Hacker News new | past | comments | ask | show | jobs | submit login
The US government has betrayed the internet. We need to take it back (theguardian.com)
482 points by trauco on Sept 5, 2013 | hide | past | web | favorite | 105 comments



After reading this essay by Bruce Schneier, I was reminded of advice I have given on Hacker News before. Schneier writes, "Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground."

Rolling back a surveillance state and establishing a government with more protection of individual liberties is something that has been done before. I have seen it done. I related at greater length here on HN my experiences living in a surveillance state that included government assassins to eliminate political opponents at home and abroad.[1] Getting rid of such a regime is not easy, but it is possible. It takes courage, and it takes unity among the courageous people making up the freedom movement.

I remind my freedom-loving friends here on Hacker News that there are resources to help you if you really want to be an idealistic but hard-headed freedom-fighter. If you are mobilizing an effective popular movement for more freedom wherever you live, I suggest you read deeply in the publications of the Albert Einstein Institution,[2] which are compiled by advisers who have helped bring about democratic transitions in various parts of the world. Not all of those movements have succeeded yet, but I bet on their long-term success in China, Russia, Saudi Arabia, Iran, North Korea, Afghanistan, and wherever freedom is scarce. Remember that the transition from dictatorship to democracy described in the Albert Einstein Institution publications is an actual historical process with recent examples around the world that we can all learn from. Practice courage and practice collective action.

[1] https://news.ycombinator.com/item?id=5985720

[2] http://www.aeinstein.org/organizationsde07.html


As the Berlin Wall fell, the last thing the Stasi did was start shredding. That shredding only stopped when a mob physically seized control of the buildings it was taking place in.

The slower you take down a surveillance state, the more time they have to destroy the evidence of their wrong-doing. I don't know how you can prevent that. With any luck we can dismantle them, but we will have to cope with the possibility that after the dismantling is complete, the evidence that the dismantling was warranted will be long gone.


Give them time to shred! After all, who is to say what the finders of the data will eventually end up doing with it. Those documents are proof of wrongdoing, but they are also a source of possible future wrongdoing.


I absolutely understand where you are coming from.

However I think it is necessary we preserve those records, as the Federal Commissioner for the Stasi Archives does, so that crime committed by the surveillance system and its members can be investigated (being able to prosecute individuals like Erich Mielke is essential to allow the population to regain trust in their new government), and the people should be allowed access to their own files so they can have insight into the full extent of widespread untargeted surveillance.

You could consider such a preservation to be a shameful monument to what we became. It would be a lighthouse on the rocks, looking over the wreckage of countless ships, warning us to stay away.


I agree that any information left over from a totalitarian regime should be preserved and available to the interested parties. There's a great deal of value in preserving the shameful events of the past.

That being said, if I had to choose between stopping "shredding" (or whatever form the digital equivalent takes) and life / freedom / order / etc, I think I'd let them shred. We want those records, but they're among the least of many goals.


I completely understand. This is actually something that I have 'waffled' on several times.

What is putting me on the side of preservation right now is the hope that with preservation, future generations will benefit, but shredding the document would only help the existing victims. People living in Germany have something concrete to show their children when they teach them about the value of privacy. With that, hopefully the "anti-surveillance immunization" will span generations.


I think it's far more important to destroy the resources and apparatus that enables totalitarianism than to punish the people who participated in a previous police state after it's already collapsed.

After the DDR fell, Mielke wasn't going to be operating the Stasi any longer. Going after people like him might bring some emotional closure to people persecuted under the regime, but if the regime is gone, that's all it can do: there's no argument for deterrence. If a new police state emerges, it's not likely to be administered by the same individuals who ran the old one.

Keeping the resources used by the old police state on hand, and acting to cultivate public trust in the new government seems like a combination to be wary of. The corruptability of human institutions demonstrated by the existence of previous police states should caution us against putting excessive trust in any institutions.


Shredding paper documents takes time. Deleting electronic records is almost instantaneous. I would say that we don't have much chance in terms of preventing it from happening.


Deleting electronic records is particularly instantaneous if they were stored with that eventuality in mind. I hope they weren't. I hope they have extensive unencrypted cold backups.

I am probably being very naive to think that we stand a chance though.


Why would they shred the information? They (the ubiquitous "they", meaning "someone with access") are much more likely to "take it with them" to some other organization or for private/personal use. The data is too valuable (to someone) to shred even years after collection.


The Stasi shredded it because they knew it was incriminating and, realistically, there was no way to smuggle out a copy or hide it. They were under siege (literally). The organization was finished and they knew it.

Perhaps digital records will be easier for enterprising individuals to smuggle out or hide, but even if that happens it seems likely that an effort will once again be made to keep the data out of the hands of the public.

When a spy agency is in its death throes, that data stops being valuable and becomes a liability to the surviving individuals that will no longer enjoy the protection of the agency. It becomes evidence.

During the chaotic storming of the Stasi headquarters, there were incidents of Stasi officers hiding among the crowds so that they could destroy even more documents even as the public seized them. The headquarters were being sacked, there was really no remaining chain of command that could realistically make them do that, but they did anyway.

Maybe Nicolae Ceaușescu, executed less than three weeks earlier, was in the back of their minds.


CIA agents acquired the records after the 1989 fall of the Berlin Wall

http://news.bbc.co.uk/2/hi/europe/703303.stm


Yes, it was obviously a very chaotic situation, it doesn't surprise me that the CIA got their beak wet.

Whether the mission of the Federal Commissioner for the Stasi Archives was to destroy or preserve the records probably makes little difference in this case, those records were seemingly stolen before a policy towards the records was decided upon.


I don't want the CIA to have this data anymore than I wanted the stasi to have it.

Incidentally, I'm in there (for several reasons).


Has any mass surveillance country avoided becoming totalitarian?

The UK?


Please. No more of this saying it's the US, or the NSA.

It's not correct, it misses the point, and the only thing it accomplishes is distracting people from the truth.

We built a communication system that is highly vulnerable to corporations and governments tracking our every move, thought, acquaintance, and opinion. The list of players that are ready and willing to take advantage of this system is very long, and includes virtually every government on the planet.

One of the many lessons we learned so far is that governments outrank corporations. That is, no matter what your fear of the corporate world, governments can always make each corporation give them the data, then combine all the data from multiple sources. This makes governments a danger that is an order of magnitude greater than other parties.

But it's not just a government story. This is a problem with the technology itself. Ever since the first web tracking code was written, people have wanted to track every tiny thing you do online. This is just the chickens coming home to roost. The NSA is the tiniest tip of the iceberg.

The US did nothing unusual, except have citizens ready to stand up and identify the problem for what it is. Don't make the mistake of nationalizing a problem that has nothing to do with nations. If you don't understand the problem, how can you possibly have a chance at forming a solution?


And I, for one, am actually glad to learn that governments do in fact still outrank corporations.

Re: net security. I just had to complain to our building manager that some other tenant in the building had appropriated our "assigned" IP address. They were surprised that that was possible, and I had to explain networking was designed with convenience over security.


I like this article because, unlike the other two articles now high on HN's front page (one from the Guardian and one from the NYT), Schneier actually mentions other countries besides the US and UK:

The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others.

Unfortunately, I'm not sure his proposed solution is doable:

We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything.

As he notes, this hasn't worked well in the past:

We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior

As has every other international forum that tries to do "governance" (the United Nations itself being a prime example). The only international bodies that have worked reasonably well are the ones that develop standards, without making any political statements about how to use them: "mechanism, not policy". The IETF, which Schneier mentions, is such a body, and can certainly help on the technical side, but I don't see much hope on the political side if it has to be international. (For one thing, why would the governments of China, Russia, Iran, and others care what some international "governance" body says, any more than they care what the UN says?)


That's right. Internet utopians need to come to terms with the idea that the world is and always will be a cruel jungle. There is emphatically no fix for this. All of human history is testament to this cold, sad fact.


You're saying that just as technology has brought us very near to the tipping point for world-wide self-governance though.

I still think people are vastly underestimating the impact the first 3-billion-like Facebook post (or equivalent) will have on this world.


Quite; I think it would be more effective for him to run for office and solicit donations.


I think there is no solution that combines 1) decentralization 2) governance

Without 1 internet will die -fast-, so giving that up is not possible, aside from being a horribly bad idea in itself.

So there is no "governance" solution to this. There is a software solution though.


I think there is a governance solution, to wit a constitutional privacy amendment. But I appreciate you may not agree with this. I'm not at all convinced you can engineer around it.


It's pretty obvious you can engineer around it. What I think is a given, is that you cannot have a global privacy "amendment" passed.

I find it surprising that you use the word "amendment". Does it mean you understand that such a proposal would have zero chance of getting passed under most governments ? If so, you must be aware that such an amendment can never apply to the internet itself, even if the US were to implement it.

Read what the ITU tried to pass during it's last meeting, and then you'll see where governance leads. Sorry to tell you this, but >70% of the world's human population lives under extremely restrictive governments, and most of them wouldn't have it any other way. If internet rule was fair, there would be no freedom on the internet, not now, not ever, nowhere. Because 300 million Americans force their way on the rest of the planet is why internet freedom exists and the only chance it has for the future (and, ironically, probably at least 60% of those Americans don't agree with their government doing this, but don't know/care).

Even Europe has more invasive laws than the NSA uses. Refusing to give up encryption keys is a crime in Europe (even for people who don't live there). The mere fact that there has to be a warrant before tapping is implemented, and that ISPs and companies can see and even fight those warrants ... well it sounds absurd to me. Companies are never trusted with this information in Europe, and dozens of different agencies (ie. all members of interpol and their components) can request information like this. Most are not bound by the rules of the government the person investigated lives in.


You mistake my meaning. I'm talking about the context of the US government and the NSA in particular, the scope of whose powers are defined by the US constitution.

I find it surprising that you use the word "amendment". Does it mean you understand that such a proposal would have zero chance of getting passed under most governments ?

No, and I think you're reading too much into it. I'm talking about a constitutional amendment because it is the only way to put privacy on an equal constitutional footing with other governmental imperatives whose existence has been confirmed by precedent, and which would otherwise prevail in a legal challenge. As a law nerd, this strikes me as the most effective technical approach.


We do however need "governance" solutions to ensure that the software solutions remain legal. Decentralization and cryptography are only worth so much if useful solutions using them become illegal.


"We engineers built the internet" says Schneier, but here is the elephant in the corner of the room: we built it badly. Why? Because it was easy! Take email for example. Everyone knows there is an email protocol with security designed in (X.400). But it was too much effort and we were lazy and SMTP was easy. There are operating systems with security designed in (e.g. VMS). But Unix was easy and hey we can always bolt on err the wheel group afterwards.

The Internet was betrayed alright, but long before this.


Perhaps it "was easy" because we took it for granted that it "couldn't happen here".

Maybe that was because too many of the principals in the Manhattan Project were dead. Or, maybe, we don't learn from history, and never will.


> The American people have betrayed the internet. We need to take it back.

You might think my correction of the title is inflammatory but we shouldn't forget: America is a constitutional democracy. If the Americans don't like the situation then they can vote for someone who will enact legislation that reflects that, meanwhile foreigners cannot influence anything (should they?). They got the government they deserve, and they alone carry the blame.

Of course, we can also close our borders and fracture the internet, but is it really necessary? Do we really care about our security and our privacy that much? We got here too, by tying all of our communications infrastructure into America, so we have only ourselves to blame.


The American political process has four stages: money primary, party primary, general election, and lobbying. The will of the public often doesn't get expressed into policy because:

1. By the time the average citizen can play a role in the process, the remaining choices agree on many if not most important issues (see Obama vs. Romney).

2. Even if the public elects an official who promises certain policies, they can always be swayed later by lobbying (see Obama on privacy).


America is called a constitutional democracy. It started out as a constitutional republic. In practice, it's closer to a plutocracy and has been for some time. The average net worth of a US Senator is ~$10 million. Political solutions will only come about in reaction to technical solutions that we come up with.

I'd posit that the political classes are an evolutionary obstacle for the technical community to solve. If successful, we thrive. If unsuccessful, technology will be owned by the political classes and we're beholden to them until we solve the problem.


> In practice, it's closer to a plutocracy and has been for some time.

You mean since the founding of the republic? http://www.businessinsider.com/american-presidents-republica.... George Washington was worth an estimated $500 million. Adams was a pauper at only $20 million. Jefferson was $200m+ before he went broke. Madison was $100m+.

The average net worth of senators is skewed up by a few wealthy businessmen. The median is around $2.5 million, which is actually not even top 1%. The top 5% mark is at $1.8m. And don't forget: Senators skew married, skew older, skew white, skew educated relative to overall households, and all of those characteristics are correlated with higher income and net worth. The median senator might not even crack the top 5% if you look only at households with white married 60-year olds who all have college degrees and 60% of whom have a JD or MD.

$2.5 million net worth is rich, but it's not "plutocracy" rich. It's "two Google engineers marrying and buying a house and putting money into their 401ks for 30 years" rich.


Whatever you want to call it, this form of government plainly doesn't represent the general population of the country.


The typical voter is a churchgoing middle aged woman. I'm going to paint with a broad brush, but what about the American government do you think is inconsistent with that fact? NSA surveillance? The drug war? The war on terror?


What evidence do you have that the general population cares much at all about these revelations?

As rayiner pointed out, President Obama could end any of these programs with a phone call, but even though he hasn't, his supporters overwhelmingly still support him.


>>As rayiner pointed out, President Obama could end any of these programs with a phone call

At least the ones he's aware of. The US government is an extremely massive and complex entity with multiple layers of compartmentalization and secrecy. I bet there are programs that even the POTUS doesn't know about.


<< This.

I don't care if the number is wrong on the net worth of a sitting US senator based on the comment that the actual average is less. If you're net worth is $2.5M because of your position in the Senate and not because you were a smart business person prior too then you're paid for and bought.

I heard Senator Franken vehemently avoiding NSA questions on MPR the other week. He claims to be a proponent of Internet neutrality and privacy, yet his voting and "amendments" he coauthored day otherwise. He's an actor and a comedian first which is why he plays well in the political realm until he's asked direct questions outside of his box of comfort that is the hand that feeds him.

I'm definitely glad to see Schneier in the position he's weaving into. He's a great advocate and I support his views, perspectives and ideals to revert the damage and system that is now in place. I hope that I can tell my grandchildren Alexander and the posse under and around him were publicly shamed and stripped of all honors and decorations the United States of America has unfortunately afforded these puppets. Many of these traitors (of the American people) need to be made public examples and placed into the same solitude and torture the whistle-blowers have been subject to.


Median senator age is 62. Most Senators are highly educated (many from highly-paid professions such as legal before they became highly-paid senators) and married.

Thirty years of high income (100-150K family income in today's dollars) with 10-15% saving and investing in the market can easily result in a net worth in the low millions, not including inherited investments, long-term real estate property appreciation, etc. People in their 60s have seen an incredible appreciation over the past 30 years in most sectors (Just the S&P Index itself is over 9% annualized over that time frame).

Long story, short, $2.5M is not by any means exorbitant for retirement age people with an educated and successful life.

It would be a bizarro world where we would want idiot paupers to be Senators, or even a socio-economically equivalent demographic.

I think most government workers, elected or not, would find the idea that you work in government for the money amusing to say the least.


I think the only way to address this concern is to have a net-worth pre-public servant and a report showcasing annually going forward. I fully understand that success is not tied to any one or individual facet of life in general - however being highly educated has no bearing on being highly moral or even fundamentally believing you're actually serving the greater good of the people. It may mean you have an indelible way of speaking a good speech or understanding the game of chess that it seems our government is playing against the masses.

I'd like to think that all Senators have their caucus at heart, but I've lost a lot of faith in these sort of people over the years. When they reel on simple questions around these topics it doesn't help.


Why do you say you have to be a successful businessman or else be bought and paid for to accumulate that much? We're at the tail end of a decades long stock market boom and a decades long boom in housing prices. My parents have a $1.5m house in Virginia. My dad started with a $120k house and traded up a couple of times over 25 years. It was just a great time to be a professional with a little bit of cash flow. No need to sell a startup to Yahoo or take any bribes!

Looking at it another way, the median net worth of freshman congressmen is $1m. Do you think you need to take bribes and engage in dirty insider trading to double that in 10-15 years?


I imagine that technological solutions to the plutocracy would be more effective if aimed at creating mechanisms that prevent the plutocrats from acting against the will of the citizens they are tasked with representing, instead of making it possible for non-plutocrats to become politicians.

Tools that force transparency or promote it by changing the social norms in political offices are valuable, and are most likely to be effective at the city and state level, where it is much much harder to hide behind policies of national security. We're never going to get Congress, POTUS and SCOTUS to be transparent first, especially when any transparency solution will be disparaged as disadvantaging us against other countries. At the national level, people will claim that attempts at transparency are unpatriotic. At the city and state level, it's much harder to make claims against transparency.


Senators aren't supposed to represent the will of the people in the first place. The Senate is composed of elitists by design; if anything, they're supposed to represent the interests of the States.


For that reason Senators were originally elected by state legislatures. It's only been 100 years, since 1913, that senators have been directly elected.


That covers senators, but what about representatives?


I am not sure that correcting "the US government betrayed us" to "the American people betrayed us" is quite fair. For instance, the last time the American people elected a new president they elected a candidate who promised the most open government ever, who defended the need for whistleblowers, and who criticized his predecessor for warrantless wiretapping. The elected representatives of the American people held hearings in which they asked the head of the NSA whether his agency was engaging in certain activities and he said, on record, that they were not. (He lied.)

Perhaps the will of the people actually IS being subverted.


Obama's approval rating among democrats, the people that voted for him, is 75-80% depending on the poll.

Obama might have lied about transparency and whatnot, but people don't seem to have elected him on that basis. They elected him for his views on healthcare, social welfare, abortion, etc.

Thought experiment: look at the tiny number of democrats complaining about the NSA issue, then think about what would happen if Obama instead had done a 180 on Social Security, abortion, etc. You think his approval rating among democrats would be 75-80% if he had signed legislation to dismantle Social Security?


Why do you come to Hacker News and repeatedly remind everyone how insignificant their opinion is, how ostracized they truly are, and how much more right the "churchgoing middle-aged woman" is than the dirty nerds?

If you like it here so much, why don't you stop insulting your audience and start proposing solutions?


Nobody should be insulted to hear that they're not special and that their political opinion doesn't count any more than those of middle aged women in Des Moines. That's a beautiful thing. That's democracy.

Note that I generally only point out that HN-ers have minority views in response to comments along the lines of "the USG doesn't represent the people" or "the US is not a democracy" or similar hyperbole.

Finally, understanding your insignificance is part of the solution. Politics is about building coalitions. Echo chamber nerd rage will have zero impact on the status quo. Reaching out to groups with votes might.


Democracy is not a beautiful thing. Democracy is tyranny of the unsympathetic majority.


And everything else is the tyranny of some minority, which is worse.

Monarchy - Tyranny of the hereditary minority

Oligarchy - Tyranny of the rich minority

Communism, libertarianism - Tyranny of the philosophic minority

Anarchy/tribalism - Tyranny of the physically strong minority


Why should everyone have to live by the same rules? In a country the size of the US, a 1% minority (as a random unrelated example, the percentage of Linux desktop users) is still more people than several of the states. Why not let that minority become its own majority in its own political sphere? That makes a lot more sense than forcing the same rules upon everyone whose birth left them in a particular geographic location.


Because the last time we did that, the minority decided we should have have segregation, Jim Crow, etc. Federalism was killed in the U.S. by states tying their own sovereignty to the losing side of the civil rights war.


I'm not saying that the hypothetical 1% to which I referred should decide things for anybody else, or that they should all be isolated in one geographic area.


Even if all the voters hate the surveillance state and want it gone, what do you do when the anti-NSA candidate in your district disagrees with you on war or abortion or monetary policy or...? Every informed voter has to weigh all of a candidate's (professed) views, and chances are any vote they ultimately cast is a compromise of some sort, so you end up with representatives that are collectively a jumble of contradictory opinions. Thus it's hard to put the onus on the voters for any particular policy outcome (especially when it's an outcome that's been deliberately kept secret).

The government of the US is an okay system for managing the varying interests of its geographic groups (the States), but it's not really set up to reflect the will of the US people on any particular issue.

Which makes me think maybe the government should be broken up functionally as well as geographically. Imagine you could vote for separate Presidents and legislators in each of the departments of the Treasury, Defense, Education, et al and make them negotiate equally amongst themselves when their purviews intersect. Then you could get the anti-NSA candidate elected to President of Defense or President of National Intelligence without worrying about his opinions on abortion or drug policy or whatever. And then you could legitimately say "The American people betrayed/saved the internet."


Imagine you could vote for separate Presidents and legislators in each of the departments of the Treasury, Defense, Education, et al and make them negotiate equally amongst themselves when their purviews intersect.

This is something I would also like to see. There are many conceivable ways of partitioning responsibility; geographical partitioning has historical momentum, but there's no reason it has to be the only way.


LOL, Constitutional Democracy by butt. When you have the ability, as an elected official, to receive money from "campaign sponsors" and do not have to disclose where it came from what you have is not a democracy but a puppet regime dressed up as the peoples choice.


Well then we're safe, because campaign contributions to candidates in Federal elections in excess of $200 must be disclosed to the FEC:

http://www.fec.gov/pages/brochures/fecfeca.shtml#Disclosure

Corporations, labor unions and foreign nationals are also forbidden from donating to candidates' campaigns.

If you're thinking of Citizens United, it doesn't apply to elected officials "receiving money".


Re 'Super PACs not permitted to coordinate directly':

There is an important difference between "not permitted to" and "don't".


Again, if the original comment was meant to imply that candidates could legally receive significant quantities of money from anonymous sources to finance their campaigns, that's flat wrong.

I'm not sure what argument your comment is meant to respond to. Candidates and PACs sometimes run afoul of FEC regulations? Who's saying they don't? That's a big jump from a regime of legal anonymous direct contributions implied by the original comment.


Legalities are irrelevant, what is important is the reality of the system. Widespread illegal bribery with little to no enforcement is not a better situation to be in than widespread legal bribery; the situations are functionally equivalent.


The American people tried that when they first voted for Obama, who said all sorts of pretty things about rolling back the surveillance state.


I sometimes play this game: Imagine Obama (or whoever) is running again [EDIT: by "again" I mean their original campaign, in the past], and they make campaign promises to do exactly what they end up doing in their actual administrations. Would they be nominated and elected? I like to think not, but Americans are so partisan I have my doubts.

"And if elected, I will arrest and prosecute more whistleblowers than all administrations before me combined, I will record the metadata for every call that every American makes, and much of the actual contents, and all emails. I will kill innocent women and children as collateral damage in CIA drone strikes, and blame them for not having better parents. And I'll buy a puppy for my daughters."


>If the Americans don't like the situation then they can vote for someone who will enact legislation that reflects that,

Like who? Red? Or Blue?


I think you have confused America with the idea of America.


Technically, the US is a republic. Though all states choose to elect representatives via a democratic process, it's not a strict requirement. This is reflected in the culture in washington as well, where representatives are more working for state and corporate interests than individuals.


The American people are only now beginning to understand what is going on thanks to Snowden's leaks.


? I have just always assumed that's the kind of stuff the NSA did, after all, what else would they be doing? So the Snowden revelations were more disappointment than shock.


Your fundamental mistake is that "someone" doesn't enact legislation.

They got the government they deserve, and they alone carry the blame.

Condescension doesn't help.


> America is a constitutional democracy. If the Americans don't like the situation then they can vote for someone who will enact legislation that reflects that

Hahahahahahahahaha


Government and industry can't betray the Internet, because they never had an obligation to it. You were naive if you ever thought you could trust them to be "ethical internet stewards".

Yes, we should be angry. But we should also check the assumptions that led us to misplace our trust.


The US? Im British, what about the damn UK government? We don't have a constitution to fall back on, and the human rights stuff we do have this government in particular sees as some sort of clear and present danger. Worse still, it turns our that we the British are a spy hub for the US to spy on US allies, Europe. Not to mention all the other countries like Australia and New Zealand who cant wait to get in to bed with the US jihad on freedom.

The West has lost the plot and any sense of reason or proportion.


I would really like Schneier to promote the idea that all countries need to pool their financial resources together to create a large, well funded organizations that hires more mathematicians of a greater caliber than the NSA.

The NSA was originally tasked with protecting the communications of the United States Government, its People and its Institutions. A large portion of that is encryption research. Now it's doing the opposite, clearly attacking many of those protections for its own means. Organizationally it can no longer be trusted, and we now need a second organization to restore order. Every country in the world that is not the US or the UK has a very real interest in the existence of such an organization. It's both an issue of economics and sovereignty.

It is simply not possible to maintain the sovereignty of your country under the status quo. What's worse is that a country may be losing sovereignty in ways that they are not even aware of.


There is special "blame" here put on the US government, but I think this is irrelevant. In pretty much any country today, the foreign intelligence services are allowed to spy on everyone else except their own citizens. In the minds of most citizens, this practice might seem reasonable, and maybe necessary. This, of course, means that everyone, everywhere could be monitored by (almost) everyone "legally". The basic architecture of the Internet is naive in that that it does not treat countries as separate, "hostile" entities, while in fact they most certainly are.


If you read the article you will see that it calls on engineers to find technical solutions that will treat all countries as "hostile" entities.

As Bruce points out, the "this is a political problem and requires a political solution" line of reasoning is only partially true. We need technical solutions as well.


This is a natural outcome of prioritizing 'safety' over 'freedom.'

I have no hope for change until I hear people standing up and saying "I'd rather die than live without privacy." Or even more powerful "I would rather my children face danger than fear their own government."


How about "I would rather my children face danger from enemies of the state than from the state itself.", the expanded version being "I would rather my children face danger from enemies of the state (which it will try to defend them against) than from the state itself (because, of course, it won't try to defend them against itself)."

Or the economic angle "I would rather my children face danger from people other than those that they pay taxes to support, rather than face danger from those that they do support and trust."

It's about more than just privacy or danger. Like a case of (what should be) a trusted parent, relative, clergy, etc. abusing someone is in some ways worse than a random criminal doing it. Both are wrong and bad, but one is wrong on more levels. And once trust and respect are violated, other things break down or are called into question.


The only thing that's "broken" here, or been "taken", is our privacy and our freedom [mainly the freedom of corporations to go about their business without being forced to spy on their customers with no warrant]. Both of those can only be re-established through legislation, as any attempt to subvert law enforcement is going to be responded to with more law enforcement. You can't hack your way out of this. You have to actually change the laws.


Privacy could potentially be engineered to some degree. Someone could devise a way to do business in which we simply aren't capable of spying on our customers. It wouldn't be easy, laws would definitely help, but it could be possible.

Freedom is another matter. The government would be useless without sufficient force to compel anyone (or corporation) to adhere to the laws. To remedy abuse of that force against freedom, as you say, we do need laws. Something like a contract that says "you can have plenty of force to compel any one of us, but if you consistently violate these agreements, then we may join together with enough force to overpower you". Maybe it could be done with some amendments to the constitution. We could call it something like a 'bill of rights' or something...


Taking a step back and looking at all of this in its totality, its hard to not think that Bin Laden won.


It would have happened anyway. It was already happening. The Church Committee was a speed bump.

https://en.wikipedia.org/wiki/Church_committee

https://duckduckgo.com/?q=nsa+black+chamber&t=canonical


Perhaps ... but it was a propaganda victory, at most: http://cynical-and-depressing.blogspot.co.uk/2013/09/is-mass...


> ...its hard to not think that Bin Laden won.

Only if bin Laden's aim was to strengthen the US surveillance apparatus and step up American military involvement in the Middle East.


Or perhaps it was an attempt to destroy the idea that individual freedom and democratic accountability present an attractive alternative to an Islamic theocracy? Certainly, you can see how the very idea of personal freedom is an affront to an ideology based on submission to God and to religious authority.

What better way to discredit freedom than to turn it into an illusion?


In a time of universal deceit - telling the truth is a revolutionary act.


Said another way, "Truth is treason in the empire of lies."


Don't forget, "We are Legion. We do not Forgive. We do not Forget"


"Anyone who doesn't take truth seriously in small matters cannot be trusted in large ones either." - Albert Einstein quotes


The internet moves packets just fine.

Anonymity and secrecy requires careful management of one's online behavior. Toward these goals, overlay-network apps that encrypt end-to-end with mixnet proxies using the existing internet would work just fine.

Change for change's sake is useless churn and wholesale change is unlikely for compatibility reasons.

Think before coding or throwing out the baby with bath-water.


It's almost trite at this point to quote John Gilmore with "The Net interprets censorship as damage and routes around it" but people are implementing work-arounds and caution procedures as we speak. There's no need to put out a call to "take it back." It's already happening.


Perhaps it would be possible to use the NSA backdoors to the public's advantage. Would it be possible to systematically scan the internet for vulnerable infrastructure and exploit the backdoor to gain access and then patch the device's firmware to close the backdoor?


A start would be to block government IP addresses from civilian websites. It would send a message.


So funny: "this is not the internet its creatoes envisioned". Umm ... Bruce: the internet was created at DARPa, who obviously have a lot of connections to the NSA. Maybe they were ... like ... planning this all along, dude (cue: dorm room bong hit).



I just wish the internet wasn't under the control of American people. Americans can't be trusted to respect other people's rights.


Stop distracting us from the conflict in Syria!


How exactly is the NSA cheating and breaking internet crypto? Can someone clarify? Edit: Downvoted? Is it a bad question?


http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryp...

US and UK spy agencies defeat privacy and security on the internet

• NSA and GCHQ unlock encryption used to protect emails, banking and medical records

• $250m-a-year US program works covertly with tech companies to insert weaknesses into products

• Security experts say programs 'undermine the fabric of the internet'


Yeah, but what does that mean, for someone who has a reasonable grasp of crypto, math, software engineering?

For example: "Unlocking encryption." We've heard that they haven't actually broken (some?) crypto primitives (caveat: with large enough key sizes). What attack have they actually succeeded in?

The backdooring of proprietary products is interesting, if not surprising. It's good to see it come to light. You may not be able to trust OSS without auditing it, but at least you can audit it.

"Undermine the fabric of the internet" is pretty vague.

It sounds like there isn't actually a lot of detail out there yet -- I look forward to learning more.


Wrong thread. There are two others that discuss this on the frontpage right now.


Four words: gated wireless meshing network.


The US or the Internet?


"We need to take it back", but what is going to happen is that a couple of Facebook groups are going to be started, a few tweets written here and there complaining about how bad it is that the naughty governments are spying on innocent citizens and then "Let's Dance" or "Friends" or "Big Bang Theory" will start and people will forget all about the NSA & co.

Or the kids have to be picked up from soccer practice or there's a PTA meeting where important things like next weekend's bake-sale have to be discussed.

In a few weeks the one-sided war with another CIA-engineered enemy in Syria will start up and the propaganda has swayed the populace to the camp of needing surveillance on everyone in the name of keeping the country safe from the naughty "terrorists" from Syria, who are about to invade the US by magically flying their troops over an ocean.

The article, written by an intelligent person, is nothing else than naive dreaming. The author, as much as I enjoy Bruce's security writings, forgets that although he may be surrounded by a bunch of smart people with similar ideas, the US/UK/Germany/etc are filled by normal people with normal IQs and normal children and normal mortgages. Going farther, Africa and China are filled by people who live on a handful of dollars each day and care only about feeding and clothing themselves for the day. Good luck getting _them_ on the anti-surveillance bandwagon.


We don't really need to ask individual engineers. A lot of this stuff is public knowledge and documented, as required by law, it just seems like nobody has bothered looking.

http://www.cisco.com/web/about/security/intelligence/05_11_n... http://www.nsa.gov/ia/_files/routers/C4-040R-02.pdf

There are protocols designed and published as part of the security infrastructure. Whether these protocols are used for good or evil, is really up to who has setup and configured the hardware. The bottom line is that you can't Luddite your way back into the golden age of the Internet.

In fact, in a lot of ways, the NSA is just cooping technology that businesses and black hats were already using. Do you think that only the NSA knows how to do deep packet scanning or protocol pattern matching?


Did you actually read this document, or did you stop at the term "NSA" in the title? It's a straightforward set of network operations security requirements. Can you pinpoint something in it that weakens security? It looks to me like it's about disabling the insecure defaults.


Of course I read it, but there was no new information, it's simply a generic "call to arms"

> It's a straightforward set of network operations security requirements.

Oh, Is it?

> It looks to me like it's about disabling the insecure defaults.

Oh really? Mr. Snider has used is podium in The Guardian to tell us to set up a WiFi password? What article did you read exactly?




Registration is open for Startup School 2019. Classes start July 22nd.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: