of the former by the latter, conducted last week at the Harvard Data Privacy Symposium. It is frustrating that Snowden emphasizes at the start that he won't be revealing anything new, because he believes it's for journalists, not him, to decide what is in the public interest, and when it can be released. That said, the whole interview is well-worth watching to enjoy the interplay of two people who are experts in the field of security, although in very different ways.

Towards the end, they discuss an issue that hasn't received much scrutiny so far: the relationship between offensive and defensive operations by intelligence services, and between surveillance and security. Here's what Schneier says, around the 50-minute mark:
The NSA has to balance two different focuses: defend our networks, and attack their networks. Those missions made a lot more sense during the Cold War, when you could defend the US radios and attack the Soviet radios, because the radios were different. It was us and them, and we used different stuff. What's changed since then is that we're all using the same stuff: everyone uses TCP/IP, Microsoft Word, Firefox, Windows computers, Cisco routers.

Whenever you have a technique to attack their stuff, you are necessarily leaving our stuff vulnerable. Conversely, whenever you fix our stuff, you are fixing their stuff. This requires a different way of thinking about security versus surveillance, a different way of balancing, that we can't simultaneously do both. And when we look at all the attack tools out there, the vulnerabilities are great but every time we hoard a zero day, hoard a vulnerability, we are leaving ourselves open to attack from anybody.
Snowden builds on that remark, referring to the recent revelation in Der Spiegel that the US has been spying successfully on North Korea's computers for years:
We have compromised their networks, according to the NSA documentation, since 2010. We have been hacking North Korea successfully, and yet it didn't provide us a lot of detail, it didn't provide us a lot of information. We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched, even though we were eating their lunch over and over, over the course of years. But then they hack us once, just one time, with Sony, and everyone in the nation is rending their garments and going: 'this is terrible, they're attacking our basic values,' because it was so much more valuable to them to win once, than it it was for us to win thousands of times.
That asymmetry is why it makes no sense to put or leave vulnerabilities in that "same stuff," as Schneier calls it. Leaving aside any self-interested desire by intelligence agencies to score points by breaking into systems elsewhere using backdoors, the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    BentFranklin (profile), 28 Jan 2015 @ 7:45am

    I thought this was going to be about the asymmetry between the information hoarders, who have all the data and the tools and budgets to analyze and act on it, and the information paupers, (everyone else) who have nothing and yet pay for the hoarders' activities through taxes. It's a kind of strategic flanking. That much power has never been assembled not to be used, and used it will be, against us all, sooner or later, if not already.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2015 @ 12:07pm

    Both Bruce and Ed make excellent points. Bruce's point about leaving security holes in widespread software leaving both sides open to zero day and backdoor attacks. Ed's point about Western society having more of it's infrastructure connected to the internet, and therefore more vulnerable to cyber attacks than North Korea's infrastructure is also food for thought.

    I'm still not convinced the North Korean government was behind the Sony hack. It still looks to be like North Korea is being made the scapegoat by both the real hackers, and the US government.

    If this is indeed what's happening. The real hackers are lulzing at successfully diverting attention away from themselves, and the US government is lulzing about getting to blame North Korea for Sony's weak security. Instead of having to admit it was 'cyber vandals' who caused so much chaos. Which scores points with the White House's MPAA donors.

    It's win-win! Except if you're North Korea, but that's how it goes when you're the scapegoat.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2015 @ 1:50pm

      Re:

      ...I'm still not convinced the North Korean government was behind the Sony hack...

      I still think this was a publicity stunt that got out of control because the producers realized that the movie actually sucked!

      reply to this | link to this | view in chronology ]

    • icon
      John Fenderson (profile), 28 Jan 2015 @ 2:52pm

      Re:

      "I'm still not convinced the North Korean government was behind the Sony hack."

      That's because you're smart enough not to think a thing is true based solely on the assertion by the government that it is true.

      On the whole, the evidence we have about the hack does not point definitively at NK, and there's a lot of evidence that it was someone else.

      reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 28 Jan 2015 @ 7:17pm

      Re:

      It's win-win! Except if you're North Korea ...

      You don't think NK wins by being able to say, "See? Bad people *are* attacking us!" The US gov't is justifying NK's paranoia. The US fell into NK's trap, whether the former had anything to do with hacking the latter or not.

      Suckers!

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2015 @ 12:25pm

    Asymmetric cyber warfare. The US can't win anymore than the redcoats could win a war against ten thousand Mel Gibsons ala "The Patriot". The cyber war and the currency war are raging (and yeah, a LOT of overlap of those) and it's just a matter of time before it becomes very painfully apparent to everyone.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 28 Jan 2015 @ 5:00pm

      The US has been destroying things in order to "save" them

      ever since the Vietnam war.

      The US is now destroying the Internet in order to "save" it.

      The Chinese apparently aren't going to buy from US anymore, and many others are having second thoughts.

      If it weren't for the new markets in Cuba, ;-) our IT exports would be in big trouble.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2015 @ 12:27pm

    imho

    "because it was so much more valuable to them to win once, than it it was for us to win thousands of times."

    This statement shows a great point. When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable. The fact that the ones in power can keep up these double standards is, in a way, amazing.

    reply to this | link to this | view in chronology ]

    • icon
      Pronounce (profile), 28 Jan 2015 @ 3:07pm

      Re: imho

      And it makes it even more amazing to me that the abuse of power and lack of integrity by U.S. leaders is a non-issue to the general public.

      reply to this | link to this | view in chronology ]

      • icon
        Uriel-238 (profile), 28 Jan 2015 @ 3:22pm

        Not so much a non-issue as a resigned truth in this regime.

        Abuse of power and lack of integrity by US leaders has become a norm to which we've become apathetic, because there's nothing to do about it. It's like corrupt or lying representatives, ideological jurists and now brutal, murderous police officers. It's not that the typical lay-person can do anything about them, so we make do in a society we know is bent.

        And some of us have the luxury of being aware. Most people are too busy trying to earn a living or raise children to even concern themselves with what is being lied about, let alone who is doing the lying and getting clean away with it.

        But just because there's no outcry doesn't mean we don't hate it. It means that we're too tired to cry out, and know it wouldn't do any good.

        reply to this | link to this | view in chronology ]

        • identicon
          Pragmatic, 30 Jan 2015 @ 6:00am

          Re: Not so much a non-issue as a resigned truth in this regime.

          From what I've seen on some of the comments sections here and elsewhere, there is a subset of people who actually like it this way because they think it's for them and that they're on the winning side.

          Karl Bode calls it Partisan Nitwit Disease and there sure is a lot of people infected with it.

          If we can find some kind of vaccine for stupidity, you should find that the will of the people will be exerted for the good of all, as it should be.

          reply to this | link to this | view in chronology ]

          • icon
            Uriel-238 (profile), 30 Jan 2015 @ 11:24am

            Human Cognitive Biases

            The status quo will always have an incumbent advantage. There will always be some people compelled to believe the current regime is the best regime, that change is only for the worse, that authority should be obeyed no matter how crazy or heinous their commands.

            This is the failure of the great experiment that is Democracy, in the late twentieth century: we learned that humans do not stay informed as to their own best interests, and for many other reasons will vote against them, such as on ideological principles that actually affect their lives very little.

            It is a stupidity for which we have no cure. But it raises awareness that we've been hacking human instinct for sometime now so as to expand our tolerance for large societies, and hacks tend to have unforeseen side-effects.

            reply to this | link to this | view in chronology ]

    • icon
      tqk (profile), 28 Jan 2015 @ 7:30pm

      Re: imho

      When we, the western world, do something all the time it is accepted and seen as nessesary. But if another country does the exact same thing it is an attack and not acceptable.

      This's been going on for a long time, at least as far back as Kennedy. Cubans install Soviet missiles 90 miles off the coast of Florida, unacceptable!

      Er, what about all those missiles in Turkey targeting Moscow?

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2015 @ 1:01pm

    neither the USA, UK or any of the other 'allied nations' are interested in spying on anyone else, really. it's just a way of being able to say, when the attacks come, that the attacks are terrible, dreadful, despicable! there is never any mention of what has been done by the allies to other countries and governments, that doesn't count. it was just 'keeping us in the game'. the main focus for all the spying is on the people! the ordinary citizens of whichever nation, because they dont have much (if anything) in the way of protection to stop the spying are so much more easy to spy on and to have it done covertly! any organisation that wants to hide things from governments or security forces will surely be much more capable of doing so, wont they?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 28 Jan 2015 @ 1:39pm

    Well, sure, for a security agency, the NSA sure doesn't know how to do serious opsec!

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 28 Jan 2015 @ 2:37pm

    The NSA no longer protects us

    ...any more than Law Enforcement enforces the law.

    They have old names but new agendas.

    reply to this | link to this | view in chronology ]

  • icon
    Pronounce (profile), 28 Jan 2015 @ 3:12pm

    Western Citizens

    "the West has far more to gain from well-wrought online security, and strong encryption, than it has to lose."

    I agree with your statement, Mr. Moody, but inasmuch as Western citizens are free to enjoy the personal benefits of strong encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    WaitWot, 28 Jan 2015 @ 6:34pm

    Proof Positive

    "We missed missile launches, we missed nuclear tests, we missed leadership changes, we missed health issues, we missed military drills. And we even missed the Sony attacks that they launched"

    Leaving aside who did/didn't hack Sony, the statement above is proof positive that massive data surveillance (or in this case targeted surveillance) DOESN'T WORK.

    Of course it wouldn't be put this way to the tech-crippled few in power, quite the opposite .. "we need more surveillance"

    We're all targets, it's just a matter of time

    reply to this | link to this | view in chronology ]

  • identicon
    Richard Matthew Stallman, 29 Jan 2015 @ 2:18pm

    Pardon me, but not all of us use Microsoft Word or Windows.
    Using them makes you totally vulnerable to attack by Microsoft.
    Microsoft can even cut you off from system maintenance, as it did
    with Windows XP.

    See http://gnu.org/philosophy/proprietary/malware-microsoft.html.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Techdirt Gear
Shop Now: Copying Is Not Theft
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.