undefined | Better HN

0 pointsmpyne12y ago0 comments

> I hope that we as a technological community can fight this on a global scale, not nation per nation. Abusing the internet for espionage and warfare sucks.

I agree 100%, but the problem is we don't get a unilateral vote.

Geopolitically it makes perfect sense for authoritarian regimes to engage in cyberwar. All legality aside, they would be stupid not to.

There is not much anyone (UN, EU, etc.) can do about it. We're not going to declare war (in the kinetic sense) over the cyber equivalent of spying/covert ops. We're not going to engage in sanctions that strangle both our economies over the cyber equivalent of spying/covert ops.

And they know that, just as well as we do. There is every incentive for them to do it, and essentially no disincentive.

So the cyberwar is on. (And, it's been on).

And that's not even getting into the transnational actors who abuse seams and gaps of jurisdictional boundaries between law enforcement, national intelligence, "dual-use" civilian/military networks, etc. in order to organize their own activities.

The best thing we can do is extremely good defense (which due to scale must be mostly passive with few active measures employed). And we should pursue that, but market pressures will always, always go against that.

Even if the U.S. were to, say, regulate that computer systems should be designed to combat security vulnerabilities (and NIST has just released a guideline on that), other nations would not necessarily do that and so nations without that requirement could run rings around U.S. software shops by releasing buggier software first and with faster feature iteration cycles. And that's assuming you could "fix the market" with proper regulation in the first place, which is certainly unclear.

And where would open source software fall into that? Do we want to forbid individual devs from uploading their wares to GitHub until they've completely a 27-page checklist?

> Here, the NSA were really acting against their best interest by weakening existing defenses.

In fairness AFAICS the one crypto standard they weakened was only weakened against NSA, not in general (though that would certainly not make you feel better if you were trying to hide from NSA). But at the same time I never figured out specifics on whether NSA was convincing companies to ship known-broken code, actively adding other backdoors, or what. But if their involvement was limited to convincing companies like Cisco to default to Dual EC DRBG then that's not nearly as bad as convincing Cisco to ship a broken zlib.

> Having several barriers of entry is good practice in security, why not just make sure that there are secured channels with stronger security for sensitive data.

Even without market pressures, the fact is that cyber defense falls prey to the fact that the attacker generally need only be right once, which the defender must be right every time. I hate to be Debbie Downer here but you're speaking to an extremely hard problem, and it doesn't get any easier if you take all the other possible tools away.

Certainly there are industries taking more stringent precautions, but the problem is that the bum-standard civilian Internet is itself "critical infrastructure", and is the hardest thing to make secure (just witness the spread of NTP-based DDoS attacks). Having citadels of security in a floating maelstrom of unprotected Internet is not security at the national level.

> I believe that having an international net greatly helps in preventing wars by building relations between entities in different countries and spreading culture. Let's not forget about the negative effects that would come from shutting this system down by introducing country-nets.

Well a counterargument is that an international net has allowed smart propaganda arms from all sources to drum up more hatred for America (I'm not speaking merely of things America deserves and should receive blame for.... e.g. both sides in Egypt blamed America and thought America was supporting the other). To be clear, neither the U.S. media or government has managed to engage in "smart" propaganda since the Cold War and the Internet has made the USG in particular look flat-footed.

Look around the Internet and all I see is Europeans calling us fat, making fun of how we measure distance, write and speak our dates (and all this despite American coders at MS being careful to add locale and translation support to their software), and more or less begging for us to take any overseas extension we have back to America.

While I will say that I do prefer an international, open network just as you do, those demanding America to go home may yet get their wish......

0 comments

strictfp12y ago

I see where you're coming from, but I don't really agree with your conclusions. Yes, authoritarian regimes will keep trying to subvert freedom and abuse friendly initiatives. But the real question for me is whether we need to listen to them or not. Why not just ignore them? Maybe they can get the source for some business system in a successful financial company. But they will most likely never be able to replicate that company, so why bother? Maybe the freedom that an open internet gives is worth the downsides? I mean, it has worked thus far.

Weapon systems and other national security is another thing entirely. Here I'm all for heightened security with the whole shebang: physically separate networks, drives in safes, you name it.

Industrial espionage is a borderline case. Here you might want to heighten security for vulnerable companies, especially the ones working under government contracts. The good news is that these are most likely easily identifiable entities. You could maintain a list of high-profile companies who would have to follow stricter security routines. I'm sure this happens already in the real world, so why not use the same type of policies for internet security?

But I would really like to avoid bringing war mentality onto the open internet. Just like you, I think that the 27-page checklist is completely unrealistic.

> Having citadels of security in a floating maelstrom of unprotected Internet is not security at the national level.

No it's not. But why would you need the national level security? I'm not sure that I'm buying you point about the internet itself being "critical infrastructure". If the army want's to claim the whole internet "just in case", then fine, introduce national borders. But isn't it better if all countries work together to make the internet stronger as a whole, and not abusable (prevent these NTP-based DDos attacks for instance)?

The difference is that I don't think that introducing borders are a good long-term strategy. The example which you bring up about anti-USA propaganda is a good one I think. Because what I see in younger generations is a whole new skillset: the ability to see through propaganda, ads and other manipulative media. Thanks to the internet young people can receive several subjective messages and still form their own opinions. Being on the internet exposes you to trolls, liars, false information, propaganda and phishing attempts every day. And people get better at forming their own opinions.

What I've seen over here in Europe regarding pro- and anti-America propaganda once free information was introduces was the following: First people stopped believing the US hype. The US wasn't such a great place after all. Weaknesses such as poverty and gang violence was exposed. Secondly, anti-american propaganda came in from the east. This was listened to to some extent, but pretty soon it became clear that these guys weren't completely honest themselves. And after 9/11 and the Madrid bombings, I don't think anyone think highly of eastern propaganda anymore. Lastly, more information started to flow in from the "real US". Not sitcoms or fox news, but sites like Reddit and hacker news exposed people to the daily lives of americans. And people started to bond and understand one another. And this is what I think is the power of the internet. If we know each other on the small scale, the large scale fights just won't happen. If the news tells me that Kiev is full of terrorists and war makers, I can just happily ignore that having seen live feeds and talked to the people on chats over the internet. It is worth considering, IMO, just how much this communication is worth. It could be that the Internet is the best enabler of Democratic peace that we've seen this far. Maybe so good that democracy isn't even required for enabling "democratic" peace. And borders could ruin that. For proof, just look at dictatorships. They see this power in social media and are deadly scared of it. They're scrambling for the power to shut it down at will.

> Look around the Internet and all I see is Europeans calling us fat, making fun of how we measure distance, write and speak our dates (and all this despite American coders at MS being careful to add locale and translation support to their software), and more or less begging for us to take any overseas extension we have back to America.

This is just little brother teasing big brother. It's not serious IMO.

>While I will say that I do prefer an international, open network just as you do

Well then, let's think up a strategy which would work without building borders between countries! While isolation is the fastest fix, I think it could be worth it if we could find better ones.

j / k navigate · click thread line to collapse