

The Battle for Power on the Internet - hatchan
https://www.schneier.com/blog/archives/2013/10/the_battle_for_1.html

======
scrrr
This is a great piece that should go to top of HN.

We can reverse the trend as consumers, by questioning our consuming behaviour.
And as hackers, by building tools that the users like and which make the web
more free.

Power is where the money is. And power makes legislation. It will only get
harder from now on..

But on the upside, software is a very malleable thing. New applications can be
developed quickly. And they can replace established ones.

~~~
rsync
"We can reverse the trend as consumers"

No, you can't. You can reverse this trend as a _peer_ on the network, but not
as a consumer.

------
r0h1n
Off-topic observation: I like Bruce Schneier, really. But now I dread the
sense of déjà vu that accompanies most of his posts on HN, because each one
gets reposted multiple times. Mostly because Schneier himself reposts all his
columns that appear elsewhere on his own blog after a few days or weeks, and
those reposts get reposted to HN.

For instance, this piece originally appeared at The Atlantic on 24th Oct:

[http://www.theatlantic.com/technology/archive/2013/10/the-
ba...](http://www.theatlantic.com/technology/archive/2013/10/the-battle-for-
power-on-the-internet/280824/)

[https://news.ycombinator.com/item?id=6604967](https://news.ycombinator.com/item?id=6604967)

Of course the original post never got a single comment, so I guess this repost
added more value to the HN community :-/

~~~
endgame
My guess is that people recognised the schneier.com domain.

------
rsync
"Our e-mail, photos, calendars, address books, messages, and documents are on
servers belonging to Google, Apple, Microsoft, Facebook, and so on."

That's not a given. Not only is it trivially easy to host your own email,
there are a number of very positive side-effects of doing so. For instance,
when I email my wife, it's just a local copy operation - no network traffic is
generated, and thus nothing can be intercepted by third parties.

Further, although I have not done it yet, it appears to be only slightly more
technically challenging to provide your own dialtone.

In 2013 the Internet traffic I actually do generate is much more secure than
the Internet traffic I generated 20 years ago. Now I have a VPN to various
endpoints around the globe. That's much better than telnet to tc.umn.edu :)

The disconnect here is that he is talking about particular consumer properties
(walled gardens) that happen to exist on the Internet. It surprises me, given
who the author is.

~~~
CodeMage
Maybe it's trivially easy to host your own e-mail, but isn't it pretty hard to
convince other servers to accept e-mail originating from your host? I haven't
been following things closely, but I remember reading about stuff like DKIM
and SPF and I seem to recall that you need a static IP for some of the stuff
involved. All in all, sounds like a non-trivial hassle and non-trivial cost.

On that note, is there a down-to-earth guide to setting up your own e-mail
host?

~~~
claudius
You need a static IP, yes, but any VPS will get you one, so that can hardly be
an issue. In seven years of hosting my own email I never had issues with
delivering mail to other providers.

Setting up an SMTP daemon and IMAP/POP3 server is rather easy, the most
difficult decision being which SMTPd to choose (I like Postfix, but Exim is
Debian’s default and hence supposedly good as well, others like Courier) and
then reading the relevant manpages :)

If you search for, e.g., "Postfix tutorial", you'll find plenty of reasonably
good guides.

~~~
Theodores
I don't understand why email hosting has to be so difficult. You say it is
easy, which it is if you know what you are doing, but it is not really that
simple, is it? There is no out of the box solution that just works, even the
microsoft effort called exchange is not that. You should be able to configure
a mail server with the ease that you can configure a mail client.

~~~
devicenull
Spam is the reason. Mail servers are easy to set up, it's all the crap you
need to do to actually get your mail accepted that's hard.

~~~
rsync
In 16 years of running my own mail server(s) I have never done anything to
"get my mail accepted", other than make sure relaying is turned off, which I
think it is by default in just about every implementation since 1998.

~~~
zachlatta
Consider yourself lucky. I made the mistake of not setting up my email with
OpenDKIM and virtually all of my mail went to spam for a few months.

------
vorg
> So who wins? Which type of power dominates in the coming decades?

Institutional power will win in the coming decades, but fringe power in the
coming centuries as humans colonize the solar system. Each planet/moon will
eventually have control of its technical infrastructure. In the coming
millenia, as humans journey out to the stars, it will be almost impossible for
one star system to control another. Thank God for the Speed of Light!

> Medieval feudalism evolved into a more balanced relationship in which lords
> had responsibilities as well as rights.

I'm not sure "evolve" is the best word. Diseases killed many surfs in both
Europe and China, often many all at once (e.g. Black Death) which gave the
survivors more power _suddenly_.

~~~
InclinedPlane
I think institutional power is on the wane. The fact that so many institutions
are flexing their muscle is a prime indication. There's a saying "when you're
taking flak you know you're over the target".

I'd say the biggest problem right now is one of awareness and direction. But
as people become more atuned to these latent problems that are becoming more
obvious it will drive ideas and action. Since the problem is not a lack of
know how or resources, it's that growing awareness which will make all the
difference.

Consider the amount of work that has gone into open source projects (like
firefox, linux, apache, rails) and crowd sourced projects (like wikipedia or
stack exchange). With the right kind of well directed projects the tables can,
and will, be turned.

Imagine, for example, a web that was designed to prevent evesdropping and
designed to ensure maximum longevity of content (through duplication).
Something closer to bittorrent than today's web. It would be technologically
challenging, but doable. Then imagine what happens if the equivalent of the
worldwide workforce developing, say, linux was dedicated to developing tools
to decentralize the network.

Over the next few decades the cost of wireless APs will become trivial even as
their capabilities increase vastly. It won't take long before it's possible
for unregulated internetworks with wireless backbones owned by many
individuals to become possible, among many other innovations. At some point
centralized control over communications becomes untenable. And that's just
square one.

------
bshanks
Schneier asserts that the modern situation is like feudalism. There's a bit of
wild west situation in which various groups can cyberattack others and then
hide. Powerful entities like Google and the U.S. government have the capacity
to defend themeselves against cyberattacks, and even to attack, but most
individuals do not; except for the small percentage of technologically
sophisticated individuals, similar perhaps to the warrior classes of old. The
ordinary individuals, like peasants, are stuck with the security
configurations given to them by the feudal lords. The lords usually act in
their own interests, rather than for the interests of the peasants.

However, i opine that there are huge differences that make the feudal metaphor
ill-fitting. Quoting Wikipedia, "In its classic definition, by François-Louis
Ganshof (1944), feudalism describes a set of reciprocal legal and military
obligations among the warrior nobility, revolving around the three key
concepts of lords, vassals and fiefs....A lord was in broad terms a noble who
held land, a vassal was a person who was granted possession of the land by the
lord, and the land was known as a fief....the lord and vassal entered into a
contract in which the vassal promised to fight for the lord at his command,
whilst the lord agreed to protect the vassal from external forces....Since at
least the 1960s, when Marc Bloch's Feudal Society (1939) was first translated
into English in 1961, many medieval historians have included a broader social
aspect that includes not only the nobility but all three estates of the realm,
adding the peasantry bonds of manorialism and the estates of the Church; this
is sometimes referred to as "feudal society" since it encompasses all members
of society into the feudal system.".

The present-day cybersecurity situation involves none of: (1) peasants who to
pay feudal dues (2) a subset of peasants (call them serfs) who were not
permitted to migrate (3) the Church estates (4) vassals and peasants to which
the lords provide land and protection (5) vassalage in which the vassal
promises to provide military service

The first four are debatable. One might say that one's loss of privacy on
facebook is like a feudal due.

Although people are certainly not prohibited from migrating between facebook,
gmail, macOS and their competitors, the high costs of migration from lock-in
and network effects may be thought of as a "soft serfdom" if not an absolute
one.

One might argue that the construct of feudalism is still useful without the
role of the Church.

Internet security differs from physical overland security in the feudal era in
that a distant invading army need not conquer or ally with your neighbors in
order to be able to reach you; cybercriminals can attack you from anywhere in
the world. This has implications for the relevancy of a nearby 'lord' who
gives you land; however one could still argue that the 'land' being given is
something like a software configuration, and to the extent that yours is
vulnerable, so are others running similar configurations, so there is in fact
some way in which it is somewhat more efficient for the lord to protect 'his'
land than for you to contract protection from some other powerful entity on
the other side of the globe.

However the last point, vassalage involving military service, is both
absolutely central to feudalism and entirely lacking in the present-day
cybersecurity situation. Nowdays we exchange money, not service, for
protection, and while this arrangement became common in later feudalism, i
opine that it is because that was not workable at the beginning that feudalism
even arose.

Still, it does seem that the existence of an elite 'warrior class' of
cybersecurity warriors is coming to pass: people with both skills that require
extensive training, and artifacts which are relatively expensive, and whose
skills and artifacts would allow even one of them to decisively defeat large
numbers of untrained, poorly equipped non-warriors. The existence of a warrior
class was one of the primary reasons that the system of feudalism arose. So
perhaps we'll see the emergence of a feudal cybersecurity system sometime in
the future, one in which individual cybersecurity experts, and organizations
who can employ them, subordinate themselves to greater 'lords' by pledging
military service, in exchange for protection and 'land', meaning software
platforms and 'network real estate' (e.g. things like a facebook page).

But there are reasons to doubt that. First, i think feudalism arose during a
time of a breakdown of trade and declining populations; in such a situation a
lord needs to demand military service directly, rather than taxes with which
to buy mercenaries, because of high transaction costs. This is not the case
today; it is easier for facebook to collect money from business activities and
spend some of that on employing cybersecurity professionals, rather than to
grant lavish privileges to those of its users who are cybersecurity experts in
exchange for their labor.

Second, today many governments might choose to prosecute cybersecurity
vigilantes within their borders, making non-state 'armies' of 'cybersecurity
warriors' ineffective.

In summary, what Schneier is talking about is a situation where a variety of
large organizations have a lot of power. Imo feudalism means something more
specific.

------
betterunix
I am not convinced that the solution to criminals increasing their power with
technology is purely political. There are technological solutions as well.
Criminals are raiding bank accounts by tricking people into divulging secret
passwords or other information? Banks can issue smart cards, thus ensuring
that secrets cannot be inadvertently divulged (because the cards cannot
divulge their secrets). Governments are abusing their surveillance powers? We
can build systems that encrypt messages and send the ciphertexts through mix-
nets (or more complicated approaches for things like social networking [1]).

The political side of this should be encouraging or at least not discouraging
the deployment of such technologies. Laws can be changed more easily than
technologies. Deploy a secure infrastructure _now_ ; if the law changes later,
the technology will still protect us.

[1] [https://www.usenix.org/conference/usenixsecurity12/social-
ne...](https://www.usenix.org/conference/usenixsecurity12/social-networking-
frientegrity-privacy-and-integrity-untrusted-provider)

------
walshemj
The other side of this is countrys using the NSA furor as an excuse to create
a more balkanized Internet fire walling off themselves form those nasty
furineers.

~~~
kabouseng
I would hardly call "other countries" reactions just an excuse... If the
internet becomes more balkanized, it is on the NSA and American government's
head, nobody else's.

~~~
walshemj
Really you are very naive the ITU and the usual suspects have been trying for
this for decades as they say "dont waste a crisis"

------
AsymetricCom
It seems Schneier is saying less and less specific, fundamental issues and
speaking more of abstract, high-level political and social concepts. He seems
to have lost all power over his understanding of important breaking security
issues and is left playing catch-up trying to understand what has already
happened. My guess this is a result of the privatization/monitization/markets
of zero-days, re-establishing control of technology by the classic economic
systems, and taking it from engineers and experts.

That said, I don't think I'll bother reading anything else from Schneier's
desk from this point forward. If he thinks that the "battle" is being fought
on the edge of corporate networks, he's lost the trees for the forest. The
real battle is happening for eyes and ears, on the streets, like it always has
been. Less and less, some random person who happens to be the descendant of
some king thinks the way the entire IT market needs to move so that "society"
doesn't collapse, less and less is anyone listening to that person or
believing he has any power. Real Time web of things or whatever you want to
call it, nobody is buying it. If he thinks that people buying an iPod is
signing allegiance to Apple's security forces, well he's wrong. If he thinks
EULAs are going to be enforced in court, he's wrong. So considering those two
flaws in the foundation of his world view, the rest of his rambling screed has
been lost to the world of fiction.

------
nirnira
Well, I doubt a certain Japanese-American political theorist would look too
kindly upon his characterisation of medieval political development...

