[165496] in North American Network Operators' Group
RE: The US government has betrayed the Internet. We need to take it
daemon@ATHENA.MIT.EDU (Naslund, Steve)
Fri Sep 6 12:04:37 2013
From: "Naslund, Steve" <SNaslund@medline.com>
To: NANOG <nanog@nanog.org>
Date: Fri, 6 Sep 2013 16:02:20 +0000
In-Reply-To: <CA+E3k910LLV1P68n9nwEODyg++Csuokkz3pNvDet9VUKTf5hCA@mail.gmail.com>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
I am unclear on what you mean by technical choice. Are you talking about a=
technical solution to keep the government from seeing your traffic? That =
will not work for two main reasons.
1. The government has a lot more resources and motivation than the average=
company when it comes to security systems. They do not have to be profita=
ble, just effective. Most companies only invest in the security that they =
are required to provide. As a private entity they will be unlikely to want=
to get in a technological arms race with the NSA. Remember these are the =
guys that also design some of the most sophisticated encryption systems in =
the world and have nearly limitless computing power to break such systems. =
They attract some of the most brilliant mathematical minds in the world an=
d actively pursue these employees. You are really unlikely to out "securit=
y engineer" the NSA especially since the USG can control legally what techn=
ology you are allowed to use and export. Who designed your encryption algo=
rithm and which one of your employees is a qualified cryptographer that can=
assure you that it is secure enough. Is he qualified to tell you what bac=
kdoors or capability NSA has to break that encryption method? Do you have =
the technical experts to assure you that no US intelligence service has pen=
etrated your human or technical resources? Do you think no one in your org=
anization would plug something into your network if it comes with a bag of =
cash or a threat attached to it. If so, I think the NSA might offer you a =
lucrative job. Remember these are the same guys who are supposed to break =
the communications of foreign governments and by all accounts are fairly go=
od at it. I don't want to bet my job on defeating them.
2. If the political environment allows, they will simply pass laws along th=
e lines of CALEA to give them the legal right to tap your traffic. Even if=
you won the technological battle they can instantly trump you with key esc=
row and other such legal force means to defeat you. If the political will =
exists they can pass a law requiring you to pass them all information in pl=
ain text. Game over, you lose. Just try to defy a FISA court order or ref=
use a CALEA tap and see how long you are in business. There is always a de=
bate of privacy vs security and there always has been in one form or the ot=
her. This is expressed by the people of this country in their political an=
d economic choices. I know it does not seem like it sometimes but the gove=
rnment will only do what the majority of the people will accept most of the=
time. Every decision a politician makes is a balance between what he want=
s and what he thinks he can get away with. He want the information but it =
is only useful if he maintains his access to power.
As you see, the ONLY solution is the political will to limit the government=
s powers. The only way that is done is to threaten the power structure or f=
inancial structure. The history of the best technical solution winning ins=
ide the US Government structure is pretty weak. POSIX compliance, ADA prog=
ramming, need I say more? I say this as a former network engineer in the U=
nited States Air Force. As far as both parties being responsible for this,=
I agree completely. Everyone knows that information is power and everyone =
wants as much information as they can get. The only way to influence that =
is to make the cost of illegal information collection too high a price to p=
ay for the politicians. The NSA will only use the technology they are allo=
wed to use by whomever is in power. No one over there wants to go to jail =
and most government employees do not want to put their neck on the line if =
they know there is no safety net. The Director of NSA answers to the Presi=
dent. His job is to get the information the USG wants and not get anyone f=
ired doing it. Everything he does is about that balance. If he does not d=
o it, the President will appoint someone who does. Historically the NSA is=
directed by a General officer from the military. They generally follow th=
e orders they are given by the President and that is where the power really=
lies. It is the job of the Congress to oversee that and ensure the limita=
tions are being followed. If that is not happening, it is up to the citize=
ns to replace the President or Congress with someone who will follow the wi=
ll of the people.
Steve
=09
-----Original Message-----
From: Royce Williams [mailto:royce@techsolvency.com]=20
Sent: Friday, September 06, 2013 9:56 AM
To: NANOG
Subject: Re: The US government has betrayed the Internet. We need to take i=
t back
[snip]
http://www.motherjones.com/kevin-drum/2010/02/daniel-ellsberg-limitations-k=
nowledge
I think that Schneier's got it right. The solution has to be both technica=
l and political, and must optimize for two functions: catch the bad guys, w=
hile protecting the rights of the good guys.
When the time comes for the political choices to be made, the good technica=
l choices must be the only ones available.
Security engineering must pave the way to the high road -- so that it's the=
only road to get there.
Royce
[snip]
