|
||
|
26 December 2013 On Security Architecture, The Panopticon, And "The Law"
Date: Thu, 26 Dec 2013 02:25:10 +0100 Obviously, I applaud the herculean efforts the list members have (even just in the last few months) exerted in the service of reforming "the practice" in light of the labyrinthine mess we have all been recently presented with. That said, and at the risk of running afoul of the list's core charter on Christmas Day, I would like to explore some of the higher level questions of architecture and design as they relate to the legal schema that presently underpins the intelligence apparatus of the West. (Mostly because I am an awful coder and I like the way big words look in print). For better or worse (and mostly for worse at this point) the legal schema that drives almost 100% of the global threat model stems from the United States. No, no... we shall brook no whining my dear EU and UK subjects... this will not do at this stage. You get the worldwide governance you deserve in the end, and by permitting a hegemonic, global panopticon to emerge unchallenged over the last many years (is that an NSA facility on your soil? What? Is that ANOTHER ONE?), even in the midst of a supposed "democracy" you have effectively waived your standing to contest it now by legal means. (What, Chancellor? They have been listening to your cellphone? You know what, fuck you and your coalition for signing off on Teufelsberg's funding every year). So what now? Well, from whence, we may ask, does the global panopticon derive its surveillance power? We could likely fill several volumes in the course of recording the discourse on this topic. Being that our time together is short, shall we instead focus on a few key points? Yes? Good. Third Parties -- At least to my way of thinking one of the foremost issues that mucks the entire schema up is the concept of "knowing exposure" of data that might otherwise be shrouded in the "expectation of privacy." An exploration of Katz v. United States and the esteemed cases that later purport to suss out the bounds of the "expectation of privacy" in the jurisprudence of the United States is probably beyond the scope of this discussion, but it probably bears notice to observe that such data as you (oh, noble Citizen of the United States) convey to "third parties" has long been branded as data for which you have waved your "expectation of privacy." One does not, after all, brag about liaisons with illicit lovers to third parties if one expects such details to be kept "unter vier Augen." This would be less daunting if it were possible to do more without conveying critical data to third parties. But it isn't. The perverse rise of SaaS offerings and the dependence on large carriers to convey data that should require none such has created an environment where nearly everything is conveyed to a third party. Everything. Ah, the client-server model of computing, may it burn in hell. May I just ask: How could an industry once so attached to redundancy and distributed infrastructure become so taken with creating massive, single points of failure and a critical reliance on trusted third parties? Was there some massive Facebook founder's share give away? What happened to the old manta "Trusted third parties aren't"? How did the remnants of the cypherpunk movement (forgive me the sentimental nostalgia of youth) lay so utterly dormant as large, centralized providers came to dominate the storage and transmission of critical data? Where, at least, was the tool of end-to-end encryption in this co-opted intermediary world? How, after a few compromises of root certificate authorities (that we know of) did X.509 survive for more than six more months? And so now the panopticon has only to co-opt a couple dozen large enterprises, many of which are deeply dependent on the largess of central government in the burgeoning crony-capitalist West, to find itself in possession of the vast majority of private communications without issue, notice, or objection. We cannot, surely, blame the panopticon. With that juicy of a target concentrated in a corporate surface area so small what else did we expect? And someone does keep funding her, year in and year out, no? And so I submit: The reliance on third parties must end. It is not enough simply to mandate that your data reside on third parties you deem slightly more trustworthy than others (we're looking at you, European Union, and particularly at you, Germany). May we be so bold as to point out that trusted third parties that are vulnerable to being co-opted by national sovereigns cannot be trusted? May we, by extension, point out that it is rather difficult to describe a trusted third party that is not vulnerable to being co-opted by national sovereigns? Must we draw a diagram of the inevitable conclusion that follows from these two observations? Alright, if you insist: Stop trusting third parties, dammit. Legal Protections -- At the risk of getting all cryptoanarchist (ah, again the sentimental nostalgia of youth) how is it possible for an objective (even semi-objective) observer to be of the view that the rule of law (let's for the moment limit the analysis to domestic and foreign surveillance) has any meaning at all today? Perhaps there was a time where, in light of the understanding that the surveillance infrastructure of the United States intelligence community is both pervasive and skilled, protections afforded Citizens of the United States against collection efforts by foreign intelligence appendages meant something. But this time has long since passed. The barrier between intelligence and law enforcement collection has long since been torn down and, more upsetting, those agencies that once (and still) deign to call themselves "foreign intelligence agencies" have smashed the firewall and morphed into foreign and domestic intelligence agencies. Does it surprise anyone to know that evidence collected by such entities and provided to domestic law enforcement entities warrants no 4th amendment scrutiny whatsoever? (To butcher a complex legal concept suffice it to say that in general U.S. courts have long held that evidence delivered to the prosecution may be admitted regardless of the legality of the methods by which it was obtained, so long as the prosecution took no part in the illegal collection- torture cases, so far, seem to be the only major category that may be exceptions to the rule). Well, so much, indeed, for fourth amendment protections. And so the panopticon is served again. First by the porous nature of "trusted third parties." Second by the weakened set of legal "protections" afforded by the jurisprudential environment in the United States, a circumstance that would appear to permit unbridled collection for the purposes of criminal prosecution. Or whatever. At this point is it even worth discussing judicial review in these contexts? And So? -- Face it. Digital liberty has lost the Lawfare fight. It must win the technical fight. How? 1. Recognize that no design should ever permit unprotected data to touch third party infrastructure anywhere, anytime, anyway, ever. Period. Ok, I was young. I needed the money. But somehow I thought some of us were working towards end-to-end encryption for nearly everything all the way back in the 1990s? What happened? John Gilmore, aren't you on this list somewhere? Did the world just eat S/WAN? Here's the scary question: Does "third party infrastructure" include hardware with unaudited, close source firmware? If it does (and I think that it does) we have a rather serious problem. This is an awful threat model. But guess what. This is the threat model. 2. Recognize that we now inhabit an environment in which there are effectively no legal protections of any kind against the sort of pervasive, omnipresent surveillance that Erich Mielke would find very difficult not to masturbate to. There was perhaps a time when citizens of the United States could claim to enjoy greater protections than the unenlightened barbarians beyond the two seas. Hey, yanks, guess what: You're just as fucked as the rest of us now. So? Now what? A. Build robust, distributed channels. Make them end-user friendly. B. Do not build systems that offer third parties deniability. Build systems that MANDATE third party deniability. C. Build systems that are (relatively) trivial to audit. Hardware architects, where are you? D. L'Etat, c'est toi. Or, you know, maybe I'll just go drink a bottle of scotch instead. -uni _______________________________________________
The cryptography mailing
list
|