• The State Versus the Internet

    Email Print



    The power of
    the state has always rested on two pillars: Force and legitimacy.
    The Internet subverts them both. As for force, think about encrypted
    commerce, as for legitimacy (the more important part), think about
    the following:

    • It used
      to be that 98% of all news came out of two zip codes in Manhattan,
      produced by a more or less homogenous group of people. Now, it
      comes from everywhere. "Guys in pajamas" brought down
      the mighty Dan Rather.
    • When I began
      to wander among liberty people, not too many decades ago, the
      people who "got it" were mostly hyper-studious types
      in the largest American cities. Now they are found almost everywhere.
    • Events are
      recorded and can be verified across the globe in moments. The
      life-span of bad information is collapsing, and plenty of what
      used to be easy manipulation with it.
    • People are
      able to test their wild ideas in anonymous public conversations,
      shielded from shame. As a result, those ideas are improved, very
      many of which would never have been exposed without a protected
      place to speak from.
    • Collective
      identities and animosities ("those people are monsters; we
      must fight!") are collapsing as separated groups of people
      get to know each other via world-wide, nearly-free communication.

    This is all
    the result of the Internet, and all of it undermines the sanctity
    and urgency of the state. And since the operators of states are
    not stupid, they understand the threat and are moving aggressively
    to conquer the Internet.


    By now most
    readers will be aware that governments world-wide are running mass
    operations. For example, it has been known for
    years that the American NSA has been scarfing up all the Internet
    and telephone traffic that AT&T could provide. Wired
    magazine did a story on this back in 2006
    , and many similar
    stories have surfaced. Are we really to believe that Verizon, Google,
    Yahoo, AOL and the rest have been heroically standing up to them
    all the years since?

    And, by the
    way, just one of the NSA's new facilities (and the true number of
    them is uncertain) is capable of storing ten years' worth of world
    Internet traffic. It can also sort and search it.

    Many readers
    will also understand that even independent Internet Service Providers
    have been brought into obedience by the various national law enforcement
    departments. With rare
    , the enforcers get whatever records they want, when
    they want them.

    The important
    point here is that these steps have already been taken: The battles
    are over and the states have won. The ISPs are under control and
    states are copying, saving and sorting a large portion of the world's
    Internet traffic.

    One other step
    has been the conversion of Google from a clever new company to a
    major cog in the state's apparatus. I won't spend a lot of time
    on this, but you really should be aware of some recent quotes from
    Google's boss, Eric Schmidt:

    We can predict
    where you are going to go Tuesday morning.

    Show us 14
    photos of yourself and we can identify who you are. You think
    you don’t have 14 photos of yourself on the internet? You’ve got
    Facebook photos!

    The only
    way to manage this is true transparency and no anonymity. In a
    world of asynchronous threats, it is too dangerous for there not
    to be some way to identify you. We need a name service for people.
    Governments will demand it.

    Yeah, it's
    that bad. Google is aggressively positioning itself to end up owning
    the Internet, or at least a major share of it. But, that is a long
    story I will pass up for the moment.


    For most of
    this article, I'll focus on what states are doing now. I'll pay
    special attention to the US, ironically enough, because more information
    surfaces there, and, of course, since they are at the head of the
    field. But do not let yourself think that the US is special in this
    regard — most of the others are doing the same things.

    Also please
    bear in mind that we will be discussing things that are planned,
    but not yet finalized. Some of these plans may fail. But even if
    they do, the record indicates that substantially all failures will
    be followed with vigorous new attempts.


    Just a few
    weeks ago, the New York Times broke the news that the White
    House, their "Internet Czar," the FBI and others had a
    new plan to wiretap
    the Internet
    . It is expected to be in front of Congress next
    year. This plan would force every product and service provider to
    redesign their products to give governments a back-door, so they
    can listen in whenever they want. That means that Blackberry, iPhone,
    Facebook, Skype and everyone else has to redesign their products.
    It also means that smaller operations will have to fold up: very
    few of them can just dump their existing systems and crank out new
    ones. Only the large will remain, and only if they bow to the state.

    When discussing
    the bill, various state officials reminded reporters that everything
    would be "lawful." (Which ceased being a meaningful term
    quite a while back, IMO.) They also claimed that providers could
    still give their customers strong encryption. "They can promise
    strong encryption," said the FBI's General Counsel, Caproni,
    "They just need to figure out how they can provide us plain
    text." So, the provider must decrypt for the FBI as well.

    Once such a
    law is in place, no service is even nominally safe, and a great
    many are likely to simply close. But the big, politically-connected
    companies will remain.

    Bear in mind
    that once the capability is in place for the US, everyone else will
    jump aboard, since "the ability is already there." And,
    it will also u2018be there' for lots of crooks, who always find ways
    to get their hands on useful information… like back-doors into all
    those Blackberries. Try to imagine what you could do with all that


    This is a recent
    development that will almost certainly become law. The Protecting
    Cyberspace as a National Asset Act gives Obama, all who succeed
    him, and before long almost every other ruler on the planet, an
    Internet "kill switch." And, yes, this can be done.

    The bill relies
    for its "lawfulness" on a 76-year-old piece of legislation
    called The Communications Act of 1934, which gives the president
    power to cause "the closing of any facility or stations for
    wire communication" in a time of war. Can you see why talk
    of "cyber-war" came up at the same time as this bill?

    Cyber-war —
    to digress for a moment — is still more of a meme than a reality.
    Stuxnet, for example, is spread primarily with USB sticks and attacks
    only special devices called PLCs, which are more intelligent-motor-starter
    than Internet terminal. That program had to have been built and
    tested on other PLCs, which was a completely different operation
    than writing an Internet Trojan. But, back to our new law…

    This law would
    establish a White House Office for Cyberspace Policy and a National
    Center for Cybersecurity and Communications, which would work with
    private US companies to "create cybersecurity requirements
    for the electrical grid, telecommunications networks and other critical
    infrastructure." Any operation of the Kill Switch would be
    limited to 120 days, but could, of course, by extended by Congress.

    Note two things
    about this:

    1. The technical
      method of implementation is not in the bill, so it can be whatever
      "experts" decide.
    2. The requirements
      will be applied to "critical infrastructure."

    We'll cover
    the concept of "critical infrastructure" first and talk
    about implementation below. In actual fact, the utilities that are
    designated as critical use the primary backbones of the Internet
    as the central portions of their "infrastructure." (Backbones
    are the very largest Internet links.) To make things worse, a special
    electronic technique called Multi-Protocol Label Switching (MPLS)
    more or less pools many backbone fibers into one large virtual fiber.
    So, the ability to shut something down will involve control of the
    larger "virtual fiber," not just a single "bad fiber."
    And, of course, the NSA will be seeing to all of this.

    The bill was
    unanimously approved in a Senate committee in June. The likely future
    is for Congress to wait until something "cyber" goes wrong,
    then to pass it while the fear and pressure are high.

    In response,
    civil libertarians are certain to write strong letters.


    As mentioned
    earlier, the precise methods of switching off parts of the Internet
    are not specified in legislation, but will be decided by "experts."
    The likely way for them to do this is with an updated version of
    some primary Internet software called Border Gateway Protocol

    We often say
    that the Internet is decentralized, which is more or less true,
    but it is not atomized. There are perhaps a few thousand
    large units called Autonomous Systems (AS) that make-up the
    Internet, and they relate to each other with Border Gateway Protocols.

    BGP is, essentially,
    a type of "handshake" protocol: I acknowledge you,
    do you acknowledge me? Who is connected beyond you? The problem
    with BGP is that it is not verifiable. This isn't a big problem
    — as we know, the Internet works just fine nearly every day — but
    rare occasion something does go wrong
    . From a controller's standpoint,
    however, BGP is a huge problem, because it cannot be grasped at
    a single point.

    Enter SecureBGP
    (BGPSEC) Under this scheme, key exchanges between border gateway
    routers are involved, to verify that the other router is who it
    says it is. The problem here is that someone will want to be the
    official key creator and holder… which means the state. And the
    US government is working very hard to build this
    . (They already
    have a domain name version called DNSSec.)

    If the key
    certificate authority for BGPSEC is anything like SSL certificate
    authorizers, then each layer of key provider will control the keys
    below it. That means that specific servers or groups of servers
    can be disconnected from the Internet within minutes. But even if
    that type of hierarchy is not part of the code, it is close to certain
    that AS groups will comply with orders, especially if disobedience
    means they will be shut down entirely.

    So, yes, the
    Internet Kill Switch will work, sorry to say.

    Not only are
    states involved in this type of policing, but large contractors
    are running mass surveillance operations to identify file-sharers
    as well. One big reason for this, of course, is that media companies
    are in trouble, and they are far too valuable to control-types to
    lose. Media and advertisers are, in the final analysis, both the
    creators and the insertion points for ideas and images into popular
    discourse — thoughts that are merely adopted, rather than
    vetted and considered. (Another longish discourse will be passed
    over at this point.)

    strikes" is the term used to described the disconnect process
    usually applied to these plans. It is based on the American legal
    concept of "three strikes and you're out." On the third
    offense, you are disconnected for good.


    This is an
    idea that pops-up from time to time, most
    recently by Microsoft
    . The concept is that some group is given
    access to every private computer and can scan them all to assure
    that they are "sanitary." If they are, they get access
    to the Internet, if not, they are cut off. Spend a moment thinking
    about the power that this would give the scanning authority.

    Will this become
    law? Probably not now, but when fear is stoked after something bad
    happens? It could.


    Cloud computing
    offers some attractive features, but is also involves a serious
    centralization of the Internet. Rather than having millions of intelligent
    nodes, it brings thousands at a time into single data centers —
    one large handle to grab, where there were formerly thousands of
    small ones.

    And again,
    this gives power to the large and politically-connected and crushes
    the small and independent.

    the Internet would be a horrible thing in many ways, including for
    Systems Administrators, 80% of whom would probably be unnecessary
    in a strong cloud environment.


    In the past
    few years, anti-crypto laws have returned (more in the UK and EU
    than in the US). Several people are already in jail for not divulging
    their crypto-keys. And, in what was primarily a publicity stunt,
    NSA offered massive rewards to anyone who could break Skype.

    (Skype was already compliant with law enforcement orders.)

    This is moving
    forward under the name of Source Telecom Surveillance. What will
    become of it is unknowable at this time.


    Multiple avenues
    of controlling every Internet user are being pursued, and many of
    them are quite potent.

    On another
    side, the consumer Internet is slowly turning into a thousand new,
    interactive TV channels. Most of the new applications are highly
    insecure, which means they are either monitored already or easily
    could be. In effect, people are plugging into the Matrix, one convenience
    at a time. I know that sounds hyper-dramatic, but I know of no better
    way to describe the situation.

    At the end
    of the line, we end up with a Welfare State being replaced by a
    Security-Industrial Complex. It looks to feature some minimal layer
    of welfare, lots of entertainment, and lots of fear and enforcers.
    In other words, a lot like life in the late Roman Empire, but wired.


    I leave all
    of this for your consideration. I have no master plan to offer you.
    But the enemies of the Internet are exercising both will and action.
    What are we doing?

    16, 2010

    Rosenberg [send him
    ] is the CEO of Cryptohippie
    , the leading provider of Internet anonymity.

    Email Print