Nobody outside the HN community seems to care about the Summer of Surveillance. Everyone I talk to has the same "meh" attitude. I find the lack of concern from friends and family to be more troubling than a lack of concern from the main stream media.
Or another way to look at it is before no one knew or cared, but now some people do. Important people, with the technical capability to start fixing it.
I've talked to two people about this issue. Their answers were "Whatever, I don't care" and "honestly, I get it. If they're catching terrorists...". Both times they completely changed their mind by the end of our conversation. This proves that one big issue is people just not understanding what's going on... And no main stream media is going to tell them because a "where's Waldo/Snowden" chase is way more fun.
Would you consider it ok if the NSA asked someone who cleans your house to take pictures of everything in your house when you're not there, and send them to the NSA for storage? How about if the NSA promises not to open the package until some future date that you are under investigation for a crime and they can get a warrant from a secret court?
And then do you trust that they will never open that package before then?
And are you ok with the process being supervised by a secret court that you may not petition or file suit in unless you have evidence that you have been specifically targeted?
If this scenario would upset you then the current situation should also.
Of course if only those committing crimes need privacy then by all means open up your house for inspection.
Your example illustraTes the weakness of these articles. The internet is nothing like a house. Your example would make more sense if the NSA was secretly spying on your non internet connected computer, by secretly placing key loggers that transmitted over the air. The internet is a huge netWork, and you don't control the route of your message. I tHink it should more be considered like talking loudly in a public space. I also see that the problems of surveillance on the internet are related to the fact that it is a big network. The more players you have the less secure the whole thing becomes. But it's the huge number of nodes with reasonably low friction that define it. Let's just accept that if you want to keep something private don't put it on the internet, or on the discuss in private space only, this would solve the problem.
So you suppose that we don't (or shouldn't) put information on the internet that is the equivalent of someone photographing the inside of your house? That the internet, despite having password protected accounts is more akin to a 'public space' then a locked house? You assert that there should be zero expectation of privacy? Really, that is your position? I find that remarkable.
You also believe that we have reached a steady state, in which we wouldn't want to keep increasing amounts of or personal information on the internet? Or perhaps you mean we are putting more and more personal information on the internet but that in the future we should have less privacy then we enjoy now?
I do not agree. I consider password protected accounts by the very nature of keyed entry to cary an expectation of privacy. Weather they are effectively secure is not the issue, the fact that your back door lock is broken doesn't cause you to lose constitutional protection.
I still think my example is an apt,and predominately accurate (if simplified) "common man's guide" as to why they should care about the NSA's activities.
This would be an excellent service for the EFF or any of the other internet defense groups:
(Downloadable) one page sheets, with the most popular pro (NSA) opinions and very simple, fact based rebuttals. Just fighting fire with fire - isn't the NSA prepping news commentators with similar taking point memos?
Suppose we had a repeat of that in 2030, and the US wanted to purge everyone who believed in some "bad" ideology, summarized by a single word, like "communism", except which we can't hope to predict now.
Imagine further that this purge is being enforced by halfwits who don't actually understand the ideology in question, who get wrapped up in their own hysteria, and who are looking for any excuse to burn witches at the stake.
And finally, imagine that said halfwits have an indexed, fully searchable database of all the Facebook statuses you've ever posted, all the Google searches you've ever made, and all the e-mails you've ever sent.
That in the hands of an eager government there would be no Turing, no civil rights movement, nor speeches that go "I have a dream". The problem is that many in US heartland will consider these to be a good thing.
EDIT: could someone please upvote mkmkmmmmm. I think I managed to downvote his comment when trying to confirm it.
I think the point was questioning if he would have had the opportunity if they had known he was gay from the start. Or would he have spent his life getting "treatment"?
Did you ever run red lights? Did you ever smoke pot? Did you ever drink alcohol under age? Ever downloaded a copyrighted content off the net?
If yes, then why did you not walk to your nearest police station to confess right after you did so?
There are things that the state "frowns upon" yet we do anyway. We do so because we, as individuals, have decided we do not see no harm. Well, now it won't be up to us.
Nor does the murderer with his bloodstained knife, or the terrorist with his IED, see any point for walking himself down to the P.D. to confess.
If your idea for law enforcement is just to wait for the crooks to turn themselves in then it's not a great idea. If your idea for law enforcement involves the possibility of the state being able to investigate crimes then you have to be ready for the idea that such investigations could, theoretically, be used under due process against anyone, not just criminals.
This isn't to say that NSA surveillance is good, but I think the justification for why it's bad needs to be different, as all you've really said is that the state should disband the police, military, and all other parts of the national security apparatus that can be used without prior individual consent.
The question was to come up with something that people could relate to. Mostly, I am hearing "nothing to hide". That is why I listed things where at least one is something you may have done.
You do them because they are nothing like a bloodstained knife or an IED. That is the point. They are all "bad", but on a whole different level. So you do these activities because you can get away with it and also you do not see no harm even though they are officially not OK.
Now imagine a surveillance state where even these lesser evils are known to the powers that be. Either you believe that the state won't act on that information or you really do have something to hide. If it is the latter then you should be at least aware of the fact that your privacy is being eroded and Summer of Surveillance is a prime example of that.
We are not the only ones being watched, politicians are being watched as well. This means the NSA can probably blackmail a large portion of the politicians.
People are ambivalent, because they have bigger problems in their lives. Like keeping a job, paying the mortgage, wondering if their kids can ever afford college, lack of health care coverage...the list is endless.
The conversations/articles on HN mostly reflect the tech communities own echo chambers and biases more than anything else.
> more people seem to care about Zimmerman/trevor type media sensation
which is because they understand the implications of it. Most people, from my experience, have limited understanding of privacy and the consequences. The way I think of it is this: most people in this country don't realize they should be playing at least checkers while a very few people are actually playing chess.
The thing that gets is the crap that you pass under the banner of "Think of the children". Once the investment and infrastructure is done "in the name of the children", then it takes a very few (and highly paid) individuals to turn that technology and infrastructure into anything they want.
The system is designed correctly. It's just not designed for you or me. It's designed for the people at the top. Education will always suck in this country because it's supposed to suck. Mandatory schooling is a relatively new idea that was funded by wealthy industrialist who wanted obedient workers. They don't want people smart enough to realize how badly they're getting fucked over.
I agree to you. I am living in germany, and we got the social service carrying the basic needs (food, reside, health services, little money on the hands).
But what, life is getting expensiver and all the people calls for more money and more ....i ask you if the next step in this "Hollywood-movie-look-a-like" concept saying (quote):"when there is no one who want something, there is no one who misses something" -using medicines/psychotropes to keep perfect society ?
It's also worth mentioning that surveillance is not news for poor and minority communities. Incursions on privacy justified by the "war on drugs" have been going on for decades in neighborhoods on the other side of the digital divide.
Luckily we don't need everyone to be on board to defeat the surveillance state. Just need enough special interests (EFF, ACLU, tech community, a loud vocal minority) and money. The game has to be played like any other lobby.
> Luckily we don't need everyone to be on board to defeat the surveillance state.
That very much depends. For encryption to work, you literally need everyone on board. You depend on society doing it, too. So better start educating people about it.
A comment in recent Joseph Bonneau AMA thread on Reddit seems representative in this regard, also being unusually well-written[0]. Apparently it has yielded its author Reddit Gold.
"Nor would there be – finally – a serious debate between Europe...and the United States about where the proper balance between freedom and security lies"
Whoa horsey. The author is making the same mistake as he accuses the press of: missing the story.
If you want a good repeat-after-me line, repeat after me: "this has nothing to do with the NSA either" All intelligence agencies are either doing this or have plans to do it -- including lots of European ones which are breaking their own laws while doing so. That's yet another shoe that hasn't dropped. Who knows how long it'll take for our European friends to figure it out. Might be a while.
But the larger point is valid: the internet as a conduit between a person and the larger world is a cesspool of corporate and government eavesdroppers. We're not operating the net: the net is monitoring our thoughts and recording them for others to inspect at their leisure. This is not a good thing.
So the story isn't Snowden, and it's not the NSA either. It's what has become of the dream that was the internet, and the question of whether anybody is left that cares enough about privacy and anonymity to do something about it.
Your European friends have a long tradition of being skeptical of their governments too. The 'conversation' Naughton is referring to here will be between nation states about who exactly is most capably operating the implements of surveillance society.
It falls to the citizens to try and drag those implements off their governments. I'm not sure if they collectively have the will for that tussle though.
You do realize that "the dream that was the internet" was so governments could maybe still communicate after they blasted each other back to the stone age?
From a footnote (#5) on "Brief History of the Internet":
"It was from the RAND study that the false rumor started
claiming that the ARPANET was somehow related to building
a network resistant to nuclear war. This was never true of the
ARPANET, only the unrelated RAND study on secure voice considered
nuclear war. However, the later work on Internetting did emphasize
robustness and survivability, including the capability to
withstand losses of large portions of the underlying networks."
The whole idea of surveillance truly doesn't bother me because there is literally nothing I can do if the higher end government did ever decided they wanted me. Since the 50's they've had the ability to listen into conversations via a laser on a window: http://en.wikipedia.org/wiki/Laser_microphone and if anyone really ever believed that the internet would be much different they probably didn't think it all the way through.
Sure the internet had that possibility not to be monitored and for a time it probably was, but clearly no longer. Further, I think the idea of mass data collection is monstrous however there is nothing I, nor you can really do about that except perhaps hiding as much of our data as we can (via encryption). Even if our data is encrypted in the end if they want your data they can get your data.
The thing I find interesting about this article is the idea that eventually the internet could be closed off only to a few nation states. I disagree this would ever happen because Pandora's box has been opened and some communication will always be allowed via wireless connections, hidden cables, or some other method. Obviously, the average user might be affected, but just like the soviet union fell so would what ever country decided to block off their nation.
People don't care about surveillance for the most part, as someone already commented: "I've talked to two people about this issue. Their answers were "Whatever, I don't care" and "honestly, I get it. If they're catching terrorists..."" They do however care if you disconnect their internet, and if any country was to do that in the end it would fail. The point being, the article stated that nation states of internet would develop and my reasoning points to that not happening (at least based off what i've seen). In my honest opinion, the internet has always been a place to communicate, but about as secure with my data as a friend you never quite trust with your secrets. What scares me is not the internet surveillance or my government hunting down (in my opinion) an innocent man. What horrifies me the most is that no matter what we do the surveillance will only become more intense (as the price of computing/computers gets lower) and there is no going back. 50 years from now, what am I going to be faced with and will I be able to continue to just ignore these B.S. laws we have, or if I unlock my cell phone will I really go to jail for 10 years?
That's what thoughts keep me up at night, not the idea of my data being collected at mass online (although I would stop it if there was any way I could), but the idea that even offline walking down the street or in my own home I may be required to follow the laws which are outright ridiculous.
I don't personally object to individual surveillance; there's nothing fundamentally wrong with getting a warrant and watching an individual with the reasonable suspicion of them committing a crime. Sometimes that process is abused, and that does concern me, but as you suggested there's little to do about that other than push for oversight.
I do, however, object to mass surveillance of all traffic, with the goal of either retroactively looking at the records or putting together patterns.
And I'd like to see both legal and technical solutions to that problem. Legal, in that I'd like to see enough pushback to demonstrate widespread belief in the fundamental wrongness of mass surveillance, and technical, in the form of systems to enforce the inability to tap communications at any point other than the two endpoints. I'd like to see our networks and communication protocols designed to make it impossible to spy on traffic between two parties without either the consent and cooperation of one party or an ongoing security breach of the physical systems of one party. That would result in a world in which you can't cast a broad net, but instead can only do targeted surveillance of specific individuals.
Nothing is going to change. It's only going to get worse. The best thing you can do in the meantime is assert your second amendment rights and buy a firearm. If it's your first, I recommend a rifle. Learn to shoot it and make sure it's kept away from at-risk people. Please realize that there's a reason why Dianne Feinstein, chairman U.S. Senate Select Committee on Intelligence, who's known about these programs for years, doesn't want you to have any guns.
People don't care about being spied on because they still have their bread and circuses. Take those away and I bet you'd see people in the streets in no time. Government is subsidizing corporations who pay their employees nothing via things like food stamps. Take away the food stamps and a lot of people won't be able to buy food. Do you think that they're going to go hungry? Hell no. They will start rioting in the streets. Looting from stores. This is what we need. Sure it will suck in the short term, but if you want actual change then people are going to have to suffer to some degree.
snowden is not the story. it has remained obvious to me that the NSA or whatever organization (rusian, chinese, or whatever) does not need some sort of dinosaur spygame facility to access this data.
all they need is just one underpaid programmer without a soul working at facebook to compromise the whole database.
wouldn't it be much easier in a case such as this one, for verizon to just have some retard patsy create that backdoor? I would imagine this to be a get out of jail free card for those guys really pulling the strings. all you gatta do is drop all the blame on some naive techie and let him go down in flames.
IMO, the next up in this chess game, is a traitor techie willing to compromise a whole nation to pay his bills.
"So when your chief information officer proposes to use the Amazon or Google cloud as a data-store for your company's confidential documents, tell him where to file the proposal. In the shredder."
This advertisement paid for by your friendly, co-located, on-premise, enterprise hardware vendors.
Bingo. If I were selling on premise software, this would be in my deck. Selling fear is one of the oldest sales tricks in the book.
I do believe however that enterprises act more rationally than consumers. So while consumers seem to be falling in to the "meh, I don't have anything to hide" camp, enterprises tend to be a bit more conservative. The thought of the NSA's private contractors going through customer data and hr records could actually be enough to slow down some of these enterprise SaaS companies.
If anything, I think this should be a wakeup call for those of us who have the capability to change things. I'm not talking about lobbying or raising attention to the issue, but the technical challenges of designing a network that is immune to all forms of surveillance. Let's treat this as an issue of computer science, not politics.
Now I'm not claiming that this will be easy (and it may not even be possible), but this whole episode has made me seriously reconsider my long-term career direction in terms of the type of research I want to be doing. Pioneers like Vint Cerf and Bob Kahn created the "Internet 1" so to speak, and everything since then has been building on that. There's been plenty of projects that have worked towards getting around these surveillance measures (Tor for example), and I think we need more things like this.
We need to fundamentally rethink the design of the Internet, because the current design is broken. Just like TCP/IP provides the infrastructure to abstract over different networking technologies and physical links (and the failure/slowness of individual links), we need something that abstracts over the basic, unencrypted (or encrypted but subject to centralised sabotage, like SSL) communication layer. Something that third parties can't intercept, at least not with anything like the ease with which they do today. It never ceases to amaze me, for example, that email is still unencrypted by default, and we don't have public-key cryptography built in to every mail client and turned on by default.
Most importantly, we need more distribution, and to stop relying on centralised service providers, who are necessarily subject to the laws of the country in which they operate (see: recent articles discussing impacts of the issue on US cloud firms operating in foreign markets). Facebook should be a protocol, not a service. Twitter should be a protocol, not a service. And so forth. This of course completely upends the business model these technologies are based on, and would need to be approached by people with a completely different perspective.
I certainly don't have the answers to these questions. But it's made me curious and it's something I'll be giving a great deal of thought to in the coming years.
As Albert Einstein once said: "We can not solve our problems with the same level of thinking that created them".
While we're talking about rewriting the Internet, please fix ddos attacks. The current internet is especially prone to ddos attacks to the point where it costs 100x more money to defend than to start an attack of the same size.
Change your egress traffic queue discipline. fq_codel was mainlined in the last two years to solve buffer bloat and has the side effect of helping to alleviate ddos. It flags bad traffic flows (ie, ddos attacks) as bad queues and prioritizes other traffic around it.
Note, this doesn't help at the endpoint under attack. It requires a qos shift on the infrastructure leading to that thin last mile pipe, so the last mile packets they get are the the good flows.
Also, a warning: CoDel itself is pretty experimental still. It is only just being deployed as the default in proprietary routing hardware this year. Other queueing disciplines are an option, but the default (fifo) is a sack of garbage that causes a lot of these issues in its simplicity and inability to bias bad traffic from the good.
This is completely outside my areas of expertise, and there may already be a name for it, or it may be the dumb thing every rookie thinks of, but what about this: ignoring issues of bandwidth and power consumption (!), if every communications device broadcast a constant stream of data and every other communications device received every bit of data and ignored the (nearly 100%) of it that it didn't care about at the moment, you would eliminate the ability to know who was communicating with whom and when, right? The metadata is gone.
If that's true, then now you just need to solve two problems: (1) how to keep the stuff (which you know is being broadcast to absolutely everyone) secret, and (2) how to coordinate the communication. Isn't that just cryptography and synchronizing watches while exchanging secrets in meatspace, stuff that's been known since before computers were part of it?
(The point of ignoring power and bandwidth is to determine if this is ever possible in any universe, not just if it's possible for us right now.)
Thus is a sledgehammer proposition, because while the minute power utilization to move packets across fiber or coax is insignificant, running the entire Internet at peak throughout all the time would be a huge electrical burden.
You know how your phone runs out juice really fast on 4g? Do that, all the time, on everything. Data centers would melt.
I do completely realize this, but if that's truly the only barrier then we're left in the interesting position in which we can increase society's freedom of communication by increasing energy efficiency.
Or maybe then someone could prove that real freedom is impossible due to the physics of the situation, or that freedom is possible today for exactly X people because we must limit ourselves to X devices in the world for the system to work, or that we need to harness the power of 1000 suns to achieve true freedom -- whatever, to me it still seems an interesting thought experiment to establish the boundaries of the problem. I can see why more practical minds may hate this approach.
EDIT: Ah, or maybe there is a bitrate at which free communication is possible today -- if everyone sends only 96 bits per day or 8 bits per day at equal intervals, would this keep the internet from melting down. Over time, that bitrate would increase.
>...if every communications device broadcast a constant stream of data and every other communications device received every bit of data and ignored the (nearly 100%) of it that it didn't care about at the moment, you would eliminate the ability to know who was communicating with whom and when, right? The metadata is gone.
Amateur Radio may address this directly or protocols to model, build upon.
License requirements are also becoming more relaxed, accessible:
Packet radio is a form of packet switching technology used to transmit digital data via radio or wireless communications links. It uses the same concepts of data transmission via Datagram that are fundamental to communications via the Internet, as opposed to the older techniques used by dedicated or switched circuits.
SailMail is radio based e-mail system designed for yacht owners operating beyond line-of-sight radio links to the internet. Much of its underlying technology is built upon the Winlink software originally developed by amateur radio enthusiasts .[1] Operation on SailMail network frequencies requires a license for the Marine Radiotelephone Service.
SSB techniques can also be adapted to frequency-shift and frequency-invert baseband waveforms. These effects were used, in conjunction with other filtering techniques, during World War II as a simple method for speech encryption. Radiotelephone conversations between the US and Britain were intercepted and "decrypted" by the Germans; they included some early conversations between Franklin D. Roosevelt and Churchill. In fact, the signals could be understood directly by trained operators. Largely to allow secure communications between Roosevelt and Churchill, the SIGSALY system of digital encryption was devised.
Today, such simple inversion-based speech encryption techniques are easily decrypted using simple techniques and are no longer regarded as secure.
Amateur radio can't be used since the FCC prohibits the use of encryption or otherwise obfuscating the content of messages.
Also, commercial use of amateur radio is prohibited which means using e.g. an open WiFi access point with your call sign as the SSID could be trouble if someone were to go to amazon.com... it's a gray area though.
Even if data was continuously sent, you could still analyze the data by protocol. You can find out who sends e-mails to who, who our contacts are in Twitter, Facebook, Skype, how often we exchange data with them...
One could build an anonymization tool that adds randomness addressing those one by one.
For instance, to avoid our e-mail exchanges being analyzed, this tool could exchange random e-mails in the background with people we don't know. Just to mess up with who our contacts are.
To make a list of "users of Tor" being no longer useful, the tool would send and receive data to the Tor network one random day per week.
It would anonymize searches (this already exists) by making random searches. It should visit random websites
But would you add random contacts to your Facebook account? To Skype? ...
Dealing with all aspects is hard, it would waste electricity and resources, and I think it would just make analysis harder, not impossible.
> Let's treat this as an issue of computer science, not politics.
To be clear: for those that are able, advocating for a permanent policy change is the better solution. Government access to all user data could become a requirement to run a legitimate business. Even if we were able to convert everything to an anonymous P2P traffic-flooded web, we would still live in fear (will the 5th protect you?).
You need both legal protection and technical solutions. So that the legal contact can allow for the technical solutions for full secure traffic to operate.
I disagree somewhat. I see politics as merely trailing behind actual physical surveillance ability. The politics are introduced as post-facto justification to lubricate the process, but aren't needed.
We can slow the expanding encroachment by introducing say the Amash bill, but the real solution must come first from defensive technology, secondarily protected by policy.
> advocating for a permanent policy change is the better solution.
Policy changes come about because of technical reality. Better technology is always superior to government policy.
By all means, pursue both the technical and political solutions. But creating and distributing tools has proven to be the better method of change than depending on governments.
We're only subject to the policies that they can enforce. If a technical solution is found that routes around government's ability to employ surveillance and interference, there's not a lot they can do about it until they catch up.
If security is outlawed, only outlaws will be secure.
I remember reading somewhere that in Columbia a kilogram of cocaine costs a dollar. If you can manage to get that dollar across the U.S border you basically just printed money. Meanwhile if you want to buy that cocaine in the U.S you'll pay a lot of money for it.
Moral of the story: Illegalization doesn't make things impossible, it pushes their cost up high enough to make them economically infeasible.
So what is wrong with shared ssl / gpg keys? You could establish your own web of trust with local peers and grow a web that one could traverse to find someone who "friends" a foreign public key you want. Since you can get all the keys from all your trusted peers up through that person, you can establish a secure link.
The only problem is getting that first key into the network, like is the issue with all man in the middle and cert attacks. But I think it is more reasonable to get a physical copy of a key (or get it over a lan where nobody can intercept or manipulate) over a local net.
For example, I imagine Linux distros could include the public keys to sign network communications the same way they sign packages. Microsoft could have centralized easily exploited public keys by governments for their OS, but that is what you sign up for. You link into a massive web of trust sharing public keys but never private ones, and nobody except the endpoints can decrypt it, and you have no public trusted certs to exploit (everyone is a certificate authority).
You would have to use a web of confidence approach like bitcoin, where you confirm against multiple peers the validity of a provided public key until you have a satisfactory confidence threshold if you want to be really thorough.
Nothing wrong with them. You're addressing the issue of authentication, but there are more systemic problems to the internet than just authentication.
Such as, preventing network timing attacks to figure out which internet subscriber is communicating with another subscriber, by routing more directly between two peers, thus bypassing surveillance points as much as possible.
It should also be possible to defend against nationstate enforced network splits by introducing adhoc connections, as easily as deploying a pair of devices across borders.
There might ideally be a method of compensating routers in real time with some distributed currency, to incentivize the growth of this network.
It's really difficult to bypass surveillance efforts by global telecoms, when most people get their internet channeled through central systems.
The internet, which largely runs on IP and extended by NAT, appears to have been constructed poorly in terms of privacy. There are protocols like ICE/STUN/TURN (which is what WebRTC is built on) that supposedly try to bridge the gap to enable true P2P connectivity, but I believe even ICE appears limited in that it doesn't actually solve the hairpin problem, where two peers are behind multiple levels of NAT routers. I'm still investigating this issue, so correct me if I'm wrong.
What we need are better routing systems. Take a look at CJDNS which has a novel routing protocol. I don't know what the scaling limitations there are, there doesn't appear to be documentation on empirical or theoretical performance guarantees; but it's a start, and there's a growing community behind it.
With ever-cheaper devices, it should become possible to create a new family of router hardware that connects devices in a mesh fashion, scalable to the world at large. It's not going to be easy to design, and it sure as hell won't be easy to get physical adoption for (considering that the current internet is "good enough" for most), but it's possible.
P.S. I've created a subreddit at /r/fourthtech if anybody wants to get into deep technical discussions about various topics on better internet/communication protocols.
Is this mesh stuff really the answer? Sure, it can stop collection at a central point, but doesn't it still leave open the possibility for any data to be collected from spying nodes throughout the network?
But the problem doesn't end on encypting endpoints because the NSA can infer information from the flow routes. You need something bigger, like honeypots and many other tools of confusion.
Isn't the NAT issue the IP6 issue? In other words, once we solve the fact that IP4 is running out of addresses, then we will not have to deal with NAT penetration anymore.
As far as I've understood, it's impossible to scale a flat mesh network, because of the amount of routing information required is quadratic in the number of nodes.
To solve this, you need a hierarchical network (like the Internet has), however now it's no longer flat, and certain nodes will have more power/influence than others. On a global scale this will undoubtedly lead to similar political problems with control and privacy.
Someone correct me if I'm wrong on the details here, but this is a network theoretical problem that needs to be solved before you start designing all the other bits and only realize much later that the network will be congested beyond usability for meshes larger than some trivial size.
> If anything, I think this should be a wakeup call for those of us who have the capability to change things. I'm not talking about lobbying or raising attention to the issue, but the technical challenges of designing a network that is immune to all forms of surveillance.
I don't agree with this as the first step. The first step is decentralising the control of people's identities.
This doesn't necessarily mean brand new protocols or ways of doing things. All that would be necessary as a first step would be a movement to set up a number of independent non-profits to provide basic Internet services; email, media sharing, chat, and Facebook-style "wall" systems being possibly the minimal viable subset.
Each non-profit could cover a defined geographical area; a small city or county, etc. This would allow them to target marketing and fund-raising locally, and prevent the problem of there being too much choice for consumers within this new ecosystem (possibly eventually ending up with a subset of organisations having the majority of the users).
The non-profits could link in with each other easily through an OpenID Connect based network, so that you can follow someone's feeds just by entering your email address, even if they're on another organisation's system. Users who don't have an account on this network could still follow users on the network, using email as a fallback delivery method.
The best bit? The technology to do this is mostly based on off-the-shelf systems and standards. Very little that's entirely new has to be written, nobody has to change the way they use the Internet, and all of a sudden, it'd be much harder for a Government agency to coerce every single organisation into giving up keys, passwords, or automated user data access.
Once Governments have eventually figured it out, hopefully the movement will be in full swing and the people participating in it will be able to effectively develop and market a properly decentralised, cryptographic system that doesn't depend on a network of authoritative nodes, if that becomes necessary and generally useful.
> I'm not talking about lobbying or raising attention to the issue, but the technical challenges of designing a network that is immune to all forms of surveillance. Let's treat this as an issue of computer science, not politics.
Absolutely not! That's precisely why technologists and scientists have always been easily manipulated. Any technology, any technology, can always be turned on its head and abused. If technologists really have the power they've come to believe they possess, it must be used politically. Politics cannot be avoided. Trying to eschew politics is merely following a policy of not caring, and yielding power to those who openly espouse politics.
> Facebook should be a protocol, not a service. Twitter should be a protocol, not a service. And so forth. This of course completely upends the business model these technologies are based on, and would need to be approached by people with a completely different perspective.
Yes! But this could only be done by raising political awareness.
The biggest problem with the internet is not government control. You can see how government control, when exposed (and it will always be exposed as it always has been), creates an uproar. When people are aware and upset, things will be kept in check.
The biggest problem is that articles such as this claim that "US cloud services cannot be trusted" only when government surveillance is in play. But services couldn't have been trusted beforehand. People give up information — and information is power — to private corporations. Those corporations are under far less scrutiny and oversight than the government, but that's not the worst of it. The worst of it is that people surrender information voluntarily; possibly because they don't care, and possibly because the corporations have been able, through far more effective propaganda than any government could ever hope to produce, convinced the people that the corporations have their best interest in mind.
The worst form of exploitation happen when people voluntarily surrender power. People actively support the abuse, then they don't mind, and then it may be too late.
The solution must be politics and laws. Just like antitrust laws try to prevent corporations from amassing too much power, so too new information laws must prevent them from doing the same.
Politics plays a role, but it's secondary to creating a secure network. Today's network and its core protocols are trivial to abuse, and the trouble lies in the fact that the people that were its original creators couldn't see the future. Jon Postel created SMTP at a time when governments were more trusted to act in the interests of the people (whether this was true in practice or not), and also only ~200 hosts were connected to the internet with a total of ~20,000 people actually using the internet.[0] Nobody thought that SMTP would be used by a large chunk of the world's population, that spam would be an issue, that traffic could be sniffed and intercepted, or that governments would start programs of virtually indiscriminate en masse surveillance of the world's electronic communications. The idea of a Room 614A would have been regarded as ridiculous and excessively paranoid.
Cloud services are an entirely different issue, and the issue isn't necessarily resolved politically, but by mass decentralization. Things like OwnCloud are a great starting point and people today generally have the bandwidth to run their own micro-servers at home, or, possible, if battery life improves, on their phones. Some things are impossible to decentralize, for example search, at least until technology and storage advances sufficiently that we can all host our own Google search product on our phones, and Google search becomes an app that can be paid for and downloaded, with live changes to the index being streamed to the device. It sounds absurd in today's world, but tomorrow could be different.
There's a big difference between government and corporations. Corporations are, at bottom, simply groups of ordinary people with whom you deal with on a voluntary basis. A corporation cannot rob (tax, fine), kidnap (arrest), imprison, or drone you. A corporation has to be very bad indeed before it sinks to the level of even an ordinary government.
I'm not quite sure how to respond to that. You might agree that some arrests and taxes are necessary. I'm not really sure what you're saying (like, how capitalists are any more "ordinary" than elected officials).
One thing is sure, though. If you think corporations can't, or won't do all those things if they could (putting aside the fact that governments are elected while corporations aren't), then you're not familiar with US history:
> Let's treat this as an issue of computer science, not politics.
No, let's fight the abuse with whatever we can get our hands on.
There is strictly no reason for this to be an either/or question. Everyone should become active with what's their expertise, education, equipment, resources.
In my opinion (for lack of producing a thorough argument), one has to control the physical layer.
Along with your advice, I would keep this in mind. Whether it's mesh, or neutrinos, or a "black box" technical and legal jurisdiction that sufficiently isolates inbound and outbound messages (which can in turn be encrypted for travel over more compromised segments). Sneakernet (perhaps in conjunction with a resurgence in NNTP or the like). Or something else.
You have to continue to ensure that there is a route -- a physical route -- around the "damage".
And I'm not speaking foremost nor particularly to piracy, something that gets too often pushed to the for as a... "false flag" issue. I'm speaking to freedom of communication, as a human right and a basis (although not the only) for a complete and healthy society.
From talking to some non-tech people about this, I have a dim view of the possibility that Snowden's revelations will change anything on a political level. People seem to either not care about the power the NSA has over them, or think Snowden is a traitor that deserves death and that's enough to invalidate anything he might have revealed. Society forgets history--generations of born-here Americans have never lived in a totalitarian state, and thus don't have the frame of reference to understand why the NSA's power could lead to grave harm.
But I still do have hope, and the community at HN exemplifies it. Even if politics and society won't change enough to prevent further spying (or, on the scale of decades, a worse NSA-fueled catastrophe), at least all the smart techies of the world are growing aware, getting outraged, and getting organized over what's been revealed. In many ways, our real control over technological progress is the best we can ask for.
If you know how to program, if you're thinking about learning, if your business depends on the internet, or if you're otherwise in a position to create technology of any flavor: the responsibility is on you--on us--to shape the internet and future technology in a way that will protect humanity's privacy and civil rights for generations to come.
> generations of born-here Americans have never lived in a totalitarian state, and thus don't have the frame of reference to understand why the NSA's power could lead to grave harm.
Are you sure it's not just that the only people currently talking about this issue are white, college-aged, middle-to-upper class American men?
And for you to whip that out, I really hope you aren't one of the born-here Americans you talk about, because you would be just as bad as the people who supposedly don't care: you would be appropriating the experiences of the underprivileged to back your own, unrelated endeavor.
The extreme demographic subset you described doesn't even include the audience at HN. Surely you realize that the issue of internet privacy is talked about by more people.
And why mustn't acabal be a "born-here American" to suggest that Americans have never lived under a totalitarian state? That's an off topic remark designed to call acabal's expertise into question as a means of discrediting them without directly addressing the points they bring up.
I think acabal brings up a valid point. It's hard to whip people into action when they're not yet having direct negative consequences, even if we can clearly see the writing on the wall. People are resistant to change.
It's not an off topic remark, because acabal brought it up himself. He's the one who talked about born-here Americans not knowing the beginnings of totalitarian states, and if you can't see the problem with a born-here American talking about totalitarian states without actually having experienced it, and using it to back his argument, there really is no point in furthering this conversation.
While I agree with the general reasoning of the author, I hesitate to agree with its conclusion. Like most of us here on hacker news, I've been following the Snowden/Prism/NSA stories rather religiously and, for the most part, have been very happy with the rather overwhelming coverage here on HN.
But there have been those getting tired of the news; understandably so, the repetitive hum of media coverage these days is enough to infuriate anyone who has the capacity to remember stuff. The author of this article seems to be pretty infuriated at the the public's fascination with Snowden and wants, rather ambitiously in my opinion, the public to shift their attention to the core of the issue.
I'm not sure if the public is capable of maintaining interest in such a passive evil (I guess I probably don't think too highly of the public). I do think, however, that the public is capable of fixating on the Snowden story because it is a rather interesting story. And the longer the public stays fixated on Snowden, the weird guy living in a Russian airport, the longer the NSA's wrongdoings also stay in the public consciousness.
I say, keep the melodrama coming, if only to keep alive the story of injustice to the public. The success of Snowden's whistleblowing (i.e. in terms of tangible impact) may actually rest on it.
(from the article)
US government should have turned surveillance into a huge, privatised business, offering data-mining contracts to private contractors such as Booz Allen Hamilton and, in the process, high-level security clearance to thousands of people who shouldn't have it
That part there really illustrates the corporate fascism which has permeated the US government.
Who's to say that some analyst working for a private corporation isn't selling our stolen information to some nefarious third-party for whatever reasons?
The idea that any "oversight" would preclude the above scenario is about as believable as the insistence by "high level" government appointees claiming that the NSA doesn't "wittingly" collect data from American's communications.
What concerns me the most about all of this is that it puts us on a slippery slope. If always on surveillance becomes the norm for people to just take as a fact of life, then it just gets worse from there. I have a couple friends who run a startup and have told me they have given up the fact that privacy is an illusion/out moded when discussing this with them. So if being recorded all the time is the new norm and letting those outside of your own self connect data points about you is okay... where does that lead? That's what I'm really worried about.
It spells out my worst fear of later generations of digital natives will actually live in a world best described as Orwellian or even post Orwellian... even more ridiculously pervasive. They wouldn't know any better.
Ultimately data can never tell the whole story, but yet we'll act on it as if it does.
I think one of the other real concerns is that it's not even as if the government had to be careful when embarking on this journey of increased surveillance.
The public has made it very clear how little they care about their privacy on the Internet when they started adopting things like GMail, Facebook, iCloud, etc. and not just as a convenience, but to actually run and manage their personal lives.
People, businesses, everyone didn't just not resist the New World of digital surveillance, they explicitly begged and pleaded for these new capabilities to be pushed to the fore as a matter of convenience to them.
"If, as a political dissident, you had to choose between organizing your protest on Facebook or Vkontakte, Facebook’s Russian equivalent, you’d be far better off doing it on Facebook."
This story is pathetic, it will sell news but it's pretty much nonsense. Clearly, the new era of computing upon us - networked computing - and with it will bring with lots of opportunities as well as many problems to solve.
Privacy is one such problem, but it's one we can work together to solve. Humans are capable of this, and capable of more than just writing stuff to cause division like the article.
why everyone is crying about spying issue. The original purpose of internet is military. US government gave access all of access to the internet, because we all wanted to use it. That doesn't mean US govt cannot use it the way it wants to use it.
reply