HN Theater @HNTheaterMonth

> Obfuscation may be our best digital weapon.

From Dan Geer's portentous talk "Cybersecurity as Realpolitik"[1][2]:

>> Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI

[2] http://geer.tinho.net/geer.blackhat.6viii14.txt

⬐ keiferski

Deepfakes may do this job for us.

⬐ waynecochran

Is there any hope in feeding the surveilance noise -- a lot of it? e.g., create bots with my credentials that visit random web sites, have a phone that reports bogus GPS coordinates, numerous dummy accounts, that sort of thing...

Or if enough folks gang up and feed the system an avalanche of random (or misdirected) information that we can drown our signature in a sea of noise?

⬐ marshmallow_12

short term: i expect so, long term not so much. At best, some occasional fuzz will mar an otherwise clear picture of you and your activities. Too many fake accounts will only force users to surrender more personal information in order to authenticate themselves.

> What regulation are people proposing that would prevent compilation and sale of this kind of data

Liability!

(with the option of avoiding that liability by explicitly not allowing yourself access to content/personal-data, aka a common carrier)

As Dan Geer said in my previous [2] (section 2, "Net neutrality"):

    Hello, Uncle Sam here.

    You can charge whatever you like based on the contents of what
    you are carrying, but you are responsible for that content if it
    is hurtful; inspecting brings with it a responsibility for what
    you learn.
     -or-
    You can enjoy common carrier protections at all times, but you
    can neither inspect nor act on the contents of what you are
    carrying and can only charge for carriage itself.  Bits are bits.

    Choose wisely.  No refunds or exchanges at this window. 

While he was talking about ISP spying, the general principle can be adapted easily. Inspection (or building databases of the results of other people's inspections) must be tied to liability for the problems and negative externalities produced by that inspection (or database).

Obviously this is a high-level description that ignores the messy details that are important in any actual plan. There is room for negotiation and modification. The goal is to create a situation that disincentives creating tomorrow's problems, just like we do for other types of hazardous technology. Data and spyware needs to be seen as toxic that requires special handling, storage, and disposal procedures.

> This is very informative.

Dan Geer's keynote - "Cybersecurity as Realpolitik" (video: [5], transcript: previous [2]) - is incredibly informative and should be mandatory viewing/reading for anyone interesting in trying to create the "least worst" Grim Meathook Future that technology is pushing us towards.

I also recommend Dan Geer BSides DC 2018 keynote[6][7] as an addendum/update to "Cybersecurity as Realpolitik". In both talks he provides a very concise description of the core problems that are defining our future.

    We have to soon choose what we want to happen when stolen data is,
    for example, not just exposed but also put on a blockchain from
    which it cannot be erased. Put differently, assured data deletion
    is far harder than permanent data retention, yet many civilized
    goals, including but hardly limited to a right to be forgotten,
    require the sealing of records or their outright destruction.
    Which do we give up, the slick usefulness of immutability or
    information crime being unmitigatable? What does consent of the
    governed mean when a technology trumps a Court Order? 

[5] https://www.youtube.com/watch?v=nT-TGvYOBpI

[6] https://www.youtube.com/watch?v=gbDEbfijxNY

[7] http://www.bsidesdc.org/history/geer.html

> Obfuscation may be our best digital weapon.

From Dan Geer's talk "Cybersecurity as Realpolitik" (which everyone should hear[1]/read[2]):

>> There are so many technologies now that power observation and identification of the individual at a distance. They may not yet be in your pocket or on your dashboard or embedded in all your smoke detectors, but that is only a matter of time. Your digital exhaust is unique hence it identifies. Pooling everyone's digital exhaust also characterizes how you differ from normal. Privacy used to be proportional to that which it is impossible to observe or that which can be observed but not identified. No more -- what is today observable and identifiable kills both privacy as impossible-to-observe and privacy as impossible-to-identify, so what might be an alternative? If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control. If you are a pessimist or a hacker/maker, then your answer will tend towards the operational, and your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.

>> Misrepresentation is using disinformation to frustrate data fusion on the part of whomever it is that is watching you. Some of it can be low-tech, such as misrepresentation by paying your therapist in cash under an assumed name. Misrepresentation means arming yourself not at Walmart but in living rooms. Misrepresentation means swapping affinity cards at random with like-minded folks. Misrepresentation means keeping an inventory of misconfigured webservers to proxy through. Misrepresentation means putting a motor-generator between you and the Smart Grid. Misrepresentation means using Tor for no reason at all. Misrepresentation means hiding in plain sight when there is nowhere else to hide. Misrepresentation means having not one digital identity that you cherish, burnish, and protect, but having as many as you can. Your fused identity is not a question unless you work to make it be.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI

[2] http://geer.tinho.net/geer.blackhat.6viii14.txt

⬐ tomxor

> your definition of a state of privacy will be my definition: the effective capacity to misrepresent yourself.

This is true of the world we live in today, which comprises of almost completely centralised services. But in the future, I believe the second option will be: building and using local FOSS replacements for those services.

Many of those local replacements will need no communication at all - So many things that run off a server today have no functional need to, it's about control. Others are more difficult, because communication is inherent to the service, and centralization is the simplest and most obvious choice when being provided by a coorporation, so an infamous "decentralised" solution is needed, which are more difficult to create, organise and promote.

⬐ squiggleblaz

What is the local FOSS replacement for Facebook and Instagram? It is not inherent in the notion of communicating publicly and privately using photos, videos and short text messages than I disclose some ungodly amount of private data. I have feel like writing some protocol and a few clients and servers, but I expect that there's already twenty four competing protocols that no-one uses because, if you're not the biggest, you're noone.

⬐ munmaek

There is no alternative, because facebook isn't just "a protocol and some clients/servers". As long as it's -the- social network to be on, then it will always be just that. You can't compete with social culture just with mere programming.

⬐ thenewnewguy

It's not 'local', but the FOSS replacement for Facebook/Instagram is email.

⬐ tomxor

Yes, as I said in my last sentence:

> Others are more difficult, because communication is inherent to the service, and centralization is the simplest and most obvious choice when being provided by a coorporation, so an infamous "decentralised" solution is needed, which are more difficult to create, organise and promote.

I think the only way a decentralised social network replacement will win out facebook is with a universal but progressive/gracefully degrading protocol is created as the single way lots of different clients/federated servers etc communicate, a protocol that also allows greater level of control over where your data goes... i.e email but better.

As i said these problems are the most difficult, but there are a lot of thing being "clouded" at the moment that have no need, those are the low hanging fruit.

Note that I am suggesting FOSS is the preferred option to obfuscating, rather than the only option... some services will always be centralised not only because it's simpler but because it's about/for a central authority... for those obfuscation is the only way.

⬐ None

None

⬐ danShumway

> the effective capacity to misrepresent yourself.

Agreed. I describe this as The Right to Hide.[0] An important part of hiding is that when people ask you to provide information, you should be able to lie.

We've learned from App Mainfests on Android and on the web that if an app can tell whether or not they were granted a permission, they'll just try to harass the user into giving it. The better solution is to make it so that the app can ask for anything, but can't validate whether or not any of it is true.

I'm encouraged by the work people are putting into protecting privacy by blocking data collection itself, but I think that obfuscation/misinformation is a more promising direction for us to go.

[0]: https://anewdigitalmanifesto.com/#right-to-hide

⬐ excalibur

> If you are an optimist or an apparatchik, then your answer will tend toward rules of data procedure administered by a government you trust or control.

Make the data public. All of it. Don't allow them any secrets. Knowledge is power, power to the people.

⬐ kazagistar

Power is power, and secrecy is a multiplier. So make the data of the powerful public. If you are a government, or chose to have a sufficiently high net worth institutionally or individually, then sure, make it all public. We gain most of the same benefits, while not incurring most of the harms. Its the 1% loss in privacy for 99% of the benefit.

⬐ EvanAnderson

It's heartening to know that I'm not the only person who has had this thought. Eliminate the power gradient and level the playing field.

⬐ bilbo0s

That would also spawn outrage mobs.

"This boy said right here in his Call of Duty chat that he was going to go to school with his dad's rifle and shoot people!!!"

The only thing you would do is put entirely unprofessional future mobs in place of the slightly unprofessional police we use currently. I would hope people could see the very real chance that your idea would make things worse.

⬐ excalibur

> The only thing you would do is put entirely unprofessional future mobs in place of the slightly unprofessional police we use currently. I would hope people could see the very real chance that your idea would make things worse.

Worse than the status quo, yes. But you seem to be under the assumption that we will be able to maintain a police force at "slightly unprofessional" moving forward, when governments have the tools and incentive to become far more controlling.

⬐ bilbo0s

Governments can be ultra-controlling with slightly unprofessional police. It happens all the time across the globe. But without exception, wherever those police have been removed, poor though those police may have been, it has resulted in untold misery on the populace.

Giving everyone the power to know exactly what everyone else is saying and doing is tantamount to taking data and removing all its police, and removing all its locks.

It will not end well.

⬐ excalibur

I'm not sure how much stock I put in this analogy, but you could be right.

It could also create an incentive to avoid collecting data in the first place, which would obviously be a good thing. But perhaps this could be better achieved through other methods.

⬐ Maximus9000

> "Misrepresentation means putting a motor-generator between you and the Smart Grid. Misrepresentation means..."

All of that sounds exhausting. Some of it is easy... but some of those tasks would take over 10 hours to do. I've got a life to live. Plus, it doesn't really fix the problem, does it? Wouldn't it be better if we all took those hours to lobby the government to change the laws?

⬐ Endy

No, it would not be better. You are asking someone who is psychopathic and greedy to give up power, influence, control, and money. Short of forceful resistance (which isn't always necessarily violent - Gandhi used force but not violence for example), it isn't going to work.

It's also actually better if you only do the things to hide within your patience level, because the point is to lie and not be easily connected. Remember that part of why DNT is on the way out is because it set another trackable variable, working against the point. If you use Iceweasel on Linux, send a UA string of Chrome on Windows. Just look 'normal'. People with mental illnesses or alternate lifestyles have long since learned that the first and best coping mechanism to hide is to just look normal on the surface. The line from Ghostbusters comes to mind, 'Quiet, you're scaring the straights'. Look normal, keep your head down when there's no reason not to.

Make it too obvious that you're hiding, and they take it as a challenge. Just learn to hide passively.

⬐ golemotron

People who attempt to obfuscate probably go to a special list when obfuscation is detected. You get scrutiny by attempting to avoid scrutiny.

⬐ kazagistar

The goal isn't selfish. Its collectively reducing the power of the scrutinizer by taking a small hit overall to protect yourself and others.

⬐ worldsayshi

Misrepresentation is a good way to improve the training data sets for intelligence agencies.

⬐ peteradio

Only if they have the truth set to compare against already.

⬐ pixl97

Yep, as an individual there is a very limited pool of activities that you can and will misrepresent yourself in, and you will tend to do that in low entropy also.

⬐ gutnor

On the other hand if you are just a mostly normal guy with a dark secret, your normal life generates enormous amount of data and that's fairly easy to misrepresent the tiny bit you want to hide.

If you are an avid facebook, instagram, youtube, reddit, twitter user, it should be fairly easy to hide your plan for world domination on HN.

⬐ bilbo0s

Actually, misrepresentation is an especially bad strategy if you're a normal guy with a dark secret.

⬐ jelliclesfarm

Thanks for sharing this.

I subscribe to this notion but this is very elegantly put.

⬐ 1996

Beautiful

⬐ YeGoblynQueenne

Well, obfuscation is great for that sweet frisson of resistance and for laughs (I guffawed when I read about ah's datapools; https://ahprojects.com/datapools/) but if we're resisting by hiding ourselves, then we've already lost.

We should not need to hide ourselves from anyone, because there should not be anyone to spy on us. We should not have to think about how to obfuscate our activity, because there shouldn't be anyone watching our activity without a very, very good reason (and even then, with enough safeguards to discourage all but the most commited of spies).

If we're subverting the authority of democratically elected governments -governments that _we_ have given authority to- then we are in deep, deeep shit. We might as well obfuscate ourselves out of shame of being recognised for the negligent democratic citizens that we are.

> technology is going to make mass surveillance relatively easy

> a la Gestapo

In 2013 Tom Scott made an incredibly prescient sketch of our grim surveillance-state future. It absolutely terrifying.

https://www.youtube.com/watch?v=RIuf1V1FhpY

It's terrifying because it's the power of Stasi-style informants modernized into a simple Uber-like app. No more scary clandestine meetings, now you can inform on your friends, family, and neighbors with one click from the comfort of your own home.

Similar to the "social credit" system, Tom's "Oversight" could work, because they both efficiently incentivize close peers against each other. "You should stop spending time with your friend John. I heard him talking like a dissident recently... that could damage your Social Credit rating!"

> enters with their phone

Which is exactly why I follow Dan Geer's advice[1] and don't carry around a tracking device. He's been trying to warn us for years[2], and we still aren't listening[3].

[1] https://www.wired.com/brandlab/2015/06/cia-cybersecurity-gur...

[2] https://www.youtube.com/watch?v=nT-TGvYOBpI (transcript: http://geer.tinho.net/geer.blackhat.6viii14.txt )

[3] https://www.youtube.com/watch?v=gbDEbfijxNY (transcript: http://www.bsidesdc.org/history/geer.html )

That's is more or less the model I intended. Specifically, I was referring to one of Dan Geer's extremely important recommendations in "Cybersecurity as Realpolitik"[1].

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI ( http://geer.tinho.net/geer.blackhat.6viii14.txt )

More ground is lost in the cold[1] civil war[2] for control of the General Purpose Computer. I hope that everyone choosing to centralize computing power likes the future they are creating.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=2824 (sec. 10 - http://geer.tinho.net/geer.blackhat.6viii14.txt )

[2] http://boingboing.net/2012/08/23/civilwar.html

⬐ pacala

What is different about centralized compute power compared with centralized energy production?

⬐ jonathankoren

I never read the War On General purpose computing being about centralization as much as DRM restrictions on content and restricted developer support. In other words, it's not about deploying to the cloud versus deploying to a billion individual devices. It's about not deploying anywhere at all.

⬐ jstanley

Your centralised energy supplier can't monitor what you're doing with the energy, or exfiltrate your results, or even stop you from doing it.

⬐ illumin8

Yes they can. See smart meters. With analytics, they can determine every appliance in your house, and know exactly when and where you come and go at all hours of the day.

⬐ pdkl95

> smart meters

> analytics

The smart grid requires a lot of General Purpose Computers gather that data. However, this risk has already been considered. From the link in my previous [1] (sec 7):

    ... privacy [is defined as]: the effective capacity
    to misrepresent yourself.

    Misrepresentation is using disinformation to frustrate
    data fusion on the part of whomever it is that is
    watching you. ... Misrepresentation means putting
    a motor-generator between you and the Smart Grid. ...

If smart meter monitoring becomes commonplace, there are solutions that can be deployed. In case of a pedantic reading of that quote, I'm sure Dan Geer was merely listing examples. Further isolation from the grid should probably include some amount of local energy storage to smooth out the usage rates in addition to electrical isolation.

In any case, as others have pointed out, the War isn't about centralization. The War is about the inability to turn a Turing complete system (the General Purpose Computer inside everything) into an appliance that doesn't run some programs. The universal nature of the computer puts a lot of power in the hands of the people, which scares some people and undermines many business models.

Thus there is a desire (possibly indirect) to wage war on this new threat by limiting how many General Purpose Computers end up in the end user's control and hobbling the rest with spyware/drm. If everyone has dumb terminals and "appliances" that only run authorized software, the threat of people actually using the power inherent in every General Purpose Computer is neutralized.

This war is ongoing right now, with small battles happening in every "appliance" or "service" that pretends a Turing complete computer is an appliance. The war is far from over, but we are losing a little bit more every time some piece of technology is centralized.

⬐ waqf

It's not a choice†, it's market forces. You'll never change the world effectively if you don't start by correctly diagnosing the problem.

†(as far as your objective is concerned. Yes, Google could choose not to have secure hardware, but that wouldn't change the end result that the market leaders in five years will have secure hardware — Google just wouldn't be among them.)

Y Not - Adventures in Functional Programming by Jim Weirich https://www.youtube.com/watch?v=FITJMJjASUs

The Coming Civil War over General Purpose Computing by Cory Doctorow http://boingboing.net/2012/08/23/civilwar.html

Cybersecurity as Realpolitik by Dan Geer https://www.youtube.com/watch?v=nT-TGvYOBpI http://geer.tinho.net/geer.blackhat.6viii14.txt

⬐ HCIdivision17

I'll second "Y Not" by Jim Weirich. It's just such a charming talk. My programming teacher in high school was like that, and I think it's such an excellent way to teach. From the careful way he meanders to the solution to the fact it was a live coding session really grounds the explanation of how the Y combinator works.

⬐ qwertyuiop924

To Dissect a Mockingbird is even better, though...

> users in general

Blaming users is part of the problem. Yes, they vote with their wallet, but their vote is usually made in ignorance and is often mislead by companies that are so used to dissembling and exaggerating they call such antisocial behavior "best practice".

That said, it is true that this is largely a problem with the economic incentives. Capitalism optimizes for businesses that are financially efficient, so the business that sells the lowest quality product they can get away with is "successful". This becomes even worse in software, where quality is harder to see directly. Even the people that write software can have a hard time evaluating "quality".

The solution for this situation is simple, but it's basically taboo to talk about it: liability. If you sell software, you need to be liable for any damage it causes when "used normally". For a decent sketch of how this might look, see Dan Geer's explanation[1]. There may be other ways to implement liability. I suggest that the software industry should find a way to implement this as soon as possible, if they want any say in what "liability" means.

Yes, this will raise development costs; spending more for better development practices was the goal.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=1531

⬐ PretzelFisch

Software companies are sued all the time for damages.

⬐ loup-vaillant

While custom software typically comes with guarantees (if it doesn't work, the provider is generally liable to fix it for free. If it's not "finished" on time, it may even pay damages —determined by contract); shrink-wrap software (free or proprietary) generally comes with a nice piece of text saying that if it shreds your hard drive, or lag so much it makes you mad enough to throw yourself out the window, it's not their fault.

Liability towards one customer is also not the same as liability towards thousands, or even millions of users.

⬐ chopin

Do you have any citations for this?

Even sites who clearly deliver malware through their ad network don't get sued.

As Dan Geer warned[1], technology changed the balance of powers when the cost tends towards zero:

    The central dynamic internal to government is, and always
    has been, that the only way for either the Executive or the Legislature
    to control the many sub-units of government is by way of how much
    money they can hand out.
    ...
    Suppose, however, that surveillance becomes too cheap to meter,
    that is to say too cheap to limit through budgetary processes.  Does
    that lessen the power of the Legislature more, or the power of the
    Executive more?  I think that ever-cheaper surveillance substantially
    changes the balance of power in favor of the Executive and away
    from the Legislature. While President Obama was referring to
    something else when he said "I've Got A Pen And I've Got A Phone,"
    he was speaking to exactly this idea -- things that need no
    appropriations are outside the system of checks and balances.

The "power of the purse" doesn't mean much when technology drives prices towards zero.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=625 http://geer.tinho.net/geer.blackhat.6viii14.txt

⬐ digi_owl

While a bit banal in this regard, it bring to mind the notion i have had that copyright was not strongly enforced previously in part because it would necessitate a cop in every home.

Now however there is at least one cop in every home, or at the very least a snitch. This thanks to internet connected computing devices.

> the Senate [is] charged with preventing this from happening. But the Senate was gutted

There is a gradual drift over time; most complex systems accumulate errors, imbalances, and unexpected problems over time. However, there is another problem happening right now that I've only seen mentioned[1] by Dan Geer. He suggests that technology has changed the balance of powers:

    The central dynamic internal to government is, and always
    has been, that the only way for either the Executive or the Legislature
    to control the many sub-units of government is by way of how much
    money they can hand out.
    ...
    Suppose, however, that surveillance becomes too cheap to meter,
    that is to say too cheap to limit through budgetary processes.  Does
    that lessen the power of the Legislature more, or the power of the
    Executive more?  I think that ever-cheaper surveillance substantially
    changes the balance of power in favor of the Executive and away
    from the Legislature. While President Obama was referring to
    something else when he said "I've Got A Pen And I've Got A Phone,"
    he was speaking to exactly this idea -- things that need no
    appropriations are outside the system of checks and balances.

The "power of the purse" doesn't mean much when technology drives prices towards zero. This is made much worse by the "humans need not apply"[2] shift in jobs from humans to automation.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=625 http://geer.tinho.net/geer.blackhat.6viii14.txt

[2] https://www.youtube.com/watch?v=7Pq-S557XQU

⬐ th0waway

Some group has to run the technology - Congress can simply remove funding for the group to run the technology.

⬐ DanielBMarkham

Yes. This.

As much as I like ranting about the security and surveillance state, the real problem with automation is that even if you somehow implement it perfectly according to our traditional values, it takes all the slack and human judgment out of the middle tiers of the system. You've got just one guy at the top at the steering wheel.

We're already in a situation where we're all guilty of felonies; it's simply a matter of whether the executive wants to go to the trouble of enforcing the law or not. Now imagine a scenario where the proof of our guilt was automatically generated. Where we're all observed, tried, found guilty -- all without any cost at all.

That makes the executive for all intents and purposes a modern day absolute ruler, a king. (I know it's popular to accuse the executive of being a king as part of political rhetoric, but I'm talking about real, objectively-measurable political power.)

When I look at the lack of any real third party challenge, the absence of real policy changes no matter who takes control, the regular, almost clockwork change of power at the executive level between parties, and the apathy both parties seem to feel when they lose big at the polls? This may already be reality. It's just the common man hasn't felt the stick yet.

ADD: You want a real nightmare scenario, imagine President Bozohead walking around with a set of VR googles hooked into a national surveillance system. He could walk up to anybody, point at them, and the system would review that person's previous decade's worth of records. Speeding tickets that were never given. Misstatements on tax forms. When they picked up that rock to take home on their trip to the Grand Canyon. The pond that formed in their backyard due to poor drainage. The time they fudged the truth about whether or not they were camping to that park ranger -- remember, lying to a federal employee is a felony.

He could just point at the guy, think the right thought, and the appropriate subpoenas and summonses would be electronically generated, and auto-signed by a judicial official. Or perhaps it's all administrative. Hell, they can always pick you up for 24 hours just on good measure -- the automated system can figure out everything you've done while you're cooling your heels. With ten years of detailed records, the government can create trouble for you faster than any team of lawyers could hope to defend.

Add in a little civil asset forfeiture if you want to complete the picture. Do you really need that house?

This puts the president, and his agents, completely outside the law. The only thing preventing abuse in such a scenario is public opinion and the personality of the guy in office. And there are lots of ways to deal with public opinion.

Scary stuff.

ADD2: Might be a good time for some science fiction writer to re-do Kafka's The Trial, this time with the crime hidden by computational complexity. (We could tell you, but there's actually 4,749 charges, 117 of which your AI thinks we could get lifted....)

It's been a cold civil war for many years. Encryption - and communication technology in general - is a power usable by anybody, not just established institutions.

As Dan Geer explains:

    In other words, [c]onvergence is an inevitable consequence of the
    very power of cyberspace in and of itself. [I]ncreasingly powerful,
    location independent technology in the hands of the many will tend
    to force changes in the distribution of power.  In fact, that is
    the central theme of this essay -- that the power that is growing
    in the net, per se, will soon surpass the ability of our existing
    institutions to modify it in any meaningful way, so either the net
    must be broken up into governable chunks or the net becomes government.
    
    It seems to me that the leverage here favors cyberspace whenever
    and wherever we give cyberspace a monopoly position, which we are
    doing that blindly and often.  In the last couple of years, I've
    found that institutions that I more or less must use [...] no longer
    accept paper letter instructions, they each only accept digital
    delivery of such instructions.  This means that each of them has
    created a critical dependence on an Internet swarming with men in
    the middle and, which is more, they have doubtlessly given up their
    own ability to fall back to what worked for a century before.

    It is that giving up of alternative means that really defines what
    convergence is and does.  It is said that all civil wars are about
    on whose terms re-unification will occur.  I would argue that we
    are in, to coin a phrase, a Cold Civil War to determine on whose
    terms convergence occurs. 

https://www.youtube.com/watch?v=nT-TGvYOBpI#t=2824

http://geer.tinho.net/geer.blackhat.6viii14.txt (section "10. Convergence")

Comparing intelligence operations of the past - with or without the help of business - to the current situation is a false equivalence.

To quote Cybersecurity as Realpolitik[1] yet again:

    The central dynamic internal to government is, and always
    has been, that the only way for either the Executive or the Legislature
    to control the many sub-units of government is by way of how much
    money they can hand out. [...]

    Suppose, however, that surveillance becomes too cheap to meter,
    that is to say too cheap to limit through budgetary processes.  Does
    that lessen the power of the Legislature more, or the power of the
    Executive more?  I think that ever-cheaper surveillance substantially
    changes the balance of power in favor of the Executive and away
    from the Legislature.

In the past, there were always fundamental limitations of money or manpower or capability. It's expensive to run a stakeout, and it just wasn't technologically possible to build a database about everybody; even the relatively simple census took years of work before the invention of Hollerith's Tabulator[2].

Compare that to today, where XKEYSCORE can search most world communications in (approximately?) realtime. Compare the handful of bytes worth of personal information the Census Bureau was able to tabulate about everybody to the still-growing mountain of data (and metadata) that is gathered routinely that we call "analytics". Compare the difficulty of searching for some particular piece of data - even with a fancy electromechanical tabulator - to the powerful and widely available analysis tools we have today.

It is simply dishonest to say the surveillance capabilities of even a generation or two ago is even remotely comparable to the surveillance currently being done by both governments and private businesses.[3]

[1] http://geer.tinho.net/geer.blackhat.6viii14.txt https://www.youtube.com/watch?v=nT-TGvYOBpI

[2] https://www.census.gov/history/www/innovations/technology/th...

[3] "It ain't the same league. It ain't even the same fucking sport."

Dan Geer at his important talk at Black Hat:

    The central dynamic internal to government is, and always
    has been, that the only way for either the Executive or the Legislature
    to control the many sub-units of government is by way of how much
    money they can hand out. [...]

    Suppose, however, that surveillance becomes too cheap to meter,
    that is to say too cheap to limit through budgetary processes.  Does
    that lessen the power of the Legislature more, or the power of the
    Executive more?  I think that ever-cheaper surveillance substantially
    changes the balance of power in favor of the Executive and away
    from the Legislature.  While President Obama was referring to
    something else when he said "I've Got A Pen And I've Got A Phone,"
    he was speaking to exactly this idea -- things that need no
    appropriations are outside the system of checks and balances. 

https://www.youtube.com/watch?v=nT-TGvYOBpI#t=642

http://geer.tinho.net/geer.blackhat.6viii14.txt

While Congress has been occupied with infighting and stupid political theater, the Executive branch has been taking a lot of their power.

Is it "making war" when Congress is clearly abdicating their responsibilities? It has certainly done more damage to the country than any army has ever accomplished.

The NSA isn't interested in defensive work these days. As Dan Geer explained[1]:

    I suggest that the cybersecurity tool-set favors offense these days.
    Chris Inglis, recently retired NSA Deputy Director, remarked that
    if we were to score cyber the way we score soccer, the tally would
    be 462-456 twenty minutes into the game, i.e., all offense.  I will
    take his comment as confirming at the highest level not only the
    dual use nature of cybersecurity but also confirming that offense
    is where the innovations that only States can afford is going on.

This is a serious problem, not only from the problems intelligence angies with many powers and poor oversight; ignoring defense is going to bite a lot of people in bad ways. We are already seeing the beginnings of this with the escalating impact computer-based attacks are having on their victims.

I also recommend considering Jacob Appelbaum's response to this question[2] from the audience - from someone currently working for the NSA. The summary is that we need people doing NSA-style work, but on the defense side, and we need it now. If the NSA isn't doing that, then maybe people that want to actually protect their country should find somewhere else to work that is actually working on defense.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=478

[2] https://www.youtube.com/watch?v=n9Xw3z-8oP4#t=4027

⬐ purpled_haze

> The NSA isn't interested in defensive work these days.

Hasn't "a great offense is always the best defense" always been the name of the game? We've gone from fists, to stick and rocks, to spears, to swords, to Greek Fire, to gunpowder, to nuclear weapons. Why not now be the ones to own the power to take down any computer or network?

Great efforts in defense aren't necessarily successful or rewarded either, e.g. Reagan's "Star Wars"/SDI https://en.wikipedia.org/wiki/Strategic_Defense_Initiative which was widely criticized and failed miserably.

While cyberdefense is not in the same unrealistic realm as SDI was in the 80s, the ways that most people think about security- firewall on the perimeter and/or securing each node, pen testing, patches, and locking down what can be installed/used- don't really solve the problem of having a wide attack vector. Imagine if you could shoot a single soldier out in the field and it would kill his/her whole battalion, the base in which he/she was stationed, and perhaps destroy or weaken the entire army or even armed forces to which he/she belonged? That is the situation now.

Playing ultimate defense requires much more isolation. We shouldn't be on the same network, we shouldn't always be connected, and we should really limit how the outside world can affect each node. That isn't often the case with the networks we have currently.

⬐ michaelt

  Hasn't "a great offense is always the best defense"
  always been the name of the game?

An air offence against an airfield can put a billion dollars worth of planes out of operation permanently.

There's no cyberattack equivalent of that - it's not like bricking a few $1000 PCs would disable foreign cyberattack capabilities.

⬐ jblow

Only a billion? This is the USA in 2015 we are talking about. A single F-35C costs a third of a billion dollars. So you are talking about 3 planes.

⬐ vermontdevil

Exactly my thoughts. NSA was supposed to provide measures to protect the network of the government. But see the OPM's breach as one example.

Seems NSA is obsessed with penetrating everywhere using 'terrorism' as a means to ensure continued funding. Thus the 'defense' nature is quite boring and sadly ignored.

⬐ hiq

This talk by Dan Geer is really great. Worth watching, or reading [1].

[1] http://geer.tinho.net/geer.blackhat.6viii14.txt

⬐ ENOTTY

SELinunx and SE for Android are two examples of NSA doing defensive work recently. Also NSA's Information Assurance Directorate puts out guidance[1]. But as to the level of investment in offense versus defense, you'll have to draw your own conclusions.

[1] https://github.com/iadgov

⬐ simoncion

SELinux made its public debut seventeen years ago, so it's not the best example of "recent" defensive work done by the NSA. ;)

To speak about SE for Android: I'm not sure how much weight I would lend to a few NSA employees helping Google/AOSP create SELinux profiles for Android. (It is recent work, though!)

I'm fairly certain that I would lend a lot of weight to public efforts to harden systems against the kinds of attacks that their TAO division launches.

⬐ newjersey

I assume part of the problem is that it is hard to quantify successes or wins in defense.

What is a good way to protect against ransomware? Symantec buries the lede with the answers (possibly because of conflicting business interests) which are

1. Limit end user access to mapped drives

2. Deploy and maintain a comprehensive backup solution

http://www.symantec.com/connect/blogs/ransomware-dos-and-don...

But really, how do we justify spending thousands of dollars on hardware? I hate myself for saying this but there are real risks of doing too much as well. We could have our own mini tyrannical regime of secure computing a la the TSA security theater.

Effective user education is challenging. Even developers are prone to use elevated user permissions where none is strictly required just for the sake of convenience. I know I've found myself right-clicking visual studio and clicking "Run as administrator" reflexively after just a few months of working on ASP.NET and IIS.

This is a little off-topic but I imagine the whole funding offense vs defense might be a little more "natural" than we like to admit. Imagine you're a defense manager and there's this other guy who is an offense manager. Just as a football analogy, how do you justify your team's worth when the other team says that there is no good way to quantify the worth of the work you're doing and there is a good way to quantify their team's work? I guess what I'm asking is how do we put a dollar and cent value to defensive cyber security? Can we just ask "How much does the business stand to lose if we lost all our data to ransom ware or worse to a competitor?" or would business think that is overreaching?

From your other posts you seem to have a very good sense of social responsibility, so I'm surprised at this comment.

Multiple identities are incredibly important to anybody in a minority that is threatened by their local mainstream culture. Black people in may areas (even today), gay or lesbian people in many parts of the world, and trans people just about anywhere[1] are some obvious examples. There are numerous others, which bring varying amounts of risk if exposed publicly.

These people are often forced to put on a facade when in public, to avoid the risk of being fired (only a few of these are protected classes), beaten, or even killed. The internet has created a space where these people can be themselves... as long as it doesn't connect back to their real name and identity.

Yes, leaving a job is a good way to avoid a bigoted manager, but that isn't an option for everybody. Your boss isn't the only threat, either: it wasn't that long ago that being openly gay could get you lynched in some areas.

This comes down to the basic concept of privacy. I recommend Dan Geer's definition[2] of privacy in light of modern technology:

    Privacy used to be proportional to that which it is impossible to observe
    or that which can be observed but not identified.  No more -- what is today
    observable and identifiable kills both privacy as impossible-to-observe and
    privacy as impossible-to-identify, so what might be an alternative?  If you
    are an optimist or an apparatchik, then your answer will tend toward rules
    of data procedure administered by a government you trust or control.  If you
    are a pessimist or a hacker/maker, then your answer will tend towards the
    operational, and your definition of a state of privacy will be my definition:
    the effective capacity to misrepresent yourself.

Real name policies are, de facto isomorphic with banning privacy. It is saying that people must never experiment with how they present themselves to the world. It's saying that anybody who fears repercussions if they act like themselves must stay in the closet.

It is nice to believe that we are past these problems. I'm often thankful that I have the privilege to live in California, which has been very accepting of diversity. Unfortunately, we haven't solved all of these problems, and they are not going to be solved in the near future. Sometimes an optimist or apparatchick insists that forcing everybody into the public so nothing is hidden and privacy no longer exists will somehow eradicate bigotry and discrimination. Well, bigots are often proud of their beliefs, and most people don't consider the consequences anyway; these problems are not solved by magical thinking.

[1] http://www.newrepublic.com/article/politics/magazine/90519/t...

[2] https://www.youtube.com/watch?v=nT-TGvYOBpI#t=2415

⬐ TeMPOraL

Let's call it temporary lapse of judgement... I guess I've confused the issue with my hate for bigotry. I just woke up and find the thing completely obvious - thanks to, in big part, your comment, and thanks to regaining the ability to generate examples in my head that I must have lost yesterday :(.

I guess part of my confusion stemmed from the fact that multiple identities on Facebook are hard and risky, so they become a pretty bad idea. Facebook seriously sucks for multiple identities, real-name-policy or not. You really need different accounts. Otherwise you need to get obsessive-compulsive about every privacy setting out there - who do you share with, who can view it, who can tag/mention you, etc. And then you lose anyway because one of your friends copy-pasted your post to a wider circle, or uploaded a photo with you and someone from the "wrong" side of your social graph recognizes it, etc. It's pretty much OPSEC 101 - the different lives you're having shouldn't mix at all because someone, somewhen, will screw up.

Also, you'd be surprised how broken the post range limits still are, if you know what to do (Facebook has significantly improved that over the last year or two, but there are still bugs).

> It is nice to believe that we are past these problems. I'm often thankful that I have the privilege to live in California, which has been very accepting of diversity. Unfortunately, we haven't solved all of these problems, and they are not going to be solved in the near future.

Yeah, this is what bit me.

> Sometimes an optimist or apparatchick insists that forcing everybody into the public so nothing is hidden and privacy no longer exists will somehow eradicate bigotry and discrimination. Well, bigots are often proud of their beliefs, and most people don't consider the consequences anyway; these problems are not solved by magical thinking.

I sometimes consider if what apparatchicks propose isn't in fact our best option. I usually refer to it as "privacy or progress, pick one", when pointing out the social and scientific benefits of the data we forgo when insisting on fighting every form of mass monitoring. Note, I'm only entertaining this thought - I'm not convinced yet either way, but the way the privacy discussion is today, the issue is terribly one-sided.

You mentioned bigots being proud of being bigots. This seriously worries me. I think the society could handle going (back?) to zero-privacy mode, but the more I think of it and see people being proud of their ignorance, the more I fear it would end in civil wars over really stupid things.

All it takes is metadata.

The "digital exhaust" we leave behind is extremely revealing. I usually use COTRAVELER as my example of how just a few data points (without any PII) can reveal a LOT about your social interactions, but browser history is another powerful data source.

I believe this is why Dan Geer, in his incredible talk last year[1], suggested that "privacy" should now be defined as "the effective capacity to misrepresent yourself". To avoid exactly the type of analysis, you need the capability to misrepresent yourself, and you need to regularly be in the habit of use use that capability.

    Misrepresentation is using disinformation to frustrate data fusion
    on the part of whomever it is that is watching you.  Some of it can
    be low-tech, such as misrepresentation by paying your therapist in
    cash under an assumed name.  Misrepresentation means arming yourself
    not at Walmart but in living rooms.  Misrepresentation means swapping
    affinity cards at random with like-minded folks.  Misrepresentation
    means keeping an inventory of misconfigured webservers to proxy
    through.  Misrepresentation means putting a motor-generator between
    you and the Smart Grid.  Misrepresentation means using Tor for no
    reason at all.  Misrepresentation means hiding in plain sight when
    there is nowhere else to hide.  Misrepresentation means having not
    one digital identity that you cherish, burnish, and protect, but
    having as many as you can. 
 

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI http://geer.tinho.net/geer.blackhat.6viii14.txt

Even if you ignore JFK, a good case can be made that the security agencies (probably FVEY?) currently seem to have at least de facto control basically anywhere they want. Exercising that control got a lot easier - and less obvious - as technology became available. Traditional informants and enforcers sometimes get noticed, but JOIN...WHERE user.id=foo across phone location data is very hard to discover.

The key part, I think, is that COINTELPRO ended in name only. Worse, as the use of the internet increased, the number of times I've had to consider "JTRIG-style disruption, paid corporate shill, or useful idiot" has increased dramatically.

While a "silent coup" is one possibility, I have been liking how Dan Geer's described[1] the high-level picture of our situation as a Cold Civil War. Cold wars are fought by proxy, and there has been a lot of pointer-chasing to trace in the modern political situation.

[1] https://www.youtube.com/watch?v=nT-TGvYOBpI ( http://geer.tinho.net/geer.blackhat.6viii14.txt )

> If a couple of Texas brothers could corner the world silver market,[HB] there is no doubt that the U.S. Government could openly corner the world vulnerability market, that is we buy them all and we make them all public. Simply announce "Show us a competing bid, and we'll give you 10x." Sure, there are some who will say "I hate Americans; I sell only to Ukrainians," but because vulnerability finding is increasingly automation-assisted, the seller who won't sell to the Americans knows that his vulns can be rediscovered in due course by someone who will sell to the Americans who will tell everybody, thus his need to sell his product before it outdates is irresistible. This strategy's usefulness comes from two side effects: (1) that by overpaying we enlarge the talent pool of vulnerability finders and (2) that by making public every single vuln the USG buys we devalue them. Put differently, by overpaying we increase the rate of vuln finding, while by showing everyone what it is that we bought we zero out whatever stockpile of cyber weapons our adversaries have. We don't need intelligence on what weapons our adversaries have if we have something close to a complete inventory of the world's vulns and have shared that with all the affected software suppliers.

Source: http://geer.tinho.net/geer.blackhat.6viii14.txt

Video: https://www.youtube.com/watch?v=nT-TGvYOBpI&t=36m45s

⬐ ptwiggens

I think that the intelligence agencies would rather have the vulnerabilities for their own use and roll the dice on being on the receiving end rather than buy up everything and close it, making it so they can't use it either.

http://youtu.be/nT-TGvYOBpI "Cybersecurity as Realpolitik by Dan Geer presented at Black Hat USA 2014"

⬐ maddev

The abstract:

Power exists to be used. Some wish for cyber safety, which they will not get. Others wish for cyber order, which they will not get. Some have the eye to discern cyber policies that are "the least worst thing;" may they fill the vacuum of wishful thinking.