Of Trust, The NSA, And Poisoning The Banquet

from the nobody-but-us dept

Two of the sharpest commentators on the implications of Snowden's leaks are the security expert Bruce Schneier, and the science fiction writer Charlie Stross. By an intriguing coincidence, both have recently written highly-readable columns that not only discuss the same issue -- the damage the NSA has wrought on the Internet -- but even employ the same key metaphor. In his "Internet Subversion," Schneier writes: What we trusted was that the technologies would stand or fall on their own merits.



We now know that trust was misplaced. Through cooperation, bribery, threats, and compulsion, the NSA -- and the United Kingdom's GCHQ -- forced companies to weaken the security of their products and services, then lie about it to their customers. His metaphor for what this has produced is striking: This mistrust is poison. He points out the terrible consequences of that weakened security: There is a term in the NSA: "nobus," short for "nobody but us." The NSA believes it can subvert security in such a way that only it can take advantage of that subversion. But that is hubris. There is no way to determine if or when someone else will discover a vulnerability. These subverted systems become part of our infrastructure; the harms to everyone, once the flaws are discovered, far outweigh the benefits to the NSA while they are secret. In his own piece, "The Snowden leaks; a meta-narrative," Stross picks up on that theme, and emphasizes one particularly important implication: At every step in the development of the public internet the NSA systematically lobbied for weaker security, to enhance their own information-gathering capabilities. The trouble is, the success of the internet protocols created a networking monoculture that the NSA themselves came to rely on for their internal infrastructure. The same security holes that the NSA relied on to gain access to your (or Osama bin Laden's) email allowed gangsters to steal passwords and login credentials and credit card numbers. And ultimately these same baked-in security holes allowed Edward Snowden -- who, let us remember, is merely one guy: a talented system administrator and programmer, but no Clark Kent -- to rampage through their internal information systems. Stross then turns to the same metaphor that Schneier employed: The moral of the story is clear: be very cautious about poisoning the banquet you serve your guests, lest you end up accidentally ingesting it yourself. These two posts on the same topic are part of a growing awareness that the harm caused by spy agencies subverting key elements of the Internet is not only a much more serious problem than many people realize, but a long-term one that will be very hard to fix. It looks like we'll be forced to swallow the NSA's poison for a while yet.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community. Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis. While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: bruce schneier, charlie stross, infrastructure, nsa, poison, surveillance, trust