
Restoring Trust in Government and the Internet - hatchan
https://www.schneier.com/blog/archives/2013/08/restoring_trust.html
======
junto
The question is then; in a two party system where both offer the blue pill,
who the hell do you vote for? Neither Democrats nor Republicans will change
this. Due to the way that the political system works, a third party isn't
possible. In the UK we have a Conservative/Liberal coalition, where
traditionally Liberals were strong privacy advocates, but now turn a blind eye
to the massive Orwellian/Huxley-esque society growing like hydra's heads in
front of their very eyes. The complaints are muted. The mass media looks the
other way. Why?

To me this means:

\- the system is broken

\- the current political framework (especially in the US) is a fabrication,
designed to make you believe that you have a choice, but in reality your vote
is meaningless and your choice an empty vassal. The red pill is just a blue
pill painted red.

The problem is that the intrusions so far, do not impact the majority in such
a way as to hinder their daily quality of life. The change from a private
world to a 'all-seeing government' is slow, but it is sustained. At some point
we will reach a tipping-point, and then the only option is revolution, because
by that point, the system will have enveloped the public fabric of life so
tightly, that there will be no way to gently extricate ourselves.

It is your (US) own great thinker and do-er that said:

    
    
       “They who can give up essential liberty to obtain a
       little temporary safety deserve neither liberty nor 
       safety.” 
       ― Benjamin Franklin, Memoirs of the life & writings 
         of Benjamin Franklin
    

The irony is that the 'little temporary safety' may well have been a ruse.
Even if Al-Qaeda is a real and present danger to the US at home, I doubt that
the scale of that threat is worth the loss of liberty and the billions of
dollars spent on funding the 'fight against terror'.

~~~
jseliger
_The question is then; in a two party system where both offer the blue pill,
who the hell do you vote for?_

Greens or libertarians, which I have been doing for a long time. Real change
starts at the ballot box.

~~~
RyanMcGreal
The problem with "Real change starts at X" statements is that they necessarily
handwave around the circularity of the problems we face.

We can't get better policies until we elect better parties, but we can't elect
better parties until we address campaign finance and fix the electoral system,
but we can't address campaign finance and fix the electoral system until we
elect better parties willing to pass better policies. And the merry-go-round
goes on and on.

~~~
AnthonyMouse
>We can't get better policies until we elect better parties, but we can't
elect better parties until we address campaign finance and fix the electoral
system, but we can't address campaign finance and fix the electoral system
until we elect better parties willing to pass better policies. And the merry-
go-round goes on and on.

So you have to pick one and fix it. It's an engineering problem.

So for example, you have to fix campaign finance. The people in Washington
aren't going to fix campaign finance in Washington because the system that
exists is the one that got them elected. Ditto for the people in Sacramento,
Albany, etc. But wait, you can have Sacramento and Albany fund the federal
campaigns of Senators running in California and New York (and so on). State
Senators don't get money from K Street, they get money from an entirely
different set of lobbyists, so you can get the bills through by taking
advantage of the regional weakness of the specific opponents. And then do it
the other way around and have the federal government pass a national campaign
finance bill for state-level offices.

That is obviously not a trivial undertaking, but we can't jut say "damn it,
we're stuck in a cycle" and throw up our hands or it'll never get fixed.

~~~
RyanMcGreal
I don't mean to suggest there's nothing people can do. However, it's facile
and unhelpful to suggest that this is a simple engineering problem. The reason
campaign finance is hard to fix is that the people who have the power to fix
it are the very same people who benefit the most from the current system, i.e.
the people who are most effective at securing the financing of wealthy
benefactors.

That's a human problem, not an engineering problem. It can still be solved,
but it won't be solved with an engineering approach.

------
ferdo
I've never trusted the government or the internet. I trust my family and
friends.

"...the three aims of the tyrant. These are, (1) the humiliation of his
subjects; he knows that a mean-spirited man will not conspire against anybody;
(2) the creation of mistrust among them; for a tyrant is not overthrown until
men begin to have confidence in one another; and this is the reason why
tyrants are at war with the good; they are under the idea that their power is
endangered by them, not only because they would not be ruled despotically but
also because they are loyal to one another, and to other men, and do not
inform against one another or against other men; (3) the tyrant desires that
his subjects shall be incapable of action, for no one attempts what is
impossible, and they will not attempt to overthrow a tyranny, if they are
powerless. Under these three heads the whole policy of a tyrant may be summed
up, and to one or other of them all his ideas may be referred: (1) he sows
distrust among his subjects; (2) he takes away their power; (3) he humbles
them."

Politics By Aristotle

[http://classics.mit.edu/Aristotle/politics.5.five.html](http://classics.mit.edu/Aristotle/politics.5.five.html)

~~~
specialist
I only "trust" distrust. Mutual suspicion of belligerents (adversaries) to
keep each other in check. Balance of powers.

I was a _very_ engaged election integrity activist. The reason elections in
the USA worked as well as they did for as long as they did is because no one
trusted the system, each other, etc. Hence the Australian ballot system of
voting. If all the players agree to the count, then I as Joe Citizen have
greater confidence (vs trust) in the results.

The moment anyone mentions "trust", I assume there's a scam of some sort,
either by default or by design.

PS- I sometimes trust family.

~~~
dspeyer
Bruce Schneier may be the wrong blogger for you to follow, then. He talks
about trust all the time. To quote his recent book:

> [T]oday, I passed several strangers on the street without any of them
> attacking me. I bought food from a grocery store, not at all concerned that
> it might be unfit for human consumption. I locked my front door, but didn't
> spare a moment's worry at how easy it would be for someone to smash my
> window in. Even people driving cars, large murderous instruments that could
> crush me like a bug, didn't scare me.

>Most amazingly, this worked without much overt security. I don't carry a gun
for self-defense, nor do I wear body armor. I don't use a home burglar alarm.
I don't test my food for poison. I don't even engage in conspicuous displays
of physical prowess to intimidate other people I encounter.

>It's what we call “trust.” Actually, it's what we call “civilization.”

His point is that we _need_ trust. You _can 't_ actually watch for every
possible betrayal. Trust in fear of retribution will suffice, but there needs
to be some trust, or there can be no complex civilization.

~~~
specialist
re Civilization, I'm in the Robert Wright "Non-zero" camp, where progress is
made when non zero sum alternatives are found to win/lose (zero sum)
situations.

As for Schneier, he's great, have a few of his books, read his blog. The
distinction he doesn't make is between governance and civility. Or perhaps its
a spectrum. If someone else has power over me, or delegated to them thru me
(eg elections), I'm always going to be very skeptical.

To the best of my knowledge, no one has found a better answer to the conundrum
of governance than balance of powers (mutual distrust).

------
twoodfin
It's interesting to compare the framing of this column with Schneier's
commentary on the revelations of NSA surveillance in 2005:

[http://www.schneier.com/blog/archives/2005/12/nsa_and_bushs_...](http://www.schneier.com/blog/archives/2005/12/nsa_and_bushs_i.html)

It's full of "Bush did X", "Bush wanted Y". Now he says the NSA has "gone
rogue". Huh.

If Schneier is as unhappy with today's programs as he was with 2005's, then
perhaps he should communicate a bit more clearly that today's occupant of the
Oval Office could end any of them with a phone call.

~~~
tkellogg
I don't think its as simple as "ending it with a phone call". Billion dollar
programs don't ever get killed that easy.

~~~
twoodfin
It is literally that simple. If Bush ordered this surveillance started, Obama
can order it stopped. The NSA works for him. If they don't do as he asks he
can start firing people until they do.

Obviously Schneier understood this when he wrote his 2005 column.

~~~
gbhn
Yes. The Obama fiasco has been a huge disappointment. I'm interested in ideas
about what could have been done differently -- Obama talked a very good game
during his candidacy about issues of this sort. The really big indicator he
was being dishonest was the post-election flip-flop over unwarranted wiretaps.

Only picking candidates that have a track record of opposition to programs
like this would be good, but such candidates are in very short supply.
(Feingold is about the only one that comes to mind.)

~~~
markost
>post-election

Pre-election. He flip-flopped about the wiretaps prior to his election, after
winning the primaries.

------
jstalin
We should be able to trust the government to do things like run courts, build
roads, and deliver clean water.

We should never trust the government when it comes to standing armies,
criminal prosecutions, intelligence gathering, and expansion of its own power.

~~~
mpyne
> We should be able to trust the government to do things like run courts

> We should never trust the government when it comes to criminal prosecutions

And now I'm confused again. Do all cases simply become civil cases? Murder is
now OK again?

~~~
jstalin
I said the government shouldn't be trusted. That's the point of the
adversarial system.

~~~
mpyne
The same adversarial system that would be used for Snowden, and was used for
Swartz, Ellsberg, Drake, and even DJB?

Admittedly that's kind of a strawman as you're not claiming here anything to
do with those one way or another. But many who don't trust the government to
put people on trial do point to cases exactly like those.

On the other hand if you're simply saying that we shouldn't trust government
to prosecute cases, operate surveillance without oversight, etc. _just
because_ they're the government I would agree with you 100%.

But on the other hand by the definition I wouldn't even trust the government
to deliver clean water or build roads without oversight. As an example of
where even the latter could go wrong I'll point to a book that HN pointed out
to me, "Fatal Purity" about the French Revolution... one of the many examples
of then-current corruption by the nobles was of road-building. The specific
example was of a new provincial road that was argued necessary for the people
to build despite there being an existing road... it was built right up to a
nobleman's estate and then the rest was canceled, leaving the lord with a
gratis road built straight to his property.

Or for a modern example, the famed "Bridge to Nowhere".

So there is no part of government which is inherently trustworthy and worthy
of operating without oversight. But once you've established good oversight
(such as you'd definitely want over criminal prosecutors!), that leaves the
possibility of other government-provided functions open again.

There may certainly still be reasons that government should _not_ perform
those functions, but it wouldn't be about the impossibility of providing
oversight.

------
ihsw
Personally I reserve trust for people, and I have standards and expectations
for non-people. I'm sure General Alexander, DNI Clapper, and Michael Hayden
are good people that would make excellent neighbors (if I were so inclined I
would likely consider them personal friends) -- but in their official duties
they are intractable foes.

I would apply the same term "intractable foe" to every other person acting in
their professional responsibility too: everybody has a mortgage to pay and
mouths to feed. It's perfectly natural to have a strong sense of self-
preservation, and by the same token many cannot have the convenience of a
maintaining a clean conscience. Yes it's a cop-out and yes people like that
are what's wrong with this country, but it's reality.

Not all of us are willing to sacrifice our lives for an ideological cause.

~~~
dspeyer
Do you buy food from a supermarket? Do you test it for salmonella and ecoli
using your own bio-lab?

Do you fly on commercial (or governmental) airlines? Do you personally
preflight the plane?

Even if you trust every member of these organizations, that isn't enough. It's
them acting as organizations that allows them to achieve safety. If you don't
trust organizations, you basically can't function in society.

~~~
specialist
Which organizations do you trust?

------
denzil_correa
The common pattern in the responses of most organizations is "word play".

Skype -

    
    
        Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, 
        because the government was already able to eavesdrop on users.
    

Google and Facebook-

    
    
        Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the 
        smart way for the NSA to get all the data is through sniffers. 
    

Apple-

    
    
        Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database.
    
    

I am surprised that such large organizations are using "word play" to put a
veil on their activities. Are they not aware that they would be found out in
this Internet age? Personally, I think this would make an interesting social
science study.

~~~
ApertureHour
Unfortunately they probably can get away with technicalities. As long as it
sounds reassuring to the vast majority of people who were only engaged enough
with this issue to read a couple of headlines.

------
DanielBMarkham
A lot of people in tech want to complain about innovation. Why are there so
many Farmville apps and nobody seems to be solving important problems?

Well here you are, the biggest and most important problem in modern society
today, the fact that our governments are recording most everything that we're
doing. And they will use these recordings as they see fit in the future. You
couldn't ask for a bigger or more important problem to solve.

~~~
Zigurd
It's solvable, too. If they are interested in having credibility, Internet
services can implement secure communications and storage. They may have to
charge for it because they will forego some ad revenue.

So what to make of the fact that nobody who has loudly declared they are all
for customers' privacy has actually done anything about it?

~~~
DanielBMarkham
Don't forget mesh networking. Seems like mesh with a combination of trusted
anonymous P2P would be very difficult to tap into.

There's lots of nerd fun here for those interested. And there's a big need. A
shame more folks aren't stepping up to the plate.

Just to whet the appetite, how much of the internet do you actually
participate in, versus just consume? Most server stats show a 40-1 or even
200-1 ratio of readers to commenters. And how much unique material is really
out there, anyway? I'd bet a couple hundred MBs of text represents the vast
majority of internet content most consumers passively consume each day.

So why all of this client-server, point-to-point nonsense? For most
consumption content, do some kind of BT for common content distribution, then
use some other solution if a consumer wants to send information the other way.

I understand many will yell "But that violates the TOS!" but screw 'em. If
whenever I get on the internet all my information is being stored against my
will, I have no obligation to abide by any subsequent agreement.

~~~
visarga
Bittorrent is so last decade! We need a replacement that is truly anonymous.
An not just file sharing, but also browsing, email and search.

Problem is, suppose TOR is fixed and we are anonymous on its network, we still
need to NEVER log in with an account we used over clear net. We have to give
up our "friend" lists on FB and followers on Twitter, our karma on reddit, all
that could tie us back to a known identity. We can never email a friend on his
clear net email account. We are reduced to an anonymous identity talking with
anonymous others. It's like 4chan in a way.

So, there, we can have anonymity if we give up our old identities and everyone
we connected with in the past. And that's assuming we can trust TOR. Sad/

A deeper problem is that we need to treat our computers and phones as hostile.
They can push updates with backdoors any time they want, to everyone or to
selected few. Apple, MS and Google hold the update keys of most devices in the
world. We need a secure OS. Maybe it's Linux, if we can be sure it does not
carry hidden backdoors implanted by the state(s).

And even then, we need to trust the hardware. The disk, the networking card,
all components could spy on us. Maybe they too have backdoors.

~~~
MrMan
No snark, this is a chance for the libertarians to be vindicated in a big way.
Let's see if the geniuses of the software/IT world can design and build a
world-wide infrastructure that replaces the DARPA internet, without government
help? It would put paid to a lot of tropes propagated in the last 20 years
about the decreasing importance of the state, the evil of the state (which is
in clear evidence here). Are we capable of allocating capital and human
resources at the scale required? Facebook has a billion users, so the network
effects should be easy to harness, no? Or does it only work for capturing ad
dollars and spying on activists? I am sincerely asking - if there is to be any
hope, we have to advance past the internet as it is technically constituted,
while preserving the huge social gains it has brought.

edit - maybe I should clarify - anonymity is not possible now, and it is at
odds with the values of the police state and, unfortunately, the ad-driven
media economy. I am agreeing that anonymity is important, and asserting that
to reclaim it, we will have to come up with some revolutionary social
constructs on a scale of the space program, that exclude the possibility of
government involvement.

------
coldpie
From the article:

"Accountability means that those who break the law, lie to Congress or deceive
the American people are held accountable. The NSA has gone rogue, and while
it's probably not possible to prosecute people for what they did under the
enormous veil of secrecy it currently enjoys, we need to make it clear that
this behavior will not be tolerated in the future. Accountability also means
voting, which means voters need to know what our leaders are doing in our
name."

We should pay attention to the last sentence especially. Look at how your
elected representatives voted on, for example, the Amash amendment[1]. If your
representative voted against the amendment, let them know that you are not
going to vote for them in the next election, and follow through. If they voted
for the amendment, send them a letter thanking them for standing up for their
citizens' civil rights, and encourage them to continue.

[1] [http://americablog.com/2013/07/amash-conyers-anti-nsa-
amendm...](http://americablog.com/2013/07/amash-conyers-anti-nsa-amendment-
lost-by-12-votes-205-217.html)

~~~
Shivetya
NSA? It seems as if as a whole the Executive branch has. From ignoring laws,
selectively enforcing them, or even delaying when they take effect, the
Executive branch seems hell bent on ignoring Congress and the Courts. Congress
doesn't get a free pass either, but for any Executive branch persons to lie
either directly or by omission should not be acceptable.

I guess we should have realized the day we got Czars

------
maxk42
Why on earth would you want people to trust the government?

That's what got us into this mess.

~~~
Xylakant
You can't verify everything and everyone you're dealing with on a daily basis.
You need to trust someone. If you're not trusting your government you need to
trust the people watching the government. Or the people watching the people
watching the government. Or... It's turtles all the way down from there. The
government acts as a large trust provider in a lot of daily interactions.
Police authority derives from the government. Passports and ID-cards derive
their validity from trust in the government...

So it would be nice if in general we could trust the government and to be able
to trust the government we need them to be open and transparent about what
they do in our name - and held accountable if they fuck up in our name.

~~~
hansjorg
Chain of trust? Maybe the USG is an organization that's too large to put your
trust in.

------
Zigurd
If your service provider isn't a target for NSA snooping, it's a target for
foreign state actor and criminal hacking.

The first step to healing this situation is the radically reduce the need for
trust.

------
0xdeadbeefbabe
Welcome to the press briefing today. Our first agenda item is to discuss where
the drones will attack...

Schneier must not mean that when he talks about coming clean.

Anyone who has been betrayed by a friend or lover can regain trust in that
person somehow, but that's not the same as regaining trust in a group of
people. I don't trust large groups, and how does a whole group (or government)
start down the path of regaining trust anyway? I agree with Mr. Schneier, but
balancing power seems closer to the solution than what he said about the
government starting down a path, coming clean and other things that
individuals do better than groups.

~~~
saraid216
I have an easier time trusting large groups over individual people, because
groups can display trend behavior whereas individuals are always going to have
eccentricities that can't be mitigated by aggregation.

~~~
0xdeadbeefbabe
So call tmobile or verizon they are thankful for your call after all.

~~~
saraid216
That's an awesome non-sequitur and I hope you use it at parties.

~~~
0xdeadbeefbabe
Okay I will, if conversation permits. What are the chances? Probably low.

I'm thinking the premise is that tmobile and verizon care about your call and
the conclusion is that you should call them. That conclusion doesn't follow
the premise because you may not care that they care, but I presupposed you did
because you were talking about trusting groups. When a tmobile support person
thanks me for my call I do not trust that they are truly thankful.

~~~
saraid216
Under this model, you should be calling every single person in the world and
telling them how much you care. Because they're individuals.

------
molbioguy
In addition to the transparency, oversight, and accountability that Schneier
proposes, there also needs to be some ability for the population to reasonably
assess risk. A lot this stuff is driven by fear. And the government does use
that to its advantage to push things through that might otherwise be
objectionable. If the population of our country is scared to death of possible
terrorist attacks (as it seems to be), then I don't see how that same
population will vote/protest to restrict the government as long as it claims
to be protecting them from imminent disaster.

------
lorenzaccio
Schneier pointed out the 'trust and verify' mechanism, i.e. the need to have
accountability on Government policy and actions. That is a basic instrument to
ascertain legality of government actions. However, if we talk about improving
the level of 'trust' in institutions, that is a whole different level. We
can't possibly stop there. Gaining and maintaining 'trust' means a lot more
than simply acting in a legal way and takes more then just verification. I
consider a basic need for establishing trust also the analysis of their
motivation behind certain choices. Government officials are not just
'citizens', and their agencies are not private companies. While the private
citizens and companies can do whatever they want which is not considered
illegal, public officials and agencies are governed by a different concept:
they have a specific mandate/scope and can only perform in that narrow path.
They should not exploit policy wording to perform questionable actions;
especially if such policies are classified and only a restricted number of
people has the ability to review and assess them. If the government wants to
conquer back some form of trust by the public opinion, not only it should
improve transparency, but should also steer from this farce of hiding their
real intentions behind legalese and wordplay contained in all the latest
security related policies.

------
northwest
> Transparency first involves coming clean. Not a little bit at a time, not
> only when you have to, but complete disclosure about everything.

I have this uneasy feeling that they will fight this as long as they can. I'm
not sure true transparency will ever happen, without drastic measures.

Their strategy will probably be:

1) Wait for the end of the revelations

2) Assess the level of public outrage

3) Make the cheapest concessions possible (a bit like Ms Merkel recently
canceling the old "spying pact" that was never used)

------
Executor
People should NOT trust either governments or corporations, ever. Otherwise it
maximizes corruption due to little or no oversight.

------
e3pi
"Restoring Trust in Government and the Internet"

Interesting title, Bruce.

Is this your first `walking in on little kitten feet', getting your tippy-toe
wet, capitulating inverted ClapperSpeak, or `Shark Jump' or `Breaking Bad'?
Too much recent popularity, and now that you're a street celebrity doyen, you
don't want to stampede the restless herd?

You entitle this as a CNN 6 O'clock News headline, sanitized and pleasantly
amilorating our bellowing constant surveillance disgruntlement into a Family
Hour's "Group hug everyone, let's sing Kumbaya, and `Restore Trust'."

Please, not you too Bruce. Not now.

