Tools for Treason: A New Security Metric? (and lifehacking: cold water, Snowdenleaks in Germany )

Choice quote: “If your algorithm doesn’t allow a pedophile to irreversibly scramble his drive and avoid prosecution, it can’t be used by freethinkers under ideological oppression to hide state-banned books. If your messaging app won’t let someone safely plan bombing the Super Bowl, it can’t be used by an activist to reveal human rights abuses. If your map doesn’t let poachers stalk rhinos without alerting rangers, it can’t be used by ethnic minorities to escape purges. The strength of the tool enables all of these things, and it is an old, old test we have taken many times before to see which we use it for. The answer, as always, will be “both.””

In a post-Snowden world, the author concludes that we need to develop communication tools that assume the impossibility of trust. If trust enters into the equation, the Non-Speaking Actors’ guild is guaranteed to abuse it.

Lifehacking tip: before you step out of the shower in the morning, turn the water to “damn cold” for a minute. Turn around and “enjoy” it both front and back. Done right, you should feel a little like a superhero facing a hail of machine-gun bullets.

Advanced version: flip the water from cold to hot and then cold again.

Short version: in lieu of splashing water on your face, stick your whole head under a cold-water tap.

Biological basis: Something-something temperature regulation in the body being done through metabolism and mitochondria means dealing with cold increases energy production. Maybe.

In biophotonic terms I suspect this in turn causes the balance to shift from ‘ground state’ to ‘metastable state,’ increasing the reserve of energy available for sudden release and reducing the body’s tendency to react to random external stimuli. Also possibly increasing coherent photon emissions, facilitating intercellular communication and ‘quantum effects.’

Either way you’ll feel fantastic. Do this three or four days in a row and you’ll probably start LOOKING FORWARD to it, just for how awesome you feel after.

Snowdenleaks in Germany: It’s an election year, and Snowdenleaks has presented an opportunity for the German opposition — point out that the incumbent Chancellor’s “meh” reaction is not OK.

Specifically, that the massive data gathering of Germans’ personal data by a foreign intelligence agency is an equally massive violation of both German sovereignity and law… and that said Chancellor’s reaction is therefore a violation of her oath of office.[1]

This is perhaps the first time in German history that an appeal to popular national identity has been used to fight totalitarianism and surveillance.

[1] http://news.yahoo.com/us-surveillance-becomes-election-issue-germany-064115050.html

http://techcrunch.com/2013/07/06/tools-for-treason/

“the founding principle of our tools for communication cannot be the establishment of trust, but the impossibility of trust.

It’s a cynical place to start, but clearly a necessary one. If it is possible at any point for trust to enter the equation, that trust can and likely will be taken advantage of. If there exists, anywhere from your end to the other in the long chain of servers, switches, cables, interpreters, loggers, drivers, protocols, interfaces, and displays, any single place where you are not one hundred percent in control of your data, your data is compromised and the system fails.

The trick is to treat every communication as a potential act of terrorism. After all, isn’t that how the NSA does it? For them, it’s an excuse; For us, it should be a method. Start there, and you can build a system that works. Start there, and you will be told that you are building tools for treason. You are.

Great. If it isn’t illegal, it isn’t strong enough. If the government doesn’t denounce it, it isn’t good enough. Tools for treason are the only tools that will suffice for our protection from now on.

But let’s be clear: They will be used for evil, both petty and monstrous: for trading child pornography, for selling meth, for planning assassinations, for mass murder. You will be told you are arming the enemy. You are. But your tools are neither necessary nor sufficient for such atrocities. Every kitchen knife is sharp enough to cut your fellow man; every hammer is hard enough to split skulls; every car is fast enough to mow down pedestrians. They have to be to fulfill their purposes, and it’s the same here.

And remember, we’re not just talking about Facebook chats and Google searches. What seems like overkill for protecting personal email may be totally insufficient for a guerrilla fighter coordinating across borders. Many people may not care about their privacy when it comes to a spare email address leaked by Facebook or the metadata from their Gmail account. They may come around later or not, but someone’s got to make sure that if they do come around, privacy is even an option.

If your algorithm doesn’t allow a pedophile to irreversibly scramble his drive and avoid prosecution, it can’t be used by freethinkers under ideological oppression to hide state-banned books. If your messaging app won’t let someone safely plan bombing the Super Bowl, it can’t be used by an activist to reveal human rights abuses. If your map doesn’t let poachers stalk rhinos without alerting rangers, it can’t be used by ethnic minorities to escape purges. The strength of the tool enables all of these things, and it is an old, old test we have taken many times before to see which we use it for. The answer, as always, will be “both.”

And how will we make these magical tools? There are really only two major requirements, if we assume (wrongly for the most part, at least at first) that users can operate them properly.

They must completely ignore the law. There is no reason to respect it — even the government doesn’t. Police requests for data, subpoenas, and anything else must be completely powerless, at least without the consent of the user. But it is not enough to disdain the law, unless one is immune to it.

Therefore, they must not be centralized. Web platforms as a service are fine, and will remain fine, for editing photos and sharing restaurant recommendations, but not for personal communications or any kind of confidential data. Nearly every cloud service places compliance with the law above the needs of its users (SpiderOak is an exception to this, and I wrote mistakenly here that they are able to decrypt on command; They are not, as a commenter points out, although the metadata they can disclose could also be critical). Self-hosting, whether on your own or on rented or virtualized hardware, is the only way to be remotely sure that your data is safe.

Put network attached storage and a pop-up web server in every home and watch existing monolithic structures be eroded. With personal gigabit connections, terabytes of our own to serve from, end-to-end encryption, and peer-to-peer implemented at a fundamental level, our communications will cease to be reliant on anything except critical infrastructure — and even that, in time, will be obsoleted. It’ll take time to nail down the right protocols, plug gaps, and expand compatibility, but the important thing is to get it out there. Like Bittorrent, the cat won’t be put back in the bag. It’s taken ten years for torrents to become a household word, but at the rate services and agencies are accidental tipping their cards, it may not be as long a road to get people in touch with their inner cryptographer. Make it as easy to install as BonziBuddy and you’ll start something that won’t be easily stopped.

The simple fact is that the government and powers in whom we’ve confided have shown themselves to be unworthy and unreliable (if not totally reprehensible). Respecting their interests should no longer be a matter of course, and furthering the naturally decentralized nature of the Internet is the logical next step. Creating something that serves the interests of the private (or oppressed) individual instead of, ultimately, those who wish to impose on him or her should be a major imperative for the next decade of software and platform development.”

Advertisements
%d bloggers like this: