Hacker News new | past | comments | ask | show | jobs | submit login
When It Comes to Security, We’re Back to Feudalism (wired.com)
83 points by dsr12 on Nov 26, 2012 | hide | past | favorite | 34 comments

He had me convinced until the last paragraph: it’s time we step in in our role as governments... to create the regulatory environments that protect us vassals (and the lords as well). Otherwise, we really are just serfs. We won't be serfs if Big Government is running the show?

Edit: With regards to his choice of words: The Road to Serfdom, a Comic by Hayek: http://mises.org/books/TRTS/

There's a difference between a regulatory framework and central planning of the means of production.

I think that if a bunch of smart people went into a room, they could come out with a set of core principles that are in the best interests of users of cloud IT systems, but not necessarily in the interest of the service providers.

Example: Phone number portability. Before 1997, your phone number was immutably associated with your telephone company. That meant that you were stuck with cellular provider X unless you changed your number -- which is a big deal for many people. FCC regulations forced the carriers to allow portability... an act that cost them alot of money, but benefited the public good. So while government regulation can lead to extreme scenarios like a Maoist-style police state similar to what is described in the comic that you linked to, that isn't a likely scenario.

Government regulation applies to the government too. The absence of principles enshrined in law and regulation regarding police access to your data has resulted in police and prosecutors obtaining broad powers to access or mine your data through the judiciary.

This is true but such a discussion must be balanced with the cost of compliance for newer market entrants.

For example if running a social network or email service etc required following a large rule book then we probably would not have Facebook and maybe not even gmail. We would all be using some clunky Microsoft or IBM solution that took years to add new features because they had to get it all past the regulators.

You don't want to get an angry phone call from a regulator because you put some weekend hack up on HN.

> FCC regulations forced the carriers to allow portability...

Are we better off with that than with a consensus-based DNS-like overlay? I don't mean to say that no government regulation can ever be beneficial but they're often heavy-handed and destroy alternatives, often before those can even emerge.

Regulations protecting workers rights are not 'Big Government running the show.'

The US and many governments of Western Europe are supposed to be governments of the people. Why shouldn't the government work for the peoples interests?

(I'm not talking unions, just about the article). That' what they're suppose to be. What we see happening all around us is government working for special interest. And as your government they have one huge advantage over corporations: They can force you to accept a single product or solution.

If I have something that I'm interested in (say, clear air), and I want the government to do something about it, when do I move from an interest to a special interest?

"Special interest," just like "big government," is nothing but a TV buzzword.

It's not as if these are political science terms of art. Imagine experts in a field choosing to use a term normally used for measurement of bulk to describe the function of a system, or wasting their time categorizing interests into "special" and "not special" based on a fixed set of criteria. Political science is deeply boring, but it's not THAT boring.

Good question! If you start hyring former and current politicians, sponsor elections, pressure your employees, try sneek in legislation, I'd say you're special interest.

The US government has, in some ways, become divested from the best interests of the people. I think that's an inevitability of integrating democracies with bureaucracies and careers.

Better government than corporation, I choose the lesser evil.

That's a pretty unsubstantiated claim, considering the tens of millions of people murdered by governments in the 20th century.

It is actually into the hundreds of millions, and that is just governments killing their own people, not inter-state wars. Rummel puts this number at 262M.

http://www.hawaii.edu/powerkills/20TH.HTM http://en.wikipedia.org/wiki/Democide

That's probably because governments enforced a monopoly on weapons. Do you think the world would be better if we allowed companies to raise private armies of mercenaries?

We don't now? There's more private gun-toting personnel in the Middle East now than you could easily count.

And that place is in great shape :)

With extractive governments like Assad's, you could hardly expect something different.

I think it depends on if you're talking about expected case or worst case.

In the U.S., companies will act out of their own selfish interests, but in theory the government can address the concerns of the citizens in areas the citizens don't have sufficient power themselves ("by the people, for the people", etc). If the government is focused on regulating the industry, the "serf" ownership model won't be transitive from the companies to the government. Hopefully the companies would act as a barrier and the government would never get them as direct minions.

But obviously the government could abuse this position. Then it's a question of which one would be the purest evil given the chance.

In this world there are big fish and little fish. The only way little fish can protect themselves is by acting together. "Big Government" is one way to do that. Or you could create some other organization that's stronger than the big fish.

The key problem here is that people think the government is acting in their interests. It's not, it's acting in its own interests, and the interests of politicians and regulators.

Thought experiment: imagine something that benefits the public but puts 100 politicians out of work. How likely is that to happen?

With a corporation you can withhold your support by refusing to buy their product. This can happen instantly with an internet boycott and is not limited to election cycles or $1 per person. With a government the process of opting out is much more laborious; short of moving out of the country, you have to pay their price as a package deal, regardless of whether you like with their product as a whole.

Yes, revolutions are inconvenient.

Or smarter. Have a look at Connect.me https://connect.me/about "...a new business model where people get better services and deals by directly connecting to businesses on the user's terms". (Disclaimer: I was a beta-tester)

While there is much potential for abuse, there is also room for some regulation. For example, if Google decides right now to cut me off from my email, what recourse do I have? Something that requires them to mail me a DVD full of all my data at reasonable cost given proof of identity could be reasonable.

Not that I trust Bruce Schneier on this.

Why do you believe google owes you access to data you put on their servers beyond what they choose to offer as part of their service? They are under no obligation to offer you any service of any kind in the first place. Why should they not be allowed to offer you a service with any terms they choose?

The main feudal lords map to the Four internet giants - Apple, Google, Facebook and Amazon. Each has a dislocated jaw and a growing appetite to consume entire industries.

As they grow, our implicit trust in our Feudal lords, without any kind of Transparency in return is a dangerous thing.

Don't forget Microsoft. They still control more endpoints than anyone else and they're entering the cloud and mobile market, albeit late.

Apple is an Internet giant? When did that happen?

With the release of the iPhone. One example of this was that Apple was able to use their clout to successfully sideline flash in favor of HTML5. That's not to say the technology industry was in love with flash prior to the iPhone, but the iPhone gave apple the sufficient stature to dictate what happens in the mobile technology arena.

I'm not sure why this is about security rather than any other aspect of the devices and software services we use. I agree though that power is accumulating into too few hands.

This is also the case in other industries and none of the solutions are very attractive.

This is a trans-industry problem. However, with the rise of social networks and other external data holders, it's getting more pronounced than ever in technology. I wrote a large article about this issue - the new feudalism - in summer 2011. May be of relevance, specifically the bits about distributed p2p storage: http://www.zdnet.com/facebook-google-welcome-to-the-new-feud...

I wonder if technology is in fact a natural monopoly?

If what we are heading towards is a sci-fi future where every single device integrates seemlessly with everything else, can we do that with so many "kingdoms" not to mention the chaos of independent developers doing their own things.

Everything about technology so far on the large scale has been about the opposite, preventing every device from seamless integration. Swap the tire from any car to any other car? Plumbers have entire vans full of "compatibility" parts. Over a century of electrical and phone service yet very limited interoperation and limited compatibility yet that "networking" is at the level of trivial connectors and AC waveforms. No, I'm not thinking tech is a natural monopoly.

I remember my joy at the rise of USB... finally no more rs232 problems with DTE vs DCE and 9pin vs 25pin and m vs f connectors... then we got multiple USB connectors. Even funnier we have "power only" usb cables for phone charging that don't have data wires and are visually indistinguishable from "full" cables. Eh... bring back my RS-232, usb isn't any better at all.

That page doesn't work on vanilla IE 9 - there's flashing boxes that pop up over the text and artifacts all over the place. Is it really that hard to support the browser that millions of people in offices are forced to use?

Partial screenshot - http://i.imgur.com/8kP0b.png


Mr. Schneier links to MobileScope in his story, a company making an app to help you track which applications are sending your data out.

If you go on their site and sign up to learn more, your confirmation screen proudly displays "Powered by Google Documents."

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact