Snooping as a service
We've known for years that the early 1990s crypto wars were at best only partially won and at worst completely lost. The key point: whether government could continue to control the deployment of strong cryptography, first via the International Traffic in Arms Regulations preventing export, and second through key escrow, ensuring that any deployed cryptographic systems had a government-accessible back door. When, in 1991, Phil Zimmermann wrote PGP and it got uploaded onto the Internet, it was widely believed that both prongs were doomed. Later, Zimmermann commented that the three-letter agencies could have utterly discredited his work by walking up to him on a stage, shaking his hand, and giving him a medal. Instead, the FBI investigated him for an intimidating while.
The initial problem was and remains that using crypto directly requires minute attention to detail on the part of consumers. Accordingly, for it to protect the many varieties of sensitive information we send across the Internet it has to be built into systems where it becomes invisible. Very few consumers would care to manually attach emissions control systems to their cars or motorbikes every time they set out; very few who are not in hostile situations will trouble to download public keys, check who's signed them, and so on. We use crypto if it's hidden inside mobile phones, Web browsers, and VPNs. Just as we don't inspect the quality of the locks on bank vaults or our front doors, we don't inspect the crypto system. Even if we wanted to, very few of us are qualified.
The later problem was the-S-in-RSA crypto inventor Adi Shamir's third law: Cryptography is typically bypassed, not penetrated. We've had plenty of examples of this, from the DigiNotar incident and the attacks on other certificate authorities to the fact that Tor, intended to provide secure, anonymous browsing, is not really safe if your adversary is large enough.
So, we have to trust the companies who deploy security to make smart choices on our behalf. Many of them can't actually do this: they are no more qualified than we are because they are us. If one of the benefits of the Internet is that it enables anyone to create a business on it, one of the downsides is that the "anyone" may have no clue how to protect its customers. They buy in the security they need from the experts - vendors - eagerly reassure all sides that they've got it all under control. When Mikko Hypponen broke ranks last year to admit that his company, F-Secure, one of the longest-serving anti-virus vendors, had no hope of detecting today's most sophisticated viruses (like Stuxnet), it was a watershed moment. Another came earlier this year, when the attacks on news organizations made plain that against a really determined elite attacker who wants to penetrate your organization in particular, you are basically screwed. What we know now is that we're doubly screwed because the people who are supposed to be protecting us are a fundamental part of the problem. What were all those complaints of going dark about? Camouflage?
As yesterday's revelations make plain our trust model is entirely broken. You have GCHQ and NSA funding research to improve cybersecurity; then you have them paying to keep it from getting too good. The former ZDNet UK editor Rupert Goodwins points out that this shouldn't really be news; for decades software from Crypto A.G. includes a back door granting full access to the NSA. I understand that if I bore the weight of a nation's security on my shoulders I, too, would think what I did was vitally important. Would I think it was more important than every other national interest and every part of the social compact? I hope not.
Bruce Schneier recommends appointing a special prosecutor with no ties and up-ending the secrecy in which the NSA operates. The latter is similar to comments made by the investigative journalist Duncan Campbell last July: "The wraps should come off. We can have more trust if we get these programs out in the open," he said. "The walls of secrecy have to come down. We are an adult society. We have learned that terrorists are among us." In other words: we can be grown-up about joining in the discussion about what kinds of surveillance are needed; if you trust us we can trust you. Instead, as we're inside Philip K. Dick's 1977 novel, A Scanner Darkly, in which the narcs pay the protagonist to spy on himself.
Schneier's solution is to call for engineers to reclaim the Internet by redesigning it. In my daily inbox, I see signs that people are already at their drawing boards. Meantime, since we're already paying for all this surveillance we might get some use out of it. Why shouldn't NSA run a helpful answering service? Things like, "Could you give me the PIN for my bank card?" And, "When's my mother-in-law's birthday again?" And, "What did I say in the email I sent on July 12, 1992?" Goodwins suggested calling it "Snooping as a service". Snaas. Pronounced Snazz. It could be a winner.
Wendy M. Grossman's Web site has an extensive archive of her books, articles, and music, and an archive of earlier columns in this series. Stories about the border wars between cyberspace and real life are posted occasionally during the week at the net.wars Pinboard - or follow on Twitter.