The NSA/GCHQ spying scandal is far reaching in both scope and the damage it has done to our liberal democracies. It is primarily a political problem, as well as being an IT security issue.
It is also, and this gives me some hope that we can beat this thing, an economic problem.
One important thing that the recently leaked black budget tells us, is what the government considers to be a reasonable price tag for the mass surveillance of every man, woman and child on the planet.
$250 million dollars per year (British figure not known at time of writing, but likely to be in a similar ballpark), is not a particularly large amount of money, and is a figure based on a number of storage and processing assumptions.
Much of the internet traffic is unencrypted and so can be processed live, the contents not stored. Encrypted traffic carries an extra processing and storage overhead; encrypted messages are kept until they can be broken, and processing resources spent trying to break them. Even if some of the algorithms used have been deliberately weakened, there is still a significant number of messages they can’t break.
The $250m/y budget is calculated based on estimates based on these assumptions.
Raising the cost of doing business
What does all this mean?
Well, what this means is that we, the citizens, have a very real way of changing the economics of mass surveillance programs like PRISM and TEMPORA, and significantly increase the price tag. Hopefully, to a level where it becomes politically and economically impractical to run them.
These programs are budgeted and resourced based on the assumption that relatively few people use hard encryption (HTTPS having been compromised), so if there was a marked increase the level of encrypted traffic going over the network, it follows that there would need to be a corresponding increase in resource expenditure in order to maintain the same level of capability. To a point, hopefully, where they are unable to keep up.
Every time you use encryption you help increase the cost of the program, and provide herd protection to your fellow citizen. Even if that encryption has been deliberately weakened, there is still a net gain for the good guys, since some processing resources will still be spent.
Additionally, since they feed data collected through various pattern analysis algorithms (in order to better profile us and to optimise resource allocation), if a significant portion of the dataset were to become unavailable, we can dramatically screw around with the baseline calculations, which may act like a force multiplier.
What I’d like to see
We need to dramatically increase the amount of encrypted traffic on the internet at large (remember, it seems that the security services have been compromising the implementations of algorithms, and sometimes the hardware and RNGs they depend on, not the algorithms themselves. Backdoors will be fixed – in free software implementations at least – and compromised hardware replaced or worked around).
I would like to see everybody making a pledge that everything they send over the internet will be encrypted. As technologist we need to take the lead on this; we have the moral duty to help protect our users, which means designing systems and networks so that they are resilient to subversion and surveillance, and to help people without technical knowledge protect themselves (friends don’t let friends use cleartext, as I’ve discussed before).
Remember, every time you send an encrypted message, you – in a small way – help protect everyone else on the planet.
It’s been a while now since I’ve heard or read anything interesting or original on efforts to counter, um, over-reach on the part of the NSA, GCHQ, et al. The common pundit meme on the market is that there is no technical solution, only a policy, or political one. While I applaud the many earnest online petitions and poignant debating points made by various minority party leaders out there, let me just ask: what the hell have you been paying attention to these last decades? A policy solution? Really? Drafted by whom? Voted into law by whom? Enforced by whom? Check and balanced by… you get where this is going. Before descending into a bout of solutionism, let’s look at the problems of policy.
Problem the first: The majority of incumbent policy makers have a defacto bias against weakening government surveillance. It doesn’t work in their favour. Replace them? Ha. Obama the candidate had all sorts of ethical issues about government spying that evaporated once he became Obama the president. Candidates earn their living by rhetorically challenging issues that suddenly become more complex when they actually wield power.
[youtube http://www.youtube.com/watch?v=7BmdovYztH8%5D
Problem the second: When we’re talking about a policy or political solution, what we’re actually referring to is a legal solution. Or, in other words: ‘There ought to be a law.’ There are a couple of issues with this. The first is this: Laws are themselves technical solutions, and ones fraught with problems. In both network security and safe locks there’s a common truism: You can only create a thing that you can’t break into yourself. A more clever hacker or locksmith will come along and show you what you missed. Lawyers are the technicians in any political solution. What they specialise in are technical challenges. Any law can become circumventable, with the right legal team.
Problem the third: Laws and oversight are laughed at by the agencies we’re talking about. They break them with complete impunity all the time. Copy-and-pasting TechDirt: “NSA analysts have abused their power. Multiple times. The agency has illegally spied on journalists, broken wiretapping laws, viewed President Clinton’s emails and recorded calls from American soldiers back to America, passing around tapes of ones containing ‘phone sex’ or ‘pillow talk.’ That’s just a few instances that we KNOW about.” And they get away with it.
Problem the fourth: If you look at any of the literature made by the companies that peddle spy software to government, one stunning similarity jumps out: It’s all incredibly simplistic and designed for people who don’t understand what they’re looking at. Our elected officials, their appointed advisers and even the people who vote them into office, are amazingly ignorant about both the legal issues involved and the technology used in online surveillance. When asked about the potential for the NSA to abuse its power, Senate Intelligence Committee Chair, Senator Dianne Feinstein had this to say: “I am not a high-tech techie, but I have been told that is not possible.” Rest easy, public.
Problem the fifth: Intelligence agencies don’t seem to know how it works, either. The NSA’s use of MUSCULAR generated so much junk that analysts told them to start collecting less. If what you’re looking to do is find proverbial needles in hay stacks, then you might not want to dump a bunch more hay on top. It’s still not known what threats, if any, these software solutions have thwarted. It seems like the major coup has been to find out if someone on an anti-U.S. jag ever glanced at some porn.
New tech, old strategyStill, we have Bruce Schneier, possibly the most super powered of the technical solution set telling us: “The solutions have to be political. The best advice for the average person is to agitate for political change.” Let’s not disagree with that out of hand, but instead look at the key word here: Agitate. And on this particular issue, what are the effective means of agitation?
Maybe it’s a public demonstration, along agreed routes and with cooperation from the local authorities and some chanting and clever signs and accompanying an angry petition. That’s got such a proven track record. Or, maybe we look at the adversary for what it is, and take efforts to actually challenge it. This leads us back to technical solutions, but with a cause. It’s not enough to tell government agencies you don’t want them to see your private communications. You’ve got to show them you don’t want them to see it. Likewise, telling a government you should have access to content is not the same as showing it that you have access, and that you’ll continue to and that its efforts are not just brutish, but futile. This is agitation. It doesn’t require a petition.
Agitate:
Understand what the current government spying programs do, and what they mean for you. This already puts you ahead of the people you voted for.
Become knowledgeable about encryption technology and its uses. And use it. Increase the cost of government surveillance. There’s a price for looking at any message. Trying to figure out what’s in an encrypted one takes more effort, time and money. Marcus Povey says, “Remember, every time you send an encrypted message, you – in a small way – help protect everyone else on the planet.”
Learn how to unblock online content for yourself and for others you may or may not know. It’s fun, and you’ll feel good.
Run more of your internet traffic through Tor, and support more Tor routers, because the NSA doesn’t like it when people do that, it seems.
If there’s going to be a petition, it should come in the form of millions of people choosing to send messages to one another that look like they don’t want some government agency reading. The political solution is that people need to decide what they want government wonks knowing about them and then act on it.
Given what we now know about the mass surveillance, and attack on the infrastructure of the internet, conducted by Britain’s GCHQ and America’s NSA (as well as their Chinese, Russian, German, etc counterparts).
Given that we now know, for a fact, that almost every byte of non-encrypted traffic is recorded and analysed, shouldn’t we now make a concerted effort to finally deprecate vanilla HTTP in favour of HTTP over TLS (HTTPS)?
When you use HTTP, it is a trivial matter for an attacker to see the content of the pages you visit, when, and how often you visit them. When using HTTP, there is also no guarantee that the content of the page hasn’t been modified without your knowledge, exposing you to all kinds of attacks.
Encryption, by and large, removes these problems, as well as massively increasing the cost of mass surveillance. Is it not time for all of us, as well as standards organisation like the IETF, push to make HTTPS the default? Even during my time I’ve seen insecure protocols like telnet and FTP go from widespread use to being almost completely replaced by secure alternatives (ssh and scp), so could we not do the same with HTTP?
Certificate authorities
Ok, there is one big difference between HTTPS and ssh (ok, many many, but one I care about here), and that is that HTTPS relies on certificate authorities. These are necessary in order to distribute trust, so that browsers can know to automatically accept a certificate and verify the server it is connecting to is who it says it is.
This is much nicer for the average user than, say, manually verifying the server’s fingerprint (as you have to do with SSH), but comes with some pretty serious problems if we were to make it default:
Every site owner would have to get a certificate, and these can only be obtained by a certificate authority if you don’t want browsers to pop up a big red warning, meaning we further bake these guys in to the Internet’s DNA.
Certificate authorities can be directly pressured by governments, so, a government attacker could MITM you on a secure connection and present you with a certificate that your browser accepts as valid, and so will give you no warning (of course, this is much more costly than the blanked mass surveillance that is currently going on).
Getting a certificate either costs money, and/or has restrictions placed on their use (for example, no commercial use, in the case of StartCom). This is really bad, since it essentially requires permission from a third party to launch a site.
It is this last causes me most concern, since it essentially provides an easy way of suppressing minority views.
Imagine that we lived in a world where HTTP had been deprecated, and browsers no longer supported unencrypted HTTP, or could, but you had to request it specifically (essentially the reverse of what we currently have). You wanted to launch a site that expressed a minority view – perhaps you were critical of your government, or you wanted to leak some information about crimes being committed, is it not inconceivable that you could have trouble obtaining a certificate? Given that certificate authorities are companies who worry about their bottom line, and are a convenient point for the bad guys to apply pressure?
If you couldn’t get a certificate in this environment, it could dramatically reduce the audience that would see your site.
So, perhaps before we move to deprecate HTTP, we must first find a better way than certificate authorities to distribute trust? How could we accomplish this? Perhaps we could take advantage of the fact that most people’s browsers automatically update, and so we could distribute browsers with expected certificates for sites hard coded into them (giving an added advantage that we could pin certificates)?
Anyway, its complicated, and I’m thinking aloud here… what are your thoughts?
Thanks for visiting! If you’re new here you might like to read a bit about me. You may also like to follow me on Twitter!
(Psst… I am also available to hire! Find out more…)
Share this:EmailLinkedInTwitterGoogleFacebookReddit