The State Versus the Internet

Email Print



The power of
the state has always rested on two pillars: Force and legitimacy.
The Internet subverts them both. As for force, think about encrypted
commerce, as for legitimacy (the more important part), think about
the following:

  • It used
    to be that 98% of all news came out of two zip codes in Manhattan,
    produced by a more or less homogenous group of people. Now, it
    comes from everywhere. "Guys in pajamas" brought down
    the mighty Dan Rather.
  • When I began
    to wander among liberty people, not too many decades ago, the
    people who "got it" were mostly hyper-studious types
    in the largest American cities. Now they are found almost everywhere.
  • Events are
    recorded and can be verified across the globe in moments. The
    life-span of bad information is collapsing, and plenty of what
    used to be easy manipulation with it.
  • People are
    able to test their wild ideas in anonymous public conversations,
    shielded from shame. As a result, those ideas are improved, very
    many of which would never have been exposed without a protected
    place to speak from.
  • Collective
    identities and animosities ("those people are monsters; we
    must fight!") are collapsing as separated groups of people
    get to know each other via world-wide, nearly-free communication.

This is all
the result of the Internet, and all of it undermines the sanctity
and urgency of the state. And since the operators of states are
not stupid, they understand the threat and are moving aggressively
to conquer the Internet.


By now most
readers will be aware that governments world-wide are running mass
operations. For example, it has been known for
years that the American NSA has been scarfing up all the Internet
and telephone traffic that AT&T could provide. Wired
magazine did a story on this back in 2006
, and many similar
stories have surfaced. Are we really to believe that Verizon, Google,
Yahoo, AOL and the rest have been heroically standing up to them
all the years since?

And, by the
way, just one of the NSA's new facilities (and the true number of
them is uncertain) is capable of storing ten years' worth of world
Internet traffic. It can also sort and search it.

Many readers
will also understand that even independent Internet Service Providers
have been brought into obedience by the various national law enforcement
departments. With rare
, the enforcers get whatever records they want, when
they want them.

The important
point here is that these steps have already been taken: The battles
are over and the states have won. The ISPs are under control and
states are copying, saving and sorting a large portion of the world's
Internet traffic.

One other step
has been the conversion of Google from a clever new company to a
major cog in the state's apparatus. I won't spend a lot of time
on this, but you really should be aware of some recent quotes from
Google's boss, Eric Schmidt:

We can predict
where you are going to go Tuesday morning.

Show us 14
photos of yourself and we can identify who you are. You think
you don’t have 14 photos of yourself on the internet? You’ve got
Facebook photos!

The only
way to manage this is true transparency and no anonymity. In a
world of asynchronous threats, it is too dangerous for there not
to be some way to identify you. We need a name service for people.
Governments will demand it.

Yeah, it's
that bad. Google is aggressively positioning itself to end up owning
the Internet, or at least a major share of it. But, that is a long
story I will pass up for the moment.


For most of
this article, I'll focus on what states are doing now. I'll pay
special attention to the US, ironically enough, because more information
surfaces there, and, of course, since they are at the head of the
field. But do not let yourself think that the US is special in this
regard — most of the others are doing the same things.

Also please
bear in mind that we will be discussing things that are planned,
but not yet finalized. Some of these plans may fail. But even if
they do, the record indicates that substantially all failures will
be followed with vigorous new attempts.


Just a few
weeks ago, the New York Times broke the news that the White
House, their "Internet Czar," the FBI and others had a
new plan to wiretap
the Internet
. It is expected to be in front of Congress next
year. This plan would force every product and service provider to
redesign their products to give governments a back-door, so they
can listen in whenever they want. That means that Blackberry, iPhone,
Facebook, Skype and everyone else has to redesign their products.
It also means that smaller operations will have to fold up: very
few of them can just dump their existing systems and crank out new
ones. Only the large will remain, and only if they bow to the state.

When discussing
the bill, various state officials reminded reporters that everything
would be "lawful." (Which ceased being a meaningful term
quite a while back, IMO.) They also claimed that providers could
still give their customers strong encryption. "They can promise
strong encryption," said the FBI's General Counsel, Caproni,
"They just need to figure out how they can provide us plain
text." So, the provider must decrypt for the FBI as well.

Once such a
law is in place, no service is even nominally safe, and a great
many are likely to simply close. But the big, politically-connected
companies will remain.

Bear in mind
that once the capability is in place for the US, everyone else will
jump aboard, since "the ability is already there." And,
it will also u2018be there' for lots of crooks, who always find ways
to get their hands on useful information… like back-doors into all
those Blackberries. Try to imagine what you could do with all that


This is a recent
development that will almost certainly become law. The Protecting
Cyberspace as a National Asset Act gives Obama, all who succeed
him, and before long almost every other ruler on the planet, an
Internet "kill switch." And, yes, this can be done.

The bill relies
for its "lawfulness" on a 76-year-old piece of legislation
called The Communications Act of 1934, which gives the president
power to cause "the closing of any facility or stations for
wire communication" in a time of war. Can you see why talk
of "cyber-war" came up at the same time as this bill?

Cyber-war —
to digress for a moment — is still more of a meme than a reality.
Stuxnet, for example, is spread primarily with USB sticks and attacks
only special devices called PLCs, which are more intelligent-motor-starter
than Internet terminal. That program had to have been built and
tested on other PLCs, which was a completely different operation
than writing an Internet Trojan. But, back to our new law…

This law would
establish a White House Office for Cyberspace Policy and a National
Center for Cybersecurity and Communications, which would work with
private US companies to "create cybersecurity requirements
for the electrical grid, telecommunications networks and other critical
infrastructure." Any operation of the Kill Switch would be
limited to 120 days, but could, of course, by extended by Congress.

Note two things
about this:

  1. The technical
    method of implementation is not in the bill, so it can be whatever
    "experts" decide.
  2. The requirements
    will be applied to "critical infrastructure."

We'll cover
the concept of "critical infrastructure" first and talk
about implementation below. In actual fact, the utilities that are
designated as critical use the primary backbones of the Internet
as the central portions of their "infrastructure." (Backbones
are the very largest Internet links.) To make things worse, a special
electronic technique called Multi-Protocol Label Switching (MPLS)
more or less pools many backbone fibers into one large virtual fiber.
So, the ability to shut something down will involve control of the
larger "virtual fiber," not just a single "bad fiber."
And, of course, the NSA will be seeing to all of this.

The bill was
unanimously approved in a Senate committee in June. The likely future
is for Congress to wait until something "cyber" goes wrong,
then to pass it while the fear and pressure are high.

In response,
civil libertarians are certain to write strong letters.


As mentioned
earlier, the precise methods of switching off parts of the Internet
are not specified in legislation, but will be decided by "experts."
The likely way for them to do this is with an updated version of
some primary Internet software called Border Gateway Protocol

We often say
that the Internet is decentralized, which is more or less true,
but it is not atomized. There are perhaps a few thousand
large units called Autonomous Systems (AS) that make-up the
Internet, and they relate to each other with Border Gateway Protocols.

BGP is, essentially,
a type of "handshake" protocol: I acknowledge you,
do you acknowledge me? Who is connected beyond you? The problem
with BGP is that it is not verifiable. This isn't a big problem
— as we know, the Internet works just fine nearly every day — but
rare occasion something does go wrong
. From a controller's standpoint,
however, BGP is a huge problem, because it cannot be grasped at
a single point.

Enter SecureBGP
(BGPSEC) Under this scheme, key exchanges between border gateway
routers are involved, to verify that the other router is who it
says it is. The problem here is that someone will want to be the
official key creator and holder… which means the state. And the
US government is working very hard to build this
. (They already
have a domain name version called DNSSec.)

If the key
certificate authority for BGPSEC is anything like SSL certificate
authorizers, then each layer of key provider will control the keys
below it. That means that specific servers or groups of servers
can be disconnected from the Internet within minutes. But even if
that type of hierarchy is not part of the code, it is close to certain
that AS groups will comply with orders, especially if disobedience
means they will be shut down entirely.

So, yes, the
Internet Kill Switch will work, sorry to say.

Not only are
states involved in this type of policing, but large contractors
are running mass surveillance operations to identify file-sharers
as well. One big reason for this, of course, is that media companies
are in trouble, and they are far too valuable to control-types to
lose. Media and advertisers are, in the final analysis, both the
creators and the insertion points for ideas and images into popular
discourse — thoughts that are merely adopted, rather than
vetted and considered. (Another longish discourse will be passed
over at this point.)

strikes" is the term used to described the disconnect process
usually applied to these plans. It is based on the American legal
concept of "three strikes and you're out." On the third
offense, you are disconnected for good.


This is an
idea that pops-up from time to time, most
recently by Microsoft
. The concept is that some group is given
access to every private computer and can scan them all to assure
that they are "sanitary." If they are, they get access
to the Internet, if not, they are cut off. Spend a moment thinking
about the power that this would give the scanning authority.

Will this become
law? Probably not now, but when fear is stoked after something bad
happens? It could.


Cloud computing
offers some attractive features, but is also involves a serious
centralization of the Internet. Rather than having millions of intelligent
nodes, it brings thousands at a time into single data centers —
one large handle to grab, where there were formerly thousands of
small ones.

And again,
this gives power to the large and politically-connected and crushes
the small and independent.

the Internet would be a horrible thing in many ways, including for
Systems Administrators, 80% of whom would probably be unnecessary
in a strong cloud environment.


In the past
few years, anti-crypto laws have returned (more in the UK and EU
than in the US). Several people are already in jail for not divulging
their crypto-keys. And, in what was primarily a publicity stunt,
NSA offered massive rewards to anyone who could break Skype.

(Skype was already compliant with law enforcement orders.)

This is moving
forward under the name of Source Telecom Surveillance. What will
become of it is unknowable at this time.


Multiple avenues
of controlling every Internet user are being pursued, and many of
them are quite potent.

On another
side, the consumer Internet is slowly turning into a thousand new,
interactive TV channels. Most of the new applications are highly
insecure, which means they are either monitored already or easily
could be. In effect, people are plugging into the Matrix, one convenience
at a time. I know that sounds hyper-dramatic, but I know of no better
way to describe the situation.

At the end
of the line, we end up with a Welfare State being replaced by a
Security-Industrial Complex. It looks to feature some minimal layer
of welfare, lots of entertainment, and lots of fear and enforcers.
In other words, a lot like life in the late Roman Empire, but wired.


I leave all
of this for your consideration. I have no master plan to offer you.
But the enemies of the Internet are exercising both will and action.
What are we doing?

16, 2010

Rosenberg [send him
] is the CEO of Cryptohippie
, the leading provider of Internet anonymity.

Email Print