Information security, privacy, Einstein, Echelon and crazy people

Want to put a deep crimp in cyber warfare capability of foreign nations? Do you have a nagging desire to give indigestion to NSA analysts? Do you lie awake at night worried that the latest emails from foreign governments might be used against you politically by spy agencies? Did your last porn downloads contain raunchy pictures so filthy you are sure the FBI will be knocking soon? Does the meager mention of total information dominance cause you to quake in your shoes? If you are privacy zealot and criminal mastermind have we got a deal for you! A holistic nation wide infrastructure that solves all of your ill found needs is just one click away.

Ask yourself why the Internet is so stinking insecure. It is really simple. The NSA/CIA/FBI and your local police establishment really want to be able to monitor you. Security would remove that capability. So every time somebody tells you how to get secure it gets screamed down in a torrent or stabbed in the back.  The United States government has been against total enterprise security and national standards for security for a long time. Including trying to toss the original open source expert for encryption in jail. You can deny government intransigence but if the government really wanted computer security would we be here 40 years later trying to solve the same problems?

If you look at the average home computer the most secure element on the computer is encrypted media content. That is because we put a value on the media and treat the Internet as an entertainment medium. If we stopped looking at the Internet as a toy we would then have to accept that “OH MY FREAKING GOD” privacy is out the window. Not that you had any privacy but still the Internet makes watching you so much easier. You’ve got something on your chin by the way. No more to the left. The reality is that we have a false expectation of privacy.

How to secure the Internet or provide better confidentiality? It is really simple just do the following.

1)   (Technology, Transmission) Encrypt all websites. Just require that all websites use HTTPS for all traffic and that they are on servers that encrypt the data. Open protocols that pass data are now banned outside of the enterprise and if you deal with HIPPA or IRS type data inside the network they are required too.

2)   (Technology, Storage) All hard drives must be encrypted. Sure all this encryption slows things down, but as of now all systems are encrypted. BIOS passwords are the only way to decrypt them.

3)   (Technology, Transmission) All traffic node to node is encrypted. From border to border and router to router all traffic gets encrypted. This will require a lot more horsepower on the routers but big deal. We throw BILLIONS … NO TRILLIONS at failed do nothing policies and research for the last 40 years. How about we fix it? While we are at it. Fine every dang wireless access point vendor who sells access points that are by default open instead of encrypted.

4)   (Technology, Policy) Data repositories holding personal information about consumers must time lock and delete. Data of different types must be encrypt-loss after a sunset. No bringing up the bachelor party porno a Supreme Court judge likes to watch 20 years later.  Government’s job is to work for the people MANDATE it and if companies fail to do it. FINE THEM. Jeepers who does government work for anyways? Never mind.

5)   (Technology, Policy) Stop treating the Internet as an entertainment medium get a clue and realize it is a utility. Treat it like a utility. Mandate safety controls. Deny providers the ability to restrict flow in and out of a house. Ban the idea of tiered pricing or bundling. We’ve been here before with water, electricity, sewer and garbage services. The right-of-way and easements of cable companies are an expensive and substantial bonus they don’t deserve. Wi-Max (802.16) will provide everything the cable companies do but without the infrastructure. Get a clue cable companies.

6)   (Technology, Processing) Why is the information on a computer ever unencrypted? If it is encrypted in storage then decrypted to process that opens a weakness to attack for everything that is in memory. Everything in RAM and hard disk should always be encrypted. Why not process information in the processor encrypted too? Sure this is a bit further out but protect the data at all stages.

None of these things are impossible. Nobody is doing them. The technology currently exists to do almost all of them. Hosting companies need to set up websites be default as HTTPS. All clients need to be pre-configured with certificate providers. If all of the above steps were done the world would be a much more private place. Telecommunication companies and backbone router companies could encrypt all traffic the same as virtual private networks are done. It will take action. Significant action. Vendors will need to beef up their equipment to handle the encryption handling. There is research to be done that will allow for basically an encrypted Internet. None of this is impossible. Almost all of it can be done by changing a few configuration settings.

It won’t get done though. First will come the discussion about legacy equipment. Upgrade to freedom! Then there will be the national security wonks wagging their fingers at telecommunication companies. Then the who will pay for it from the Internet Service Providers. The answer is they will pay for it or lose their licensing to operate. Get a clue. Ford didn’t want to install seat belts but they had to. The Internet is no less important as cars. Mandate security and privacy on the Internet. Do it without impacting the sanctity of privacy between individuals. I doubt government will want to do that.

Should any national agencies wish to discuss this in depth or provide 20 or 30 million dollars in funding so I can tell them the exact same thing only in a longer winded version. Feel free to throw money at me. I just would prefer we actually fix the problems but money is good too.

Links of interest:

Echelon (signals intelligence) http://en.wikipedia.org/wiki/Project_Echelon

Total Information Awareness http://en.wikipedia.org/wiki/Total_Information_Awareness

Carnivore http://en.wikipedia.org/wiki/Carnivore_(software)

Einstein http://www.msnbc.msn.com/id/31716609/ns/technology_and_science-washington_post/

2 comments for “Information security, privacy, Einstein, Echelon and crazy people

  1. July 3, 2009 at 4:46 pm

    Not sure I like the “utility” metaphor — that connotes “fee for usage” metrics, rather than the postal analogy of today (buy beaucoup bandwidth and use as much as you want, for one low price).

    So where does Einstein figure in? I thought you were going to dive into wormholes and tensor analysis…. Or is that what we’ll get when we cut you the Firm Fixed Price Plus Award Fee contract?

  2. sam
    July 3, 2009 at 4:57 pm

    Unfortunately almost all of the Internet Service Providers have a unit purchase system if you read their terms of service. Whether it is Comcast or Verizon they are usually capping around 200GB a month bandwidth (up and own combined). They hit you with a terms of service violation. I think the iPhone from AT&T has like 5GB limit on their “unlimited” plan. Metered use is already here but it is like the minutes plan on cell phones. You get x minutes and lose them (or some percentage) at the end of the month.

    Of course you get all the “spooky stuff at a distance” quantum speed of light stuff when you fork over the check. I’m sure my imaginative researchers can make up something, I mean deliver high quality analysis that will befuddle any government types.

Leave a Reply