Authors: Bruce Schneier
Some people believe the NSA:
Cory Doctorow (11 Mar 2014), “If GCHQ wants to improve national security it must
fix our technology,”
Guardian
, http://www.theguardian.com/technology/2014/mar/11/gchq-national-security-technology.
Dan Geer (2013), “Three policies,” http://geer.tinho.net/three.policies.2013Apr03Wed.PDF.
Others claim that this would:
David E. Sanger (29 Apr 2014), “White House details thinking on cybersecurity flaws,”
New York Times
, http://www.nytimes.com/2014/04/29/us/white-house-details-thinking-on-cybersecurity-gaps.html.
President Obama’s NSA review group:
It’s recommendation 30. Richard A. Clarke et al. (12 Dec 2013), “Liberty and security
in a changing world: Report and recommendations of The President’s Review Group on
Intelligence and Communications Technologies,” US Executive Office of the President,
http://www.whitehouse.gov/sites/default/files/docs/2013-12-12_rg_final_report.pdf.
I have made this point myself:
Bruce Schneier (19 May 2014), “Should U.S. hackers fix cybersecurity holes or exploit
them?”
Atlantic
, http://www.theatlantic.com/technology/archive/2014/05/should-hackers-fix-cybersecurity-holes-or-exploit-them/371197.
This is what the NSA:
Michael Daniel (28 Apr 2014), “Heartbleed: Understanding when we disclose cyber vulnerabilities,”
White House Blog
, http://www.whitehouse.gov/blog/2014/04/28/heartbleed-understanding-when-we-disclose-cyber-vulnerabilities.
David E. Sanger (28 Apr 2014), “White House details thinking on cybersecurity flaws,”
New York Times
, http://www.nytimes.com/2014/04/29/us/white-house-details-thinking-on-cybersecurity-gaps.html.
Christopher Joye (8 May 2014), “Interview transcript: Former head of the NSA and commander
of the US cyber command, General Keith Alexander,”
Australian Financial Review
, http://www.afr.com/Page/Uuid/b67d7b3e-d570-11e3-90e8-355a30324c5f.
why the technical community:
Bruce Schneier (5 Sep 2013), “The US government has betrayed the internet. We need
to take it back,”
Guardian
, http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying.
Stephen Farrell (2013), “Pervasive monitoring is an attack,” Internet Engineering
Task Force Trust, Network Working Group, http://tools.ietf.org/pdf/draft-farrell-perpass-attack-00.pdf.
the FBI is continually trying:
Charlie Savage (27 Sep 2010), “U.S. tries to make it easier to wiretap the Internet,”
New York Times
, http://www.nytimes.com/2010/09/27/us/27wiretap.html. Ryan Singel (17 Feb 2011),
“FBI pushes for surveillance backdoors in Web 2.0 tools,”
Wired
, http://www.wired.com/2011/02/fbi-backdoors. Valerie Caproni (17 Feb 2011), “Statement
before the House Judiciary Committee, Subcommittee on Crime, Terrorism, and Homeland
Security, Washington, D.C.,” US Federal Bureau of Investigation, http://www.fbi.gov/news/testimony/going-dark-lawful-electronic-surveillance-in-the-face-of-new-technologies.
and to each other’s:
This isn’t new. In the 1980s and 1990s, the NSA inserted backdoors into the hardware
encryption products sold by the Swiss company Crypto AG. Scott Shane and Tom Bowman
(4 Dec 1995), “Rigging the game,”
Baltimore Sun
, http://cryptome.org/jya/nsa-sun.htm. Wayne Madsen (Winter 1998), “Crypto AG: The
NSA’s Trojan whore?”
Covert Action Quarterly
63, http://mediafilter.org/caq/cryptogate.
observers have concluded:
Christopher Ketcham (27 Sep 2008), “An Israeli Trojan horse,”
Counterpunch
, http://www.counterpunch.org/2008/09/27/an-israeli-trojan-horse. James Bamford (3
Apr 2012), “Shady companies with ties to Israel wiretap the U.S. for the NSA,”
Wired
, http://www.wired.com/2012/04/shady-companies-nsa/all. Richard Sanders (Spring 2012),
“Israeli spy companies: Verint and Narus,”
Press for Conversion!
66, http://coat.ncf.ca/P4C/66/spy.pdf.
Security has to come first:
Back in the 1990s, the National Academies made the same recommendation: “Recommendation
1—No law should bar the manufacture, sale, or use of any form of encryption within
the United States. Specifically, a legislative ban on the use of unescrowed encryption
would raise both technical and legal or constitutional issues. Technically, many methods
are available to circumvent such a ban; legally, constitutional issues, especially
those related to free speech, would be almost certain to arise, issues that are not
trivial to resolve. Recommendation 1 is made to reinforce this particular aspect of
the Administration’s cryptography policy.” Kenneth W. Damm and Herbert S. Lin, eds.
(1995),
Cryptography’s Role in Securing the Information Society
, National Academies Press, http://www.nap.edu/catalog.php?record_id=5131.
law enforcement officials:
Bruce Schneier (4 Oct 2014), “Stop the hysteria over Apple encryption,” CNN, http://edition.cnn.com/2014/10/03/opinion/schneier-apple-encryption-hysteria/index.html.
exactly one involved kidnapping:
Administrative Office of the US Courts (11 Jun 2014), “Table 3: Major offenses for
which court-authorized intercepts were granted pursuant to 18 U.S.C. 2519 January
1 through December 31, 2013,” from
Wiretap Report
2013, http://www.uscourts.gov/Statistics/WiretapReports/wiretap-report-2013.aspx.
there’s no evidence that encryption:
Andy Greenberg (2 Jul 2014), “Rising use of encryption foiled cops a record 9 times
in 2013,”
Wired
, http://www.wired.com/2014/07/rising-use-of-encryption-foiled-the-cops-a-record-9-times-in-2013.
They have the right and ability:
Steven Bellovin et al. (6–7 Jun 2013), “Lawful hacking: Using existing vulnerabilities
for wiretapping on the Internet,” Privacy Legal Scholars Conference, Berkeley, California,
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107.
the NSA eavesdropped on:
Jacob Appelbaum et al. (23 Oct 2013), “Berlin complains: Did US tap Chancellor Merkel’s
mobile phone?”
Der Spiegel
, http://www.spiegel.de/international/world/merkel-calls-obama-over-suspicions-us-tapped-her-mobile-phone-a-929642.html.
Ian Traynor, Philip Oltermann, and Paul Lewis (23 Oct 2013), “Angela Merkel’s call
to Obama: Are you bugging my mobile phone?”
Guardian
, http://www.theguardian.com/world/2013/oct/23/us-monitored-angela-merkel-german.
the NSA spied on embassies:
Ewan MacAskill and Julian Borger (30 Jun 2013), “New NSA leaks show how US is bugging
its European allies,”
Guardian
, http://www.theguardian.com/world/2013/jun/30/nsa-leaks-us-bugging-european-allies.
Glenn Greenwald (2014),
No Place to Hide: Edward Snowden, the NSA and the US Surveillance State
, Macmillan, http://glenngreenwald.net.
the NSA spied on the UN:
Laura Poitras, Marcel Rosenbach, and Holger Stark (26 Aug 2013), “Codename ‘Apalachee’:
How America spies on Europe and the UN,”
Der Spiegel
, http://www.spiegel.de/international/world/secret-nsa-documents-show-how-the-us-spies-on-europe-and-the-un-a-918625.html.
It’s actually stabilizing:
Uncertainties between exploit and attack can lead to unwanted escalations. Herbert
Lin (Fall 2012), “Escalation dynamics and conflict termination in cyberspace,”
Strategic Studies Quarterly
6, http://www.au.af.mil/au/ssq/2012/fall/lin.pdf.
The increasing militarization:
Peter B. Kraska (Jan 2007), “Militarization and policing: Its relevance to 21st century
police,”
Policing
1, http://cjmasters.eku.edu/sites/cjmasters.eku.edu/files/21stmilitarization.pdf.
John Paul and Michael L. Birzer (Mar 2008), “The militarization of the American police
force: A critical assessment,”
Critical Issues in Justice and Politics
1, http://www.suu.edu/hss/polscj/journal/V1N1.pdf#page=25. Abigail R. Hall and Christopher
J. Coyne (Spring 2013), “The militarization of U.S. domestic policing,”
Independent Review
17, http://www.independent.org/pdf/tir/tir_17_04_01_hall.pdf. Matthew Witt (Mar 2013),
“Morewell than Orwell: Paramilitarization in the United States post-9/11,”
Journal of 9/11 Studies
36, http://www.journalof911studies.com/resources/2013WittVol36Mar.pdf.
that’s a topic for another book:
This is a good one to start with. Radley Balko (2013),
Rise of the Warrior Cop: The Militarization of America’s Police Forces
, Public Affairs Press, http://books.google.com/books?id=M3KSMQEACAAJ.
he would extend some:
Barack Obama (17 Jan 2014), “Transcript of President Obama’s Jan. 17 speech on NSA
reforms,”
Washington Post
, http://www.washingtonpost.com/politics/full-text-of-president-obamas-jan-17-speech-on-nsa-reforms/2014/01/17/fa33590a-7f8c-11e3-9556-4a4bf7bcbd84_story.html.
when you’re being attacked in cyberspace:
Scott Charney (30 Apr 2010), “Rethinking the cyber threat: A framework and path forward,”
Microsoft Corporation, http://www.microsoft.com/en-us/download/details.aspx?id=747.
the Internet doesn’t have borders:
On the blurring between crimes and acts of war. Benjamin J. Priester (24 Aug 2007),
“Who is a ‘terrorist’? Drawing the line between criminal defendants and military enemies,”
Florida State University College of Law,
Public Law Research Paper No. 264, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1009845.
A “cybersiege” mentality is becoming:
Far too many people use this emotionally charged term. Richard Behar (13 Oct 2008),
“World Bank under cybersiege in ‘unprecedented crisis,’”
FOX News
, http://www.foxnews.com/story/2008/10/13/world-bank-under-cyber-siege-in-unprecedented-crisis.
Scott Harkey (3 Jul 2012), “Our view: Arizona must rise to challenge of cybersiege,”
East Valley Tribune
, http://www.eastvalleytribune.com/opinion/article_fcfd880c-a421-11e0-a8e5-001cc4c002e0.html.
Kaspersky Lab (2014), “Under cybersiege: What should America do?”
Kaspersky Government Cybersecurity Forum
, http://kasperskygovforum.com.
These tend to be totalitarian:
Here’s a proposal to institute a sort of “cyber draft” to conscript networks in the
event of a cyberwar. Susan W. Brenner and Leo L. Clarke (Oct 2010), “Civilians in
cyberwarfare: Conscripts,”
Vanderbilt Journal of Trans-national Law
43, http://www.vanderbilt.edu/jotl/manage/wp-content/uploads/Brenner-_Final_1.pdf.
The 1878 Posse Comitatus Act:
RAND Corporation (20 Mar 2001), “Overview of the Posse Comitatus Act,” in
Preparing the U.S. Army for Homeland Security
, http://www.rand.org/content/dam/rand/pubs/monograph_reports/MR1251/MR1251.AppD.pdf.
Charles Doyle and Jennifer K. Elsea (16 Aug 2012), “The Posse Comitatus Act and related
matters: The use of the military to execute civilian law,” Congressional Research
Service, http://www.fas.org/sgp/crs/natsec/R42659.pdf.
In the US, that’s Cyber Command:
Rhett A. Hernandez (Oct 2012), “U.S. Army Cyber Command: Cyberspace for America’s
force of decisive action,”
Army
, http://connection.ebscohost.com/c/articles/82115370/u-s-army-cyber-command-cyberspace-americas-force-decisive-action.
NSA’s defensive capabilities:
In recent decades, the NSA has been doing more to provide data and communications
security to US private companies. The companies need government help, but it needs
to be much more public. Susan Landau (29 Sep 2014), “Under the radar: NSAs efforts
to secure private-sector telecommunications infrastructure,”
Journal of National Security Law and Policy
, http://jnslp.com/2014/09/29/under-the-radar-nsas-efforts-to-secure-private-sector-telecommunications-infrastructure.
The Computer Security Act of 1987:
Robert A. Roe et al. (11 Jun 1987), “Computer Security Act of 1987: Report,” Committee
on Science, Space, and Technology, US House of Representatives, https://beta.congress.gov/congressional-report/107th-congress/senate-report/239/1.
Electronic Privacy Information Center (2014), “Computer Security Act of 1987,” http://epic.org/crypto/csa.
They want an Internet that recognizes:
Milton Mueller (21 Jun 2012), “Threat analysis of the WCIT part 4: The ITU and cybersecurity,”
Internet Governance Project, http://www.internetgovernance.org/2012/06/21/threat-analysis-of-the-wcit-4-cybersecurity.
Countries like Brazil:
Brazil’s government even proposed a law mandating this, but then backed down. Esteban
Israel and Anthony Boadle (28 Oct 2013), “Brazil to insist on local Internet data
storage after U.S. spying,” Reuters, http://www.reuters.com/article/2013/10/28/net-us-brazil-internet-idUSBRE99R10Q20131028.
Anthony Boadle (18 Mar 2014), “Brazil to drop local data storage rule in Internet
bill,” Reuters, http://www.reuters.com/article/2014/03/19/us-brazil-internet-idUSBREA2I03O20140319.
and Germany:
Michael Birnbaum (1 Nov 2013), “Germany looks at keeping its Internet, e-mail traffic
inside its borders,”
Washington Post
, http://www.washingtonpost.com/world/europe/germany-looks-at-keeping-its-internet-e-mail-traffic-inside-its-borders/2013/10/31/981104fe-424f-11e3-a751-f032898f2dbc_story.html.
Russia passed a law in 2014:
Charles Maynes (11 Jul 2014), “Russia tightens Internet screws with ‘server law,’”
Deutsche Welle, http://www.dw.de/russia-tightens-internet-screws-with-server-law/a-17779072.
Adrien Henni (12 Jul 2014), “New personal data storage rules to affect both foreign
and domestic players—but still no “Chinese wall” surrounding Russia,”
East-West Digital News
, http://www.ewdn.com/2014/07/12/new-personal-data-storage-rules-to-affect-both-foreign-and-domestic-players-but-no-chinese-wall-surrounding-russia.