
 The US government has betrayed the internet. We need to take it back - trauco
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying
======
tokenadult
After reading this essay by Bruce Schneier, I was reminded of advice I have
given on Hacker News before. Schneier writes, "Dismantling the surveillance
state won't be easy. Has any country that engaged in mass surveillance of its
own citizens voluntarily given up that capability? Has any mass surveillance
country avoided becoming totalitarian? Whatever happens, we're going to be
breaking new ground."

Rolling back a surveillance state and establishing a government with more
protection of individual liberties is something that has been done before. I
have seen it done. I related at greater length here on HN my experiences
living in a surveillance state that included government assassins to eliminate
political opponents at home and abroad.[1] Getting rid of such a regime is not
easy, but it is possible. It takes courage, and it takes unity among the
courageous people making up the freedom movement.

I remind my freedom-loving friends here on Hacker News that there are
resources to help you if you really want to be an idealistic but hard-headed
freedom-fighter. If you are mobilizing an effective popular movement for more
freedom wherever you live, I suggest you read deeply in the publications of
the Albert Einstein Institution,[2] which are compiled by advisers who have
helped bring about democratic transitions in various parts of the world. Not
all of those movements have succeeded yet, but I bet on their long-term
success in China, Russia, Saudi Arabia, Iran, North Korea, Afghanistan, and
wherever freedom is scarce. Remember that the transition from dictatorship to
democracy described in the Albert Einstein Institution publications is an
actual historical process with recent examples around the world that we can
all learn from. Practice courage and practice collective action.

[1]
[https://news.ycombinator.com/item?id=5985720](https://news.ycombinator.com/item?id=5985720)

[2]
[http://www.aeinstein.org/organizationsde07.html](http://www.aeinstein.org/organizationsde07.html)

~~~
jlgreco
As the Berlin Wall fell, the last thing the Stasi did was start shredding.
That shredding only stopped when a mob physically seized control of the
buildings it was taking place in.

The slower you take down a surveillance state, the more time they have to
destroy the evidence of their wrong-doing. I don't know how you can prevent
that. With any luck we _can_ dismantle them, but we will have to cope with the
possibility that after the dismantling is complete, the evidence that the
dismantling was warranted will be long gone.

~~~
jacquesm
Give them time to shred! After all, who is to say what the finders of the data
will eventually end up doing with it. Those documents are proof of wrongdoing,
but they are also a source of possible _future_ wrongdoing.

~~~
jlgreco
I absolutely understand where you are coming from.

However I think it is necessary we preserve those records, as the Federal
Commissioner for the Stasi Archives does, so that crime committed by the
surveillance system and its members can be investigated (being able to
prosecute individuals like Erich Mielke is essential to allow the population
to regain trust in their new government), and the people should be allowed
access to their own files so they can have insight into the full extent of
widespread untargeted surveillance.

You could consider such a preservation to be a shameful monument to what we
became. It would be a lighthouse on the rocks, looking over the wreckage of
countless ships, warning us to stay away.

~~~
aeturnum
I agree that any information left over from a totalitarian regime should be
preserved and available to the interested parties. There's a great deal of
value in preserving the shameful events of the past.

That being said, if I had to choose between stopping "shredding" (or whatever
form the digital equivalent takes) and life / freedom / order / etc, I think
I'd let them shred. We want those records, but they're among the least of many
goals.

~~~
jlgreco
I completely understand. This is actually something that I have 'waffled' on
several times.

What is putting me on the side of preservation right now is the hope that with
preservation, future generations will benefit, but shredding the document
would only help the existing victims. People living in Germany have something
concrete to show their children when they teach them about the value of
privacy. With that, hopefully the "anti-surveillance immunization" will span
generations.

------
DanielBMarkham
Please. No more of this saying it's the US, or the NSA.

It's not correct, it misses the point, and the only thing it accomplishes is
distracting people from the truth.

We built a communication system that is highly vulnerable to corporations and
governments tracking our every move, thought, acquaintance, and opinion. The
list of players that are ready and willing to take advantage of this system is
very long, and includes virtually every government on the planet.

One of the many lessons we learned so far is that governments outrank
corporations. That is, no matter what your fear of the corporate world,
governments can always make each corporation give them the data, then combine
all the data from multiple sources. This makes governments a danger that is an
order of magnitude greater than other parties.

But it's not just a government story. This is a problem with the technology
itself. Ever since the first web tracking code was written, people have wanted
to track every tiny thing you do online. This is just the chickens coming home
to roost. The NSA is the tiniest tip of the iceberg.

The US did nothing unusual, except have citizens ready to stand up and
identify the problem for what it is. Don't make the mistake of nationalizing a
problem that has nothing to do with nations. If you don't understand the
problem, how can you possibly have a chance at forming a solution?

~~~
craigyk
And I, for one, am actually glad to learn that governments do in fact still
outrank corporations.

Re: net security. I just had to complain to our building manager that some
other tenant in the building had appropriated our "assigned" IP address. They
were surprised that that was possible, and I had to explain networking was
designed with convenience over security.

------
pdonis
I like this article because, unlike the other two articles now high on HN's
front page (one from the Guardian and one from the NYT), Schneier actually
mentions other countries besides the US and UK:

 _The NSA 's actions are legitimizing the internet abuses by China, Russia,
Iran and others._

Unfortunately, I'm not sure his proposed solution is doable:

 _We need to figure out new means of internet governance, ones that makes it
harder for powerful tech countries to monitor everything._

As he notes, this hasn't worked well in the past:

 _We need to avoid the mistakes of the International Telecommunications Union,
which has become a forum to legitimize bad government behavior_

As has every other international forum that tries to do "governance" (the
United Nations itself being a prime example). The only international bodies
that have worked reasonably well are the ones that develop standards, without
making any political statements about how to use them: "mechanism, not
policy". The IETF, which Schneier mentions, is such a body, and can certainly
help on the technical side, but I don't see much hope on the political side if
it has to be international. (For one thing, why would the governments of
China, Russia, Iran, and others care what some international "governance" body
says, any more than they care what the UN says?)

~~~
dmarusic16
That's right. Internet utopians need to come to terms with the idea that the
world is and always will be a cruel jungle. There is emphatically no fix for
this. All of human history is testament to this cold, sad fact.

~~~
anigbrowl
Quite; I think it would be more effective for him to run for office and
solicit donations.

~~~
waps
I think there is no solution that combines 1) decentralization 2) governance

Without 1 internet will die -fast-, so giving that up is not possible, aside
from being a horribly bad idea in itself.

So there is no "governance" solution to this. There is a software solution
though.

~~~
anigbrowl
I think there is a governance solution, to wit a constitutional privacy
amendment. But I appreciate you may not agree with this. I'm not at all
convinced you can engineer around it.

~~~
waps
It's pretty obvious you can engineer around it. What I think is a given, is
that you cannot have a global privacy "amendment" passed.

I find it surprising that you use the word "amendment". Does it mean you
understand that such a proposal would have zero chance of getting passed under
most governments ? If so, you must be aware that such an amendment can never
apply to the internet itself, even if the US were to implement it.

Read what the ITU tried to pass during it's last meeting, and then you'll see
where governance leads. Sorry to tell you this, but >70% of the world's human
population lives under extremely restrictive governments, and most of them
wouldn't have it any other way. If internet rule was fair, there would be no
freedom on the internet, not now, not ever, nowhere. Because 300 million
Americans force their way on the rest of the planet is why internet freedom
exists and the only chance it has for the future (and, ironically, probably at
least 60% of those Americans don't agree with their government doing this, but
don't know/care).

Even Europe has more invasive laws than the NSA uses. Refusing to give up
encryption keys is a crime in Europe (even for people who don't live there).
The mere fact that there has to be a warrant before tapping is implemented,
and that ISPs and companies can see and even fight those warrants ... well it
sounds absurd to me. Companies are never trusted with this information in
Europe, and dozens of different agencies (ie. all members of interpol and
their components) can request information like this. Most are not bound by the
rules of the government the person investigated lives in.

~~~
anigbrowl
You mistake my meaning. I'm talking about the context of the US government and
the NSA in particular, the scope of whose powers are defined by the US
constitution.

 _I find it surprising that you use the word "amendment". Does it mean you
understand that such a proposal would have zero chance of getting passed under
most governments ?_

No, and I think you're reading too much into it. I'm talking about a
constitutional amendment because it is the only way to put privacy on an equal
constitutional footing with other governmental imperatives whose existence has
been confirmed by precedent, and which would otherwise prevail in a legal
challenge. As a law nerd, this strikes me as the most effective technical
approach.

------
gaius
"We engineers built the internet" says Schneier, but here is the elephant in
the corner of the room: we built it _badly_. Why? Because it was easy! Take
email for example. Everyone knows there is an email protocol with security
designed in (X.400). But it was too much effort and we were lazy and SMTP was
easy. There are operating systems with security designed in (e.g. VMS). But
Unix was _easy_ and hey we can always bolt on err the wheel group afterwards.

The Internet was betrayed alright, but long before this.

~~~
teeja
Perhaps it "was easy" because we took it for granted that it "couldn't happen
here".

Maybe that was because too many of the principals in the Manhattan Project
were dead. Or, maybe, we don't learn from history, and never will.

------
ihsw
> The American people have betrayed the internet. We need to take it back.

You might think my correction of the title is inflammatory but we shouldn't
forget: America is a constitutional democracy. If the Americans don't like the
situation then they can vote for someone who will enact legislation that
reflects that, meanwhile foreigners cannot influence anything (should they?).
They got the government they deserve, and they alone carry the blame.

Of course, we can also close our borders and fracture the internet, but is it
really necessary? Do we really care about our security and our privacy that
much? We got here too, by tying all of our communications infrastructure into
America, so we have only ourselves to blame.

~~~
ferdo
America is called a constitutional democracy. It started out as a
constitutional republic. In practice, it's closer to a plutocracy and has been
for some time. The average net worth of a US Senator is ~$10 million.
Political solutions will only come about in reaction to technical solutions
that we come up with.

I'd posit that the political classes are an evolutionary obstacle for the
technical community to solve. If successful, we thrive. If unsuccessful,
technology will be owned by the political classes and we're beholden to them
until we solve the problem.

~~~
windexh8er
<< This.

I don't care if the number is wrong on the net worth of a sitting US senator
based on the comment that the actual average is less. If you're net worth is
$2.5M _because_ of your position in the Senate and not because you were a
smart business person prior too then you're paid for and bought.

I heard Senator Franken vehemently avoiding NSA questions on MPR the other
week. He claims to be a proponent of Internet neutrality and privacy, yet his
voting and "amendments" he coauthored day otherwise. He's an actor and a
comedian first which is why he plays well in the political realm until he's
asked direct questions outside of his box of comfort that is the hand that
feeds him.

I'm definitely glad to see Schneier in the position he's weaving into. He's a
great advocate and I support his views, perspectives and ideals to revert the
damage and system that is now in place. I hope that I can tell my
grandchildren Alexander and the posse under and around him were publicly
shamed and stripped of all honors and decorations the United States of America
has unfortunately afforded these puppets. Many of these traitors (of the
American people) need to be made public examples and placed into the same
solitude and torture the whistle-blowers have been subject to.

~~~
torkins
Median senator age is 62. Most Senators are highly educated (many from highly-
paid professions such as legal before they became highly-paid senators) and
married.

Thirty years of high income (100-150K family income in today's dollars) with
10-15% saving and investing in the market can easily result in a net worth in
the low millions, not including inherited investments, long-term real estate
property appreciation, etc. People in their 60s have seen an incredible
appreciation over the past 30 years in most sectors (Just the S&P Index itself
is over 9% annualized over that time frame).

Long story, short, $2.5M is not by any means exorbitant for retirement age
people with an educated and successful life.

It would be a bizarro world where we would want idiot paupers to be Senators,
or even a socio-economically equivalent demographic.

I think most government workers, elected or not, would find the idea that you
work in government for the money amusing to say the least.

~~~
windexh8er
I think the only way to address this concern is to have a net-worth pre-public
servant and a report showcasing annually going forward. I fully understand
that success is not tied to any one or individual facet of life in general -
however being highly educated has no bearing on being highly moral or even
fundamentally believing you're actually serving the greater good of the
people. It may mean you have an indelible way of speaking a good speech or
understanding the game of chess that it seems our government is playing
against the masses.

I'd like to think that all Senators have their caucus at heart, but I've lost
a lot of faith in these sort of people over the years. When they reel on
simple questions around these topics it doesn't help.

------
bct
Government and industry can't betray the Internet, because they never had an
obligation to it. You were naive if you ever thought you could trust them to
be "ethical internet stewards".

Yes, we should be angry. But we should also check the assumptions that led us
to misplace our trust.

------
alan_cx
The US? Im British, what about the damn UK government? We don't have a
constitution to fall back on, and the human rights stuff we do have this
government in particular sees as some sort of clear and present danger. Worse
still, it turns our that we the British are a spy hub for the US to spy on US
allies, Europe. Not to mention all the other countries like Australia and New
Zealand who cant wait to get in to bed with the US jihad on freedom.

The West has lost the plot and any sense of reason or proportion.

------
malandrew
I would really like Schneier to promote the idea that all countries need to
pool their financial resources together to create a large, well funded
organizations that hires more mathematicians of a greater caliber than the
NSA.

The NSA was originally tasked with protecting the communications of the United
States Government, its People and its Institutions. A large portion of that is
encryption research. Now it's doing the opposite, clearly attacking many of
those protections for its own means. Organizationally it can no longer be
trusted, and we now need a second organization to restore order. Every country
in the world that is not the US or the UK has a very real interest in the
existence of such an organization. It's both an issue of economics and
sovereignty.

It is simply not possible to maintain the sovereignty of your country under
the status quo. What's worse is that a country may be losing sovereignty in
ways that they are not even aware of.

------
keyme
There is special "blame" here put on the US government, but I think this is
irrelevant. In pretty much any country today, the foreign intelligence
services are allowed to spy on everyone else except their own citizens. In the
minds of most citizens, this practice might seem reasonable, and maybe
necessary. This, of course, means that everyone, everywhere could be monitored
by (almost) everyone "legally". The basic architecture of the Internet is
naive in that that it does not treat countries as separate, "hostile"
entities, while in fact they most certainly are.

~~~
jlgreco
If you read the article you will see that it calls on engineers to find
technical solutions that will treat all countries as "hostile" entities.

As Bruce points out, the _" this is a political problem and requires a
political solution"_ line of reasoning is only partially true. We need
technical solutions as well.

------
iandanforth
This is a natural outcome of prioritizing 'safety' over 'freedom.'

I have no hope for change until I hear people standing up and saying "I'd
rather die than live without privacy." Or even more powerful "I would rather
my children face danger than fear their own government."

~~~
Falkon1313
How about "I would rather my children face danger from enemies of the state
than from the state itself.", the expanded version being "I would rather my
children face danger from enemies of the state (which it will try to defend
them against) than from the state itself (because, of course, it won't try to
defend them against itself)."

Or the economic angle "I would rather my children face danger from people
other than those that they pay taxes to support, rather than face danger from
those that they do support and trust."

It's about more than just privacy or danger. Like a case of (what should be) a
trusted parent, relative, clergy, etc. abusing someone is in some ways worse
than a random criminal doing it. Both are wrong and bad, but one is wrong on
more levels. And once trust and respect are violated, other things break down
or are called into question.

------
peterwwillis
The only thing that's "broken" here, or been "taken", is our privacy and our
freedom [mainly the freedom of corporations to go about their business without
being forced to spy on their customers with no warrant]. Both of those can
only be re-established through legislation, as any attempt to subvert law
enforcement is going to be responded to with more law enforcement. You can't
hack your way out of this. You have to actually change the laws.

~~~
Falkon1313
Privacy could potentially be engineered to some degree. Someone could devise a
way to do business in which we simply aren't capable of spying on our
customers. It wouldn't be easy, laws would definitely help, but it could be
possible.

Freedom is another matter. The government would be useless without sufficient
force to compel anyone (or corporation) to adhere to the laws. To remedy abuse
of that force against freedom, as you say, we do need laws. Something like a
contract that says "you can have plenty of force to compel any one of us, but
if you consistently violate these agreements, then we may join together with
enough force to overpower you". Maybe it could be done with some amendments to
the constitution. We could call it something like a 'bill of rights' or
something...

------
outside1234
Taking a step back and looking at all of this in its totality, its hard to not
think that Bin Laden won.

~~~
qxcv
> ...its hard to not think that Bin Laden won.

Only if bin Laden's aim was to strengthen the US surveillance apparatus and
step up American military involvement in the Middle East.

~~~
w_t_payne
Or perhaps it was an attempt to destroy the idea that individual freedom and
democratic accountability present an attractive alternative to an Islamic
theocracy? Certainly, you can see how the very idea of personal freedom is an
affront to an ideology based on submission to God and to religious authority.

What better way to discredit freedom than to turn it into an illusion?

------
ffrryuu
In a time of universal deceit - telling the truth is a revolutionary act.

~~~
squozzer
Said another way, "Truth is treason in the empire of lies."

~~~
AsymetricCom
Don't forget, "We are Legion. We do not Forgive. We do not Forget"

------
ballard
The internet moves packets just fine.

Anonymity and secrecy requires careful management of one's online behavior.
Toward these goals, overlay-network apps that encrypt end-to-end with mixnet
proxies using the existing internet would work just fine.

Change for change's sake is useless churn and wholesale change is unlikely for
compatibility reasons.

Think before coding or throwing out the baby with bath-water.

------
michaelwww
It's almost trite at this point to quote John Gilmore with "The Net interprets
censorship as damage and routes around it" but people are implementing work-
arounds and caution procedures as we speak. There's no need to put out a call
to "take it back." It's already happening.

------
Cakez0r
Perhaps it would be possible to use the NSA backdoors to the public's
advantage. Would it be possible to systematically scan the internet for
vulnerable infrastructure and exploit the backdoor to gain access and then
patch the device's firmware to close the backdoor?

------
7952
A start would be to block government IP addresses from civilian websites. It
would send a message.

------
l33tbro
So funny: "this is not the internet its creatoes envisioned". Umm ... Bruce:
the internet was created at DARPa, who obviously have a lot of connections to
the NSA. Maybe they were ... like ... planning this all along, dude (cue: dorm
room bong hit).

------
puma1
[http://www.nytimes.com/2013/09/06/us/nsa-foils-much-
internet...](http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-
encryption.html)

Take it back? Never was ours.

------
Sagat
I just wish the internet wasn't under the control of American people.
Americans can't be trusted to respect other people's rights.

------
marknutter
Stop distracting us from the conflict in Syria!

------
awda
How exactly is the NSA cheating and breaking internet crypto? Can someone
clarify? Edit: Downvoted? Is it a bad question?

~~~
mason240
[http://www.theguardian.com/world/2013/sep/05/nsa-gchq-
encryp...](http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-
codes-security)

US and UK spy agencies defeat privacy and security on the internet

• NSA and GCHQ unlock encryption used to protect emails, banking and medical
records

• $250m-a-year US program works covertly with tech companies to insert
weaknesses into products

• Security experts say programs 'undermine the fabric of the internet'

~~~
awda
Yeah, but what does that mean, for someone who has a reasonable grasp of
crypto, math, software engineering?

For example: "Unlocking encryption." We've heard that they haven't actually
broken (some?) crypto primitives (caveat: with large enough key sizes). What
attack have they actually succeeded in?

The backdooring of proprietary products is interesting, if not surprising.
It's good to see it come to light. You may not be able to trust OSS without
auditing it, but at least you _can_ audit it.

"Undermine the fabric of the internet" is pretty vague.

It sounds like there isn't actually a lot of detail out there yet -- I look
forward to learning more.

------
wowaname
Four words: gated wireless meshing network.

------
ljd
The US or the Internet?

------
icecreampain
"We need to take it back", but what is going to happen is that a couple of
Facebook groups are going to be started, a few tweets written here and there
complaining about how bad it is that the naughty governments are spying on
innocent citizens and then "Let's Dance" or "Friends" or "Big Bang Theory"
will start and people will forget all about the NSA & co.

Or the kids have to be picked up from soccer practice or there's a PTA meeting
where important things like next weekend's bake-sale have to be discussed.

In a few weeks the one-sided war with another CIA-engineered enemy in Syria
will start up and the propaganda has swayed the populace to the camp of
needing surveillance on everyone in the name of keeping the country safe from
the naughty "terrorists" from Syria, who are about to invade the US by
magically flying their troops over an ocean.

The article, written by an intelligent person, is nothing else than naive
dreaming. The author, as much as I enjoy Bruce's security writings, forgets
that although he may be surrounded by a bunch of smart people with similar
ideas, the US/UK/Germany/etc are filled by normal people with normal IQs and
normal children and normal mortgages. Going farther, Africa and China are
filled by people who live on a handful of dollars each day and care only about
feeding and clothing themselves for the day. Good luck getting _them_ on the
anti-surveillance bandwagon.

------
AsymetricCom
We don't really need to ask individual engineers. A lot of this stuff is
public knowledge and documented, as required by law, it just seems like nobody
has bothered looking.

[http://www.cisco.com/web/about/security/intelligence/05_11_n...](http://www.cisco.com/web/about/security/intelligence/05_11_nsa-
scty-compliance.html)
[http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf](http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf)

There are protocols designed and published as part of the security
infrastructure. Whether these protocols are used for good or evil, is really
up to who has setup and configured the hardware. The bottom line is that you
can't _Luddite_ your way back into the golden age of the Internet.

In fact, in a lot of ways, the NSA is just cooping technology that businesses
and black hats were already using. Do you think that only the NSA knows how to
do deep packet scanning or protocol pattern matching?

~~~
tptacek
Did you actually read this document, or did you stop at the term "NSA" in the
title? It's a straightforward set of network operations security requirements.
Can you pinpoint something in it that _weakens_ security? It looks to me like
it's about disabling the insecure defaults.

~~~
AsymetricCom
Of course I read it, but there was no new information, it's simply a generic
"call to arms"

> It's a straightforward set of network operations security requirements.

Oh, Is it?

> It looks to me like it's about disabling the insecure defaults.

Oh really? Mr. Snider has used is podium in _The Guardian_ to tell us to set
up a WiFi password? What article did you read exactly?

