With the latest shocking revelations concerning the NSA's ability to break encryption, Bruce Schneier has made an excellent point. In pursuit of trying to find a few needles, the US government has basically betrayed the core of the internet -- and it's time for engineers to fix it. Now. Basically what's come out today is that the NSA has purposely been massively weakening internet security for its own good on the ridiculous belief that only it would find and use these vulnerabilities.
Schneier makes two important calls in his article. First, he calls on those who actually helped out in placing these backdoors into today's technologies to come out and reveal the details. Second, he says that the internet technology and security community needs to come together right now to rethink core internet infrastructure to build solutions that are done right, with real security in mind. Encryption is still viable and powerful, but it needs to be done correctly.
We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.As we've written a few times now, a bunch of attempts have sprung up lately to build secure communications offerings, but this goes way beyond that. This is a problem going back to core internet infrastructure, and it needs to be rethought and re-implemented in an open way that can be reviewed by anyone and where it's much more difficult for the NSA to hide or to sneak in "covert" operatives whose roles are to subvert the security.
We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.
Of course, in the short run this is also going to give extra ammo to foreign governments who want greater control over the internet themselves (not always with good intentions). It's going to be important to resist that kind of control as well. Instead, the focus needs to be on rethinking this in a manner so that no party is in full control and can subvert the system.
No comments:
Post a Comment