Continuing his presentation on nontrivial threats to the online world, Bruce Schneier talks about regulations pushed by law enforcement and big companies affecting users’ privacy.
The second risk I want to talk about is from government. And I titled it ‘Ill-conceived regulations from law enforcement’.
More and more we are seeing people from outside our community dictating what our community should do. They do that not necessarily with bad intentions, but certainly without understanding the effects of what they do. So, what’s going on here? As more stuff goes on the Internet, there is more crime on the Internet. As there’s more crime – there’s more people, there’s more clamor for something to be done. There are politicians that for good reasons want to reduce crime on the internet. Being soft on crime is never a place you want to be in politics.
So we are seeing more and more pushes for legislation. Some of this is pushed by law enforcement, trying to move some of their traditional controls to the Net; some of this is pushed by companies, manipulating government to support their business models. And the result is Internet regulations that don’t help. And I have a bunch of examples.
The first one is the notion of wholesale surveillance. More and more countries are eavesdropping on the entire Internet – throughout the United States with the NSA and AT&T. The NSA went to AT&T just after September 11 and said: “We want to eavesdrop on everybody”. And instead of AT&T saying: “Go get a warrant”, they said: “Put your stuff in that closet over there and lock the door”. Was that done because of the political situation? Certainly something that didn’t make us more secure.
The same thing happened in Iran, in Russia, Saudi Arabia – with BlackBerries. Those countries went to RIM and said: “We want to eavesdrop on your Blackberry users”. RIM said: “No, you can’t do that”. The countries said: “Well, if that’s the case – get out”. RIM figured out how? They redesigned their architecture to allow this sort of large-scale eavesdropping, which is insecure for its users.
We see that in data retention laws. More countries are passing data retention laws. And basically they force ISPs to keep user data for a period of 6 months or a year, and you know why this is there – so that the police can, if they want, eavesdrop on you backwards in time: what did that person do over the past 6 months?
As a security guy, you know that the best way to secure your data is to delete it. And once you force someone to save it, now you have to figure out how to secure it. That’s hard, and that makes us all less safe. But you know, more countries have it and I think more are coming.
The ‘Internet kill switch’ is a great example. That was debated in the U.S. last year. We don’t have one yet. But Congress was talking about mandating that there will be the ‘Internet kill switch’. And this takes many forms. I always think about it as a big red button on a bomber’s desk, like – “Stop the Internet!”
Now, if you think about it, once you’ve built in this capability, you now need to secure it, making sure that only the good guys can push the button. We are a much more resilient Internet if that button doesn’t exist. And of course depending on the proposal, the button does different things – it shuts off the Net; it isolates your country, which is certainly, probably, impossible for the U.S.; it isolates the other parts of the Internet; isolates certain services – there are different ways it’s talked about. But largely, it’s the same – we don’t want that capability. But it might be forced upon us.
The last thing is calls to kill anonymity. We saw that coming out every once in a while, Microsoft a few years ago was pushing it – the idea being a pretty basic argument: “If we just knew who everybody was, we would know who the bad guys were and we would tell them to stop it.” It sounds good to a politician to make those arguments. But we in the community know: one – that removing anonymity does not automatically make things better; and two – that you cannot remove anonymity, that it is always possible to build an anonymous system on top of an unanonymous system.
‘Onion routing‘ is a sort of an easy example. So you can’t get rid of anonymity. So this technical solution won’t solve the social problem. But that doesn’t mean we are not going to get it, or not going to get any of these.
Well, there are lots of companies out there willing to take government money to make these concepts work, or at least try. These concepts do get airing among politicians, among the police. It’s just kind of hard to say ‘No’ to the FBI when they say, as they’re saying now: “We can’t eavesdrop on Skype, that’s bad. You, government, force Skype to redesign their network”.
Skype has end-to-end encryption. It is encrypted on your computer and it is decrypted on the computer of the person you are talking to. There is nothing in the middle that allows the FBI to eavesdrop. That’s why they want it redesigned less securely. That’s my second threat.