snowden

delft

A couple of weeks ago, I woke up from a dream about the US; I had in my head the phrase “President Snowden”. Last week, in conversation, I devil–advocated that Snowden was really a Russian plant. You can probably tell from this that I find the Snowden revelations, about the activities of the NSA and GCHQ, fascinating.

Should I be concerned about the ability of the NSA to break into my systems? Well, I’m one man. They’re a secret agency for a superpower. One man versus a superpower … one man versus a superpower … ha! They’re so far beyond what I’m capable of stopping, there’s no point trying. The only real defence, presuming one is even needed (a political, not a technical, question) is to be not worth the hassle, just as the best defence against an atom bomb is to be not there when it goes off.

What the US & UK do, so will other powers. Will there really be a country that doesn’t follow along? Most countries won’t have the reach of the leaders, but even the weakest are far stronger than individuals. What countries do now, so the powerful will do soon, Moore’s law being Moore’s law. What the powerful do now, so script kiddies will do later, Moore’s law being Moore’s law. Amongst them all are the wankers; those who’ll try and hack my computer to use it to fuck lives up, the kind of people who see a fellow human being and don’t work it out. They could make my kit a node in a criminal network that steals, or damages infrastructure, or, worst of all, destroy young lives. All this, and too much more, is happening, somewhere, right now.

Remember, though, the state agencies exist to protect the state, and that means, amongst other things, keeping out some of the wankers. So when the agencies advise how to protect your computer, you can be confident that, although their advice might not work against they themselves, it will work against some of the wankers. That makes it almost irresponsible not to follow that advice, as best as you can.

But, actually, I do trust the agencies, in principle at least. Although I dislike many results of the political process, well, to quote Churchill, “democracy is the worst form of government, except for all those other forms that have been tried from time to time.

But this whole story illustrates a deeper problem, not with the agencies, but with countries. The agencies (PDF) are doing serious damage to the mutual trust that enables the internet to work. They won’t stop, either, because their competitors are doing the same. Whilst our civilisation is organised with excessive emphasis on countries, we’ll have this problem—but that’s another debate.

delft

The main reason certain nuclear arms control treaties work is that it is possible to independently verify whether nuclear explosions have taken place. Bombs make quite a big bang. You can tell when one’s gone off. Unfortunately, with the internet as is, you cannot do the same online. There’s no way to know whether another agency has broken an agreement not to be naughty. Thus, even if all the agencies came to their senses and agreed to stop being nasty, they’d be no way to verify. As soon as one believes the another has broken the treaty, or decides to break it clandestinely, the whole sorry situation will recur. About the only restraint you’ll have is the consequences if they’re caught breaking their promise, and, well, which country is really going to punish their spies for spying?

So we’re left with the need to modify the internet so independent verification of the absence of naughtiness becomes possible. Unless that happens, a treaty to control abuse is not practical, so the kind of problems that Snowden has revealed will not go away. The trouble is, I don’t really believe that it’s possible to engineer independent verification in. An atom bomb makes a very big bang when it goes off, one that can be detected a long way away. A packet takes a few electrons and a few microseconds to be on its way. It doesn’t have quite the same detectability.

So the abusive behaviour of the NSA etc. is here to stay. But they, as I’ve said, are state agencies. The internet has immense benefit to those states, economically. Thus the NSA have an interest in keeping the internet in good working order. Their role is to be the mild disease, not the lethal one. Indeed, one of their roles is to stop the lethal.

And that’s where independent review and oversight come in. In the NSA et al are not to cause severe damage, they have to be checked, not just by themselves, but by outsiders too. Clearly, the US knows this, because there is oversight, through the courts. But, equally clearly, that oversight wasn’t working properly. I have very grave doubts about the idea of secret courts. A key part of justice is not just that it should be done, but that it should be seen to be done. That’s for deterrence, but also for consent, as in consent of the people to be ruled. It’s that consent that’s threatened by secret courts. The NSA seems to be out of control, and the US needs to be seen to get it back under control.

So we’re back to the question of what to do. It is possible to make the structures of the internet a lot more difficult to abuse. It’ll irritate the NSA et al, but annoy the wankers far more. As Bruce Schneier put it, we need to re–engineering the internet. Much of that is going to take international collaboration and a lot of work, none of which are quick. But there are some things that we can do now. Collectively, we can start by enforcing the switch to IPv6. IPv6 is a necessary start. Each of us, individually, can start taking responsibility for our computers, to make them difficult to abuse.

So I don’t like what the NSA et al have done, but it’s done. They and their kind are never going to go away. We have to live with them. But we can make our lives easier by making it harder for commit abuse, not by the NSA et al, but by the wankers. We should all do so.