cypherpunks-legacy
Threads by month
- ----- 2025 -----
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2009 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2008 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2007 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2006 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2005 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2004 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2003 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2002 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2001 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2000 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1999 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1998 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1997 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1996 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1995 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1994 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1993 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 1992 -----
- December
- November
- October
- September
July 2018
- 1371 participants
- 9656 discussions
1at8UH24t3Nl3pv0
for <jya(a)pipeline.com>; Sun, 7 Dec 2003 19:06:11 -0500 (EST)
Received: from ak47.algebra.com (majordom@localhost [127.0.0.1])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB7LmNLG009486
for <cypherpunks-outgoing(a)ak47.algebra.com>; Sun, 7 Dec 2003 15:48:23 -0600
Received: (from majordom@localhost)
by ak47.algebra.com (8.12.1/8.12.1/Submit) id hB7LmNXw009485
for cypherpunks-outgoing; Sun, 7 Dec 2003 15:48:23 -0600
X-Authentication-Warning: ak47.algebra.com: majordom set sender to
owner-cypherpunks(a)Algebra.COM using -f
Received: from slack.lne.com (gw.lne.com [209.157.136.81])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB7LmGLG009442
for <cypherpunks(a)ak47.algebra.com>; Sun, 7 Dec 2003 15:48:19 -0600
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7LmDTf002878
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks(a)ak47.algebra.com>; Sun, 7 Dec 2003 13:48:13 -0800
Received: (from cpunk@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7LmDtF002872
for cypherpunks(a)ak47.algebra.com; Sun, 7 Dec 2003 13:48:13 -0800
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7LlTTf002845
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks-goingout345(a)slack.lne.com>; Sun, 7 Dec 2003 13:47:29 -0800
Received: (from majordom@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7LlS6O002844
for cypherpunks-goingout345; Sun, 7 Dec 2003 13:47:28 -0800
X-Authentication-Warning: slack.lne.com: majordom set sender to
owner-cypherpunks(a)lne.com using -f
Message-Id: <5.1.0.14.2.20031207131538.02880c28(a)idiom.com>
X-Sender: wcs(a)idiom.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 07 Dec 2003 13:47:12 -0800
To: declan McCullagh <declan(a)well.com>
From: Bill Stewart <bill.stewart(a)pobox.com>
Old-Subject: Re: Larry Lessig on ending anonymity through "identity escrow"
Cc: cypherpunks(a)lne.com
In-Reply-To: <7564DC7B-2837-11D8-9AB2-000A956B4C74(a)got.net>
References: <20031206015356.GC4450(a)clueinc.net>
<6.0.0.22.2.20031205092507.02d7d7f0(a)mail.well.com>
<3EFD45E8-277E-11D8-9AB2-000A956B4C74(a)got.net>
<8A858E4E-2785-11D8-9AB2-000A956B4C74(a)got.net>
<20031206015356.GC4450(a)clueinc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: Larry Lessig on ending anonymity through "identity escrow"
X-Algebra: <A HREF=http://www.algebra.com>Algebra</A>
Sender: owner-cypherpunks(a)Algebra.COM
Precedence: bulk
X-List-Admin: ichudov(a)algebra.com
-----
Lne's modest offering:
1
0
1at8NF1dj3Nl3qU0
for <jya(a)pipeline.com>; Sun, 7 Dec 2003 18:58:55 -0500 (EST)
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7NQwTf003380
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks-goingout345(a)slack.lne.com>; Sun, 7 Dec 2003 15:26:58 -0800
Received: (from majordom@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7NQwYx003379
for cypherpunks-goingout345; Sun, 7 Dec 2003 15:26:58 -0800
X-Authentication-Warning: slack.lne.com: majordom set sender to
owner-cypherpunks(a)lne.com using -f
Mime-Version: 1.0 (Apple Message framework v606)
In-Reply-To: <20031207212546.GZ5783(a)leitl.org>
References: <0de0afc1fce3c9d7e4597f3fcc1ddc26(a)dizum.com>
<20031207212546.GZ5783(a)leitl.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <CD94B950-290C-11D8-9AB2-000A956B4C74(a)got.net>
Content-Transfer-Encoding: 7bit
From: Tim May <timcmay(a)got.net>
Subject: Decline of the Cypherpunks list...Part 19
Date: Sun, 7 Dec 2003 15:26:37 -0800
To: cypherpunks(a)lne.com
X-Mailer: Apple Mail (2.606)
Sender: owner-cypherpunks(a)lne.com
Precedence: bulk
-----
1
0
I found the FTU's recent report on concealable weapons
(http://LB.wnd.com/FBI-weapons.pdf) interesting,
but find that it omitted a few possibilities, viz:
1. The pop-top steel lid on a can e.g., of catfood forms a sharp
edge when removed. (I have a permenant scar on a finger
attesting to this.) If half the disc were grasped in a cloth
it could be more effective than several of the items you list.
2. Similarly, the steel lid on e.g., a tuna can forms a sharp (and
flatter, and slightly more rigid) edge when removed with a can opening
tool. A can opening tool can be very small, e.g., the military-style
can openers, which by itself is not dangerous. Again, any piece of cloth forms a graspable handle on the resulting sharp-edged disc.
3. Even a beverage can, e.g., from a beer purchased in flight, can be
ripped into a sharp edge, although the thinness of the (typically soft
aluminum) metal makes this less effective than the above.
4. The large knitting (crochet) needles which I believe
the TSA admits could be filed into a sharp point, producing
a spike as effective as some you list. As these are typically
aluminum, abrading them into a point would not be difficult.
5. It is possible that a skilled knife maker could chip a glass
bottle into a knife while in the restroom, producing something
comparable to the obsidian knife you list. The production process
might be noisy however, unlike the above.
Comment, which you will no doubt ignore:
Given the facility with which weapons are improvised or concealed,
it might be a better idea to stop motivating the
actors, as distasteful as that might be to some in power.
Although some will enjoy the Israel-like police
state that foreign entanglement will otherwise drag the US
into, and some -perhaps your- careers might even advance faster
under such conditions.
Have a nice day
A. Citizen
1
0
1at9tm1Nu3Nl3oW0
for <jya(a)pipeline.com>; Sun, 7 Dec 2003 19:42:00 -0500 (EST)
Received: from hq.pro-ns.net (localhost [127.0.0.1])
by hq.pro-ns.net (8.12.9/8.12.5) with ESMTP id hB80dcTW026480
for <cypherpunks-list(a)hq.pro-ns.net>; Sun, 7 Dec 2003 18:39:38 -0600 (CST)
(envelope-from owner-cypherpunks(a)ds.pro-ns.net)
Received: (from majordom@localhost)
by hq.pro-ns.net (8.12.9/8.12.5/Submit) id hB80dcCZ026479
for cypherpunks-list; Sun, 7 Dec 2003 18:39:38 -0600 (CST)
X-Authentication-Warning: hq.pro-ns.net: majordom set sender to
owner-cypherpunks(a)ds.pro-ns.net using -f
Received: from hq.pro-ns.net (localhost [127.0.0.1])
by hq.pro-ns.net (8.12.9/8.12.5) with ESMTP id hB80daTW026468
for <cypherpunks-forward(a)ds.pro-ns.net>; Sun, 7 Dec 2003 18:39:36 -0600 (CST)
(envelope-from cpunks(a)hq.pro-ns.net)
Received: (from cpunks@localhost)
by hq.pro-ns.net (8.12.9/8.12.5/Submit) id hB80dabs026465
for cypherpunks-forward(a)ds.pro-ns.net; Sun, 7 Dec 2003 18:39:36 -0600 (CST)
Received: from slack.lne.com (gw.lne.com [209.157.136.81])
by hq.pro-ns.net (8.12.9/8.12.5) with ESMTP id hB80dQom026459
for <cypherpunks(a)ds.pro-ns.net>; Sun, 7 Dec 2003 18:39:31 -0600 (CST)
(envelope-from cpunk(a)lne.com)
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB80dMTf003847
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks(a)ds.pro-ns.net>; Sun, 7 Dec 2003 16:39:22 -0800
Received: (from cpunk@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB80dMDV003842
for cypherpunks(a)ds.pro-ns.net; Sun, 7 Dec 2003 16:39:22 -0800
Received: from ak47.algebra.com (algebra.com [216.82.116.230])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB80dGTe003829
for <cpunk(a)lne.com>; Sun, 7 Dec 2003 16:39:19 -0800
Received: from ak47.algebra.com (cpunks@localhost [127.0.0.1])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB80dGLG031103;
Sun, 7 Dec 2003 18:39:16 -0600
Received: (from cpunks@localhost)
by ak47.algebra.com (8.12.1/8.12.1/Submit) id hB80dGqU031100;
Sun, 7 Dec 2003 18:39:16 -0600
Received: from tisch.mail.mindspring.net (tisch.mail.mindspring.net
[207.69.200.157])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB80dELG031089
for <cypherpunks(a)algebra.com>; Sun, 7 Dec 2003 18:39:15 -0600
Received: from user-0ccetrj.cable.mindspring.com ([24.199.119.115] helo=JY09)
by tisch.mail.mindspring.net with smtp (Exim 3.33 #1)
id 1AT9Qg-0005IG-00
for cypherpunks(a)algebra.com; Sun, 07 Dec 2003 19:39:14 -0500
X-Sender: jya(a)pop.pipeline.com
X-Mailer: QUALCOMM Windows Eudora Pro Version 4.0
Date: Sun, 07 Dec 2003 19:37:26 -0800
To: cypherpunks(a)algebra.com
From: John Young <jya(a)pipeline.com>
Old-Subject: Re: Decline of the Cypherpunks list...Part 19
In-Reply-To: <Pine.BSF.4.21.0312071754510.29758-100000(a)greeves.mfn.org>
References: <CD94B950-290C-11D8-9AB2-000A956B4C74(a)got.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Message-Id: <E1AT9Qg-0005IG-00(a)tisch.mail.mindspring.net>
Subject: Re: Decline of the Cypherpunks list...Part 19
X-Algebra: <A HREF=http://www.algebra.com>Algebra</A>
Approved: LISTMEMBER CPUNK
Sender: owner-cypherpunks(a)ds.pro-ns.net
Precedence: bulk
-----
And here's Algebra's substantial verbosity:
1
0
1at8UH24t3Nl3pv0
for <jya(a)pipeline.com>; Sun, 7 Dec 2003 19:06:11 -0500 (EST)
Received: from ak47.algebra.com (majordom@localhost [127.0.0.1])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB7LmNLG009486
for <cypherpunks-outgoing(a)ak47.algebra.com>; Sun, 7 Dec 2003 15:48:23 -0600
Received: (from majordom@localhost)
by ak47.algebra.com (8.12.1/8.12.1/Submit) id hB7LmNXw009485
for cypherpunks-outgoing; Sun, 7 Dec 2003 15:48:23 -0600
X-Authentication-Warning: ak47.algebra.com: majordom set sender to
owner-cypherpunks(a)Algebra.COM using -f
Received: from slack.lne.com (gw.lne.com [209.157.136.81])
by ak47.algebra.com (8.12.1/8.12.1) with ESMTP id hB7LmGLG009442
for <cypherpunks(a)ak47.algebra.com>; Sun, 7 Dec 2003 15:48:19 -0600
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7LmDTf002878
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks(a)ak47.algebra.com>; Sun, 7 Dec 2003 13:48:13 -0800
Received: (from cpunk@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7LmDtF002872
for cypherpunks(a)ak47.algebra.com; Sun, 7 Dec 2003 13:48:13 -0800
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7LlTTf002845
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks-goingout345(a)slack.lne.com>; Sun, 7 Dec 2003 13:47:29 -0800
Received: (from majordom@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7LlS6O002844
for cypherpunks-goingout345; Sun, 7 Dec 2003 13:47:28 -0800
X-Authentication-Warning: slack.lne.com: majordom set sender to
owner-cypherpunks(a)lne.com using -f
Message-Id: <5.1.0.14.2.20031207131538.02880c28(a)idiom.com>
X-Sender: wcs(a)idiom.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Sun, 07 Dec 2003 13:47:12 -0800
To: declan McCullagh <declan(a)well.com>
From: Bill Stewart <bill.stewart(a)pobox.com>
Old-Subject: Re: Larry Lessig on ending anonymity through "identity escrow"
Cc: cypherpunks(a)lne.com
In-Reply-To: <7564DC7B-2837-11D8-9AB2-000A956B4C74(a)got.net>
References: <20031206015356.GC4450(a)clueinc.net>
<6.0.0.22.2.20031205092507.02d7d7f0(a)mail.well.com>
<3EFD45E8-277E-11D8-9AB2-000A956B4C74(a)got.net>
<8A858E4E-2785-11D8-9AB2-000A956B4C74(a)got.net>
<20031206015356.GC4450(a)clueinc.net>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Subject: Re: Larry Lessig on ending anonymity through "identity escrow"
X-Algebra: <A HREF=http://www.algebra.com>Algebra</A>
Sender: owner-cypherpunks(a)Algebra.COM
Precedence: bulk
X-List-Admin: ichudov(a)algebra.com
-----
Lne's modest offering:
1
0
1at8NF1dj3Nl3qU0
for <jya(a)pipeline.com>; Sun, 7 Dec 2003 18:58:55 -0500 (EST)
Received: from slack.lne.com (slack.lne.com [127.0.0.1])
by slack.lne.com (8.12.10/8.12.10) with ESMTP id hB7NQwTf003380
(version=TLSv1/SSLv3 cipher=EDH-DSS-DES-CBC3-SHA bits=168 verify=NO)
for <cypherpunks-goingout345(a)slack.lne.com>; Sun, 7 Dec 2003 15:26:58 -0800
Received: (from majordom@localhost)
by slack.lne.com (8.12.10/8.12.10/Submit) id hB7NQwYx003379
for cypherpunks-goingout345; Sun, 7 Dec 2003 15:26:58 -0800
X-Authentication-Warning: slack.lne.com: majordom set sender to
owner-cypherpunks(a)lne.com using -f
Mime-Version: 1.0 (Apple Message framework v606)
In-Reply-To: <20031207212546.GZ5783(a)leitl.org>
References: <0de0afc1fce3c9d7e4597f3fcc1ddc26(a)dizum.com>
<20031207212546.GZ5783(a)leitl.org>
Content-Type: text/plain; charset=US-ASCII; format=flowed
Message-Id: <CD94B950-290C-11D8-9AB2-000A956B4C74(a)got.net>
Content-Transfer-Encoding: 7bit
From: Tim May <timcmay(a)got.net>
Subject: Decline of the Cypherpunks list...Part 19
Date: Sun, 7 Dec 2003 15:26:37 -0800
To: cypherpunks(a)lne.com
X-Mailer: Apple Mail (2.606)
Sender: owner-cypherpunks(a)lne.com
Precedence: bulk
-----
1
0
I found the FTU's recent report on concealable weapons
(http://LB.wnd.com/FBI-weapons.pdf) interesting,
but find that it omitted a few possibilities, viz:
1. The pop-top steel lid on a can e.g., of catfood forms a sharp
edge when removed. (I have a permenant scar on a finger
attesting to this.) If half the disc were grasped in a cloth
it could be more effective than several of the items you list.
2. Similarly, the steel lid on e.g., a tuna can forms a sharp (and
flatter, and slightly more rigid) edge when removed with a can opening
tool. A can opening tool can be very small, e.g., the military-style
can openers, which by itself is not dangerous. Again, any piece of cloth forms a graspable handle on the resulting sharp-edged disc.
3. Even a beverage can, e.g., from a beer purchased in flight, can be
ripped into a sharp edge, although the thinness of the (typically soft
aluminum) metal makes this less effective than the above.
4. The large knitting (crochet) needles which I believe
the TSA admits could be filed into a sharp point, producing
a spike as effective as some you list. As these are typically
aluminum, abrading them into a point would not be difficult.
5. It is possible that a skilled knife maker could chip a glass
bottle into a knife while in the restroom, producing something
comparable to the obsidian knife you list. The production process
might be noisy however, unlike the above.
Comment, which you will no doubt ignore:
Given the facility with which weapons are improvised or concealed,
it might be a better idea to stop motivating the
actors, as distasteful as that might be to some in power.
Although some will enjoy the Israel-like police
state that foreign entanglement will otherwise drag the US
into, and some -perhaps your- careers might even advance faster
under such conditions.
Have a nice day
A. Citizen
1
0
06 Jul '18
NEC @ Shirky.com, a mailing list about Networks, Economics, and Culture
Published periodically / # 2.9 / September 5, 2003
Subscribe at http://shirky.com/nec.html
Archived at http://shirky.com
Social Software weblog at http://corante.com/many/
In this issue:
- Introduction
- Essay: Fame vs. Fortune: Micropayments and Free Content
(Also at http://www.shirky.com/writings/fame_vs_fortune.html)
- Notes:
historyflow: Software from IBM
Danah Boyd on Friendster
Club Nexus
ETech CFP
T-Mobile and Starbucks Don't Get Wifi
* Introduction =======================================================
This essay, Fame vs. Fortune, is an attempt to fuse two earlier
themes: the uselessness of micropayments, and the difficulty of
charging users directly.
-clay
* Essay ==============================================================
Fame vs Fortune: Micropayments and Free Content
http://www.shirky.com/writings/fame_vs_fortune.html
Micropayments, small digital payments of between a quarter and a
fraction of a penny, made (yet another) appearance this summer with
Scott McCloud's online comic, The Right Number,
[http://www.scottmccloud.com/comics/trn/intro.html]
accompanied by predictions of a rosy future for micropayments.
[http://www.google.com/search?q=mccloud+bitpass]
To read The Right Number, you have to sign up for the BitPass
micropayment system [http://www.bitpass.com/learn/] once you have an
account, the comic itself costs 25 cents.
BitPass will fail, as FirstVirtual, Cybercoin, Millicent, Digicash,
Internet Dollar, Pay2See, and many others have in the decade since
Digital Silk Road, [http://www.agorics.com/Library/dsr.html] the paper
that helped launch interest in micropayments. These systems didn't
fail because of poor implementation; they failed because the trend
towards freely offered content is an epochal change, to which
micropayments are a pointless response.
The failure of BitPass is not terribly interesting in itself. What is
interesting is the way the failure of micropayments, both past and
future, illustrates the depth and importance of putting publishing
tools in the hands of individuals. In the face of a force this large,
user-pays schemes can't simply be restored through minor tinkering
with payment systems, because they don't address the cause of that
change -- a huge increase the power and reach of the individual
creator.
- Why Micropayment Systems Don't Work
The people pushing micropayments believe that the dollar cost of goods
is the thing most responsible for deflecting readers from buying
content, and that a reduction in price to micropayment levels will
allow creators to begin charging for their work without deflecting
readers.
This strategy doesn't work, because the act of buying anything, even
if the price is very small, creates what Nick Szabo calls mental
transaction costs, the energy required to decide whether something is
worth buying or not, regardless of price.
[http://szabo.best.vwh.net/micropayments.html] The only business model
that delivers money from sender to receiver with no mental transaction
costs is theft, and in many ways, theft is the unspoken inspiration
for micropayment systems.
Like the "salami slicing" exploit in computer crime,
[http://www.yourwindow.to/information-security/gl_salamislicing.htm]
micropayment believers imagine that such tiny amounts of money can be
extracted from the user that they will not notice, while the overall
volume will cause these payments to add up to something significant
for the recipient. But of course the users do notice, because they are
being asked to buy something. Mental transaction costs create a
minimum level of inconvenience that cannot be removed simply by
lowering the dollar cost of goods.
Worse, beneath a certain threshold, mental transaction costs actually
rise, a phenomenon is especially significant for information
goods. It's easy to think a newspaper is worth a dollar, but is each
article worth half a penny? Is each word worth a thousandth of a
penny? A newspaper, exposed to the logic of micropayments, becomes
impossible to value.
If you want to feel mental transaction costs in action, sign up for
the $3 version of BitPass, then survey the content on offer.
[http://www.bitpass.com/share/sites/] Would you pay 25 cents to view a
VR panorama of the Matterhorn? Are Powerpoint slides on "Ten reasons
why now is a great time to start a company?" worth a dime? (and if
so, would each individual reason be worth a penny?)
Mental transaction costs help explain the general failure of
micropayment systems. (See Odlyzko
[http://www.dtc.umn.edu/~odlyzko/doc/case.against.micropayments.pdf]
Shirky
[http://oreillynet.com/pub/a/p2p/2000/12/19/micropayments.html]
and Szabo
[http://szabo.best.vwh.net/micropayments.html]
for a fuller accounting of the weaknesses of micropayments.) The
failure of micropayments in turn helps explain the ubiquity of free
content on the Web.
- Fame vs Fortune and Free Content
Analog publishing generates per-unit costs -- each book or magazine
requires a certain amount of paper and ink, and creates storage and
transportation costs. Digital publishing doesn't. Once you have a
computer and internet access, you can post one weblog entry or one
hundred, for ten readers or ten thousand, without paying anything per
post or per reader. In fact, dividing up front costs by the number of
readers means that content gets _cheaper_ as it gets more popular, the
opposite of analog regimes.
The fact that digital content can be distributed for no additional
cost does not explain the huge number of creative people who make
their work available for free. After all, they are still investing
their time without being paid back. Why?
The answer is simple: creators are not publishers, and putting the
power to publish directly into their hands does not make them
publishers. It makes them artists with printing presses. This matters
because creative people crave attention in a way publishers do
not. Prior to the internet, this didn't make much difference. The
expense of publishing and distributing printed material is too great
for it to be given away freely and in unlimited quantities -- even
vanity press books come with a price tag. Now, however, a single
individual can serve an audience in the hundreds of thousands, as a
hobby, with nary a publisher in sight.
This disrupts the old equation of "fame and fortune." For an author to
be famous, many people had to have read, and therefore paid for, his
or her books. Fortune was a side-effect of attaining fame. Now, with
the power to publish directly in their hands, many creative people
face a dilemma they've never had before: fame vs fortune.
- Substitutability and the Deflection of Use
The fame vs fortune choice matters because of substitutability, the
willingness to accept one thing as a substitute for
another. Substitutability is neutralized in perfect markets. For
example, if someone has even a slight preference for Pepsi over Coke,
and if both are always equally available in all situations, that
person will never drink a Coke, despite being only mildly biased.
The soft-drink market is not perfect, but the Web comes awfully close:
If InstaPundit [http://www.instapundit.com/] and Samizdata
[http://www.samizdata.net/blog/] are both equally easy to get to, the
relative traffic to the sites will always match audience
preference. But were InstaPundit to become less easy to get to,
Samizdata would become a more palatable substitute. Any barrier erodes
the user's preferences, and raises their willingness to substitute one
thing for another.
This is made worse by the asymmetry between the author's motivation
and the reader's. While the author has one particular thing they want
to write, the reader is usually willing to read anything interesting
or relevant to their interests. Though each piece of written material
is unique, the universe of possible choices for any given reader is so
vast that uniqueness is not a rare quality. Thus any barrier to a
particular piece of content (even, as the usability people will tell
you, making it one click further away) will deflect at least some
potential readers.
Charging, of course, creates just such a barrier. The fame vs fortune
problem exists because the web makes it possible to become famous
without needing a publisher, and because any attempt to derive fortune
directly from your potential audience lowers the size of that audience
dramatically, as the added cost encourages them to substitute other,
free sources of content.
- Free is a Stable Strategy
For a creator more interested in attention than income, free makes
sense. In a regime where most of the participants are charging,
freeing your content gives you a competitive advantage. And, as the
drunks say, you can't fall off the floor. Anyone offering content
free gains an advantage that can't be beaten, only matched, because
the competitive answer to free -- "I'll pay you to read my weblog!" --
is unsupportable over the long haul.
Free content is thus what biologists call an evolutionarily stable
strategy. It is a strategy that works well when no one else is using
it -- it's good to be the only person offering free content. It's also
a strategy that continues to work if everyone is using it, because in
such an environment, anyone who begins charging for their work will be
at a disadvantage. In a world of free content, even the moderate
hassle of micropayments greatly damages user preference, and increases
their willingness to accept free material as a substitute.
Furthermore, the competitive edge of free content is increasing. In
the 90s, as the threat the Web posed to traditional publishers became
obvious, it was widely believed that people would still pay for
filtering. As the sheer volume of free content increased, the thinking
went, finding the good stuff, even if it was free, would be worth
paying for because it would be so hard to find.
In fact, the good stuff is becoming _easier_ to find as the size of
the system grows, not harder, because collaborative filters like
Google and Technorati rely on rich link structure to sort through
links. So offering free content is not just an evolutionary stable
strategy, it is a strategy that improves with time, because the more
free content there is the greater the advantage it has over for-fee
content.
- The Simple Economics of Content
People want to believe in things like micropayments because without a
magic bullet to believe in, they would be left with the uncomfortable
conclusion that what seems to be happening -- free content is growing
in both amount and quality -- is what's actually happening.
The economics of content creation are in fact fairly simple. The two
critical questions are "Does the support come from the reader, or from
an advertiser, patron, or the creator?" and "Is the support mandatory
or voluntary?"
The internet adds no new possibilities. Instead, it simply shifts both
answers strongly to the right. It makes all user-supported schemes
harder, and all subsidized schemes easier. It likewise makes
collecting fees harder, and soliciting donations easier. And these
effects are multiplicative. The internet makes collecting mandatory
user fees much harder, and makes voluntarily subsidy much easier.
Weblogs, in particular, represent a huge victory for voluntarily
subsidized content. The weblog world is driven by a million creative
people, driven to get the word out, willing to donate their work, and
unhampered by the costs of xeroxing, ink, or postage. Given the choice
of fame vs fortune, many people will prefer a large audience and no
user fees to a small audience and tiny user fees. This is not to say
that creators cannot be paid for their work, merely that mandatory
user fees are far less effective than voluntary donations,
sponsorship, or advertising.
Because information is hard to value in advance, for-fee content will
almost invariably be sold on a subscription basis, rather than per
piece, to smooth out the variability in value. Individual bits of
content that are even moderately close in quality to what is available
free, but wrapped in the mental transaction costs of micropayments,
are doomed to be both obscure and unprofitable.
- What's Next?
This change in the direction of free content is strongest for the work
of individual creators, because an individual can produce material on
any schedule they like. It is also strongest for publication of words
and images, because these are the techniques most easily mastered by
individuals. As creative work in groups creates a good deal of
organizational hassle and often requires a particular mix of
talents, it remains to be seen how strongly the movement towards free
content will be for endeavors like music or film.
However, the trends are towards easier collaboration, and still more
power to the individual. The open source movement has demonstrated
that even phenomenally complex systems like Linux can be developed
through distributed volunteer labor, and software like Apple's iMovie
allows individuals to do work that once required a team. So while we
don't know what ultimate effect the economics of free content will be
on group work, we do know that the barriers to such free content are
coming down, as they did with print and images when the Web launched.
The interesting questions regarding free content, in other words, have
nothing to do with bland "End of Free" predictions, or unimaginative
attempts at restoring user-pays regimes. The interesting questions are
how far the power of the creator to publish their own work is going to
go, how much those changes will be mirrored in group work, and how
much better collaborative filters will become in locating freely
offered material. While we don't know what the end state of these
changes will be, we do know that the shift in publishing power is
epochal and accelerating.
-=-
* Notes ==============================================================
- historyflow: Software from IBM
Martin Wattenberg and Fernanda Viegas, in IBM's Collaborative User
Experience lab have created a tool called historyflow that lets you
see the history of a wiki page. They turned the tool loose on the
wikipedia.org, the collaborative encyclopedia project, and the
history flow site has many of their observations on observed
patterns for the formation of encyclopedia entries on contentious
subjects like Abortionh or Islam.
Its an astonishing X-ray of long-term social patterns in action, and
because its so visual, it is hard to describe in an acsii-only
format, so I'll point you to the site, and to my longer (and
picture-strewn) observations elsewhere.
historyflow: http://www.research.ibm.com/history/
My more detailed observations about historyflow:
http://www.corante.com/many/20030801.shtml#49472
- Danah Boyd on Friendster
Friendster, the social networking service, has been causing a lot of
stir recently with its new "no fakes" policy. The site, a kind of
"sixdegrees with dating" affair that has grown like wildfire among
the under-30 set, had been home to a number of amusing but fictional
users, including Jesus, the City of San Francisco, Pure Evil, and a
Giant Squid.
These fakesters were both amusing and effective -- two people who
listed the City of San Francisco as a friend would then be connected
through this shared affinity.
However, Jon Abrams, the Friendster CEO, disliked the Fakesters, as
he felt they trivialized the site, and began to weed out the fake
profiles, creating an immediate and public backlash.
The fight between users who used the site to create something
valuable to them and the community owner who wanted a more placid
group of users is an old old story, but like many old stories, its
still interesting to see how it plays out. The backlash is going on
as I write, and no one is doing a beter job of covering it from
various angles than Danah Boyd, who has runs a weblog called
connected selves, on social networking services:
http://www.zephoria.org/snt/
- Club Nexus
HP researchers Lada A. Adamic, Orkut Buyukkokten, and Eytan Adar
wrote a paper about social clustering in Club Nexus, a service for
Stanford University's online population.
Because Club Nexus users left such a rich metadata trail, they were
able to test a number of assertions about social congres that had
previously been made only as generalities. In addition to uncovering
the expected gross patterns (power laws, clustering, small worlds
networks, low hop-counts between people, etc), they were able to
make refined observations about what sorts of affinities correlate
with high clustering (the higher the listed ratio is above 1, the
stronger the correlation with social clustering):
We found further that, in general, activities or interests that
are shared by a smaller subset of people showed stronger
association ratios than very generic activities or interests that
could be enjoyed by many. For example, raving (1.64), ballroom
dancing (1.61), and Latin dancing (1.49) showed stronger
association in the social activity category than barbecuing
(1.20), partying (1.18), or camping (1.11) [...]
In sports in particular, multi-player team or niche sports were
better predictors of social contacts than sports that could be
pursued individually or casually. Among water sports, synchronized
swimming, diving, crew, and wake boarding were better predictors
than boating, fishing, swimming or windsurfing. In the land sports
category, team sports, in particular women's team sports such as
lacrosse and field hockey were better predictors than soccer
(often played casually as opposed to in a competitive college
team), tennis, or racquetball. [...]
We observed that niche book, movie, and music genres were more
predictive of friendship than generic ones. Gay and lesbian books,
read by 63 users, had a ratio of 4.37, followed by professional
and technical, teen, and computer books. In contrast, the general
category of 'fiction & literature' had a ratio of 1.09.
Well worth a read:
http://www.firstmonday.dk/issues/issue8_6/adamic/index.html
- ETech CFP
O'Reilly's Emerging Technology Conference is happening in February,
and the Call for Papers is up now. The topics are:
Interfaces and Services - Sherlock, Watson, and Dashboard;
micro-content viewers and RSS; laptop, palmtop, hiptop, and
cellphone interfaces; web services.
Social Software - Software for describing and exploring social
connections, FOAF (friend-of-a-friend networks), Flash Mobs,
MeetUp, and related applications.
Untethered - WiFi, Bluetooth, and cellular networks; Rendezvous,
SMS, and ad hoc networking; Symbian and J2ME mobile development
environments.
Location - GPS/GIS technologies and devices, location based
services, navigational devices, geospacial annotation tools, and
visualization software.
Hardware - Hardware hacks and mobile devices, sensor arrays, RFID
tags, TinyOS, and sub-micro computing.
Business Models - Who is putting a stake in the ground and
attempting to build the new applications, network, and online
culture -- and how are they doing it?
You can submit a conference or tutorial proposal here:
http://conferences.oreillynet.com/cs/et2004/create/e_sess
- T-Mobile and Starbucks Don't Get Wifi
More proof, as if any were needed, that the economics of Wifi are
interfering with plans to offer metered commercial access. I have a
T-Mobile Wifi account, 300 mins for $50, so that when I'm away from
free APs, I can at least drop into a Starbucks, order up a doppio,
and check my mail.
Today, T-Mobile informed me when I logged in that that deal was
over, dead, forget it, they're sorry they ever mentioned it.
Instead, they were offering me a "convenient" Day-Pass, for the low,
low rate of $10/24 hour period. Meaning, of course, that if you
spend even as much as an hour logged in at a Starbucks, the cost per
minute has almost tripled, to 16 cents a minute from 6. Worse, if
you just want to go in, grab a cup of coffee and check your mail
under the old "10 minute minimum" regime, that will now cost a
dollar a minute. I could have elective surgery for a dollar a
minute.
This is Iridium or those back-of-the-seat airphones all over
again. Any pricing plan that is even moderately convenient shows up
on the spreadsheets at HQ as being less than a rocket ride to
riches, so they come up with the two-fisted brainstorm of making it
less convenient to use, then slapping a "Now with new expensiveness!"
sticker on it. I smell a business school case study in the making --
don't take products with vanishingly small marginal cost and make
them too expensive for your target audience to want to use.
* End ====================================================================
This work is licensed under the Creative Commons Attribution License.
The licensor permits others to copy, distribute, display, and perform
the work. In return, licensees must give the original author credit.
To view a copy of this license, visit
http://creativecommons.org/licenses/by/1.0
or send a letter to
Creative Commons, 559 Nathan Abbott Way, Stanford, California 94305, USA.
2003, Clay Shirky
_______________________________________________
NEC - Clay Shirky's distribution list on Networks, Economics & Culture
NEC(a)shirky.com
http://shirky.com/nec.html
--- end forwarded text
--
-----------------
R. A. Hettinga <mailto: rah(a)ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
1
0
CRYPTO-GRAM
July 15, 2010
by Bruce Schneier
Chief Security Technology Officer, BT
schneier(a)schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1007.html>. These same essays and
news items appear in the "Schneier on Security" blog at
<http://www.schneier.com/blog>, along with a lively comment section. An
RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
The Threat of Cyberwar Has Been Grossly Exaggerated
Internet Kill Switch
News
Third SHB Workshop
Schneier News
Data at Rest vs. Data in Motion
Reading Me
** *** ***** ******* *********** *************
The Threat of Cyberwar Has Been Grossly Exaggerated
There's a power struggle going on in the U.S. government right now.
It's about who is in charge of cyber security, and how much control the
government will exert over civilian networks. And by beating the drums
of war, the military is coming out on top.
"The United States is fighting a cyberwar today, and we are losing,"
said former NSA director -- and current cyberwar contractor -- Mike
McConnell. "Cyber 9/11 has happened over the last ten years, but it
happened slowly so we don't see it," said former National Cyber Security
Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote
an entire book hyping the threat of cyberwar.
General Keith Alexander, the current commander of the U.S. Cyber
Command, hypes it every chance he gets. This isn't just rhetoric of a
few over-eager government officials and headline writers; the entire
national debate on cyberwar is plagued with exaggerations and hyperbole.
Googling those names and terms -- as well as "cyber Pearl Harbor,"
"cyber Katrina," and even "cyber Armageddon" -- gives some idea how
pervasive these memes are. Prefix "cyber" to something scary, and you
end up with something really scary.
Cyberspace has all sorts of threats, day in and day out. Cybercrime is
by far the largest: fraud, through identity theft and other means,
extortion, and so on. Cyber-espionage is another, both government- and
corporate-sponsored. Traditional hacking, without a profit motive, is
still a threat. So is cyber-activism: people, most often kids, playing
politics by attacking government and corporate websites and networks.
These threats cover a wide variety of perpetrators, motivations,
tactics, and goals. You can see this variety in what the media has
mislabeled as "cyberwar." The attacks against Estonian websites in 2007
were simple hacking attacks by ethnic Russians angry at anti-Russian
policies; these were denial-of-service attacks, a normal risk in
cyberspace and hardly unprecedented.
A real-world comparison might be if an army invaded a country, then all
got in line in front of people at the DMV so they couldn't renew their
licenses. If that's what war looks like in the 21st century, we have
little to fear.
Similar attacks against Georgia, which accompanied an actual Russian
invasion, were also probably the responsibility of citizen activists or
organized crime. A series of power blackouts in Brazil was caused by
criminal extortionists -- or was it sooty insulators? China is engaging
in espionage, not war, in cyberspace. And so on.
One problem is that there's no clear definition of "cyberwar." What does
it look like? How does it start? When is it over? Even cybersecurity
experts don't know the answers to these questions, and it's dangerous to
broadly apply the term "war" unless we know a war is going on.
Yet recent news articles have claimed that China declared cyberwar on
Google, that Germany attacked China, and that a group of young hackers
declared cyberwar on Australia. (Yes, cyberwar is so easy that even kids
can do it.) Clearly we're not talking about real war here, but a
rhetorical war: like the war on terror.
We have a variety of institutions that can defend us when attacked: the
police, the military, the Department of Homeland Security, various
commercial products and services, and our own personal or corporate
lawyers. The legal framework for any particular attack depends on two
things: the attacker and the motive. Those are precisely the two things
you don't know when you're being attacked on the Internet. We saw this
on July 4 last year, when U.S. and South Korean websites were attacked
by unknown perpetrators from North Korea -- or perhaps England. Or was
it Florida?
We surely need to improve our cybersecurity. But words have meaning, and
metaphors matter. There's a power struggle going on for control of our
nation's cybersecurity strategy, and the NSA and DoD are winning. If we
frame the debate in terms of war, if we accept the military's expansive
cyberspace definition of "war," we feed our fears.
We reinforce the notion that we're helpless -- what person or
organization can defend itself in a war? -- and others need to protect
us. We invite the military to take over security, and to ignore the
limits on power that often get jettisoned during wartime.
If, on the other hand, we use the more measured language of cybercrime,
we change the debate. Crime fighting requires both resolve and
resources, but it's done within the context of normal life. We willingly
give our police extraordinary powers of investigation and arrest, but we
temper these powers with a judicial system and legal protections for
citizens.
We need to be prepared for war, and a Cyber Command is just as vital as
an Army or a Strategic Air Command. And because kid hackers and
cyber-warriors use the same tactics, the defenses we build against crime
and espionage will also protect us from more concerted attacks. But
we're not fighting a cyberwar now, and the risks of a cyberwar are no
greater than the risks of a ground invasion. We need peacetime
cyber-security, administered within the myriad structure of public and
private security institutions we already have.
This essay previously appeared on CNN.com.
http://www.cnn.com/2010/OPINION/07/07/schneier.cyberwar.hyped/
Hyperbole:
http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR201002250…
or http://tinyurl.com/yecwrzv
http://www.wired.com/threatlevel/2009/06/cyberthreat/
http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/
http://www.wired.com/dangerroom/2010/04/pentagon-networks-targeted-by-hundr…
or http://tinyurl.com/y6zw5sl
http://www.computerworld.com/s/article/9174682/Senators_ramp_up_cyberwar_rh…
or http://tinyurl.com/yfat7kl
http://www.wired.com/dangerroom/2010/04/top-officer-fears-cyberwar-hearts-k…
or http://tinyurl.com/y54ufmz
http://www.salon.com/news/opinion/glenn_greenwald/2010/03/29/mcconnell
http://www.guardian.co.uk/technology/2010/mar/04/internet-hi-tech-crime
or http://tinyurl.com/ya4wryz
http://www.wired.com/threatlevel/2008/01/feds-must-exami/
http://www.businessweek.com/the_thread/techbeat/archives/2009/02/fearing_cy…
or http://tinyurl.com/26feftb
http://www.wired.com/threatlevel/2009/04/conficker-war-r/
http://www.computerworld.com/s/article/9173967/Cyberattacks_an_existential_…
or http://tinyurl.com/yd3z5a9
http://thehill.com/opinion/op-ed/70319-no-line-between-cyber-crime-and-cybe…
or http://tinyurl.com/yka5cuk
http://techcrunch.com/2007/10/18/cyberwar-china-declares-war-on-western-sea…
or http://tinyurl.com/39dht45
http://news.softpedia.com/news/Germany-Attacks-China-For-Starting-The-Cyber…
or http://tinyurl.com/2fgdhbz
http://www.independent.co.uk/news/world/australasia/operation-titstorm-hack…
or http://tinyurl.com/yk458ro
http://www.schneier.com/essay-280.html
http://www.wired.com/dangerroom/2010/05/cyber-command-we-dont-wanna-defend-…
or http://tinyurl.com/38gzkz5
Cyberattacks:
http://www.wired.com/threatlevel/2007/08/cyber-war-and-e/
http://www.csoonline.com/article/443579/georgia-cyber-attacks-from-russian-…
or http://tinyurl.com/2enpbrm
http://www.csoonline.com/article/499778/georgia-cyberattacks-linked-to-russ…
or http://tinyurl.com/2c4t8cp
http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml
http://www.wired.com/threatlevel/2009/11/brazil_blackout/
http://www.schneier.com/essay-227.html
Good article:
http://www.economist.com/node/16481504?story_id=16481504
Earlier this month, I participated in a debate: "The Cyberwar Threat has
been Grossly Exaggerated." Marc Rotenberg of EPIC and I were for the
motion; Mike McConnell and Jonathan Zittrain were against. We lost.
We lost fair and square, for a bunch of reasons -- we didn't present our
case very well, Jonathan Zittrain is a way better debater than we were
-- but basically the vote came down to the definition of "cyberwar." If
you believed in an expansive definition of cyberwar, one that
encompassed a lot more types of attacks than traditional war, then you
voted against the motion. If you believed in a limited definition of
cyberwar, one that is a subset of traditional war, then you voted for it.
http://intelligencesquaredus.org/index.php/past-debates/cyber-war-threat-ha…
or http://tinyurl.com/2fapxhf
http://intelligencesquaredus.org/wp-content/uploads/Cyber-War-060810.pdf
or http://tinyurl.com/23hoxly
http://www.vimeo.com/12464156
http://finance.yahoo.com/news/The-Threat-of-Cyber-War-is-bw-2992953718.html…
or http://tinyurl.com/295ofod
http://www.npr.org/templates/story/story.php?storyId=127861446
http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/
or http://tinyurl.com/2cqwnch
http://www.businesswire.ca/portal/site/ca-fr/permalink/?ndmViewId=news_view…
or http://tinyurl.com/233u6uz
http://jldugger.livejournal.com/38537.html
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?artic…
or http://tinyurl.com/26p5ezm
http://www.theatlantic.com/science/archive/2010/06/the-cyber-war-threat-deb…
or http://tinyurl.com/2cxmpmh
Last month the Senate Homeland Security Committee held hearings on
"Protecting Cyberspace as a National Asset: Comprehensive Legislation
for the 21st Century." Unfortunately, the DHS is getting hammered at
these hearings, and the NSA is consolidating its power.
http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearin…
or http://tinyurl.com/2c7hqxs
North Korea was probably not responsible for last year's cyberattacks.
Good thing we didn't retaliate.
http://www.networkworld.com/news/2010/070610-north-korea-not-responsible-fo…
or http://tinyurl.com/279sx59
http://www.scmagazineus.com/cyber-retaliation-debate-is-north-korea-guilty-…
or http://tinyurl.com/2cxfbwk
** *** ***** ******* *********** *************
Internet Kill Switch
Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might --
we're not really sure -- give the president the authority to shut down
all or portions of the Internet in the event of an emergency. It's not a
new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine,
proposed the same thing last year, and some argue that the president can
already do something like this. If this or a similar bill ever passes,
the details will change considerably and repeatedly. So let's talk about
the idea of an Internet kill switch in general.
It's a bad one.
Security is always a trade-off: costs versus benefits. So the first
question to ask is: What are the benefits? There is only one possible
use of this sort of capability, and that is in the face of a
warfare-caliber enemy attack. It's the primary reason lawmakers are
considering giving the president a kill switch. They know that shutting
off the Internet, or even isolating the U.S. from the rest of the world,
would cause damage, but they envision a scenario where not doing so
would cause even more.
That reasoning is based on several flawed assumptions.
The first flawed assumption is that cyberspace has traditional borders,
and we could somehow isolate ourselves from the rest of the world using
an electronic Maginot Line. We can't.
Yes, we can cut off almost all international connectivity, but there are
lots of ways to get out onto the Internet: satellite phones, obscure
ISPs in Canada and Mexico, long-distance phone calls to Asia.
The Internet is the largest communications system mankind has ever
created, and it works because it is distributed. There is no central
authority. No nation is in charge. Plugging all the holes isn't possible.
Even if the president ordered all U.S. Internet companies to block, say,
all packets coming from China, or restrict non-military communications,
or just shut down access in the greater New York area, it wouldn't work.
You can't figure out what packets do just by looking at them; if you
could, defending against worms and viruses would be much easier.
And packets that come with return addresses are easy to spoof. Remember
the cyberattack July 4, 2009, that probably came from North Korea, but
might have come from England, or maybe Florida? On the Internet,
disguising traffic is easy. And foreign cyberattackers could always have
dial-up accounts via U.S. phone numbers and make long-distance calls to
do their misdeeds.
The second flawed assumption is that we can predict the effects of such
a shutdown. The Internet is the most complex machine mankind has ever
built, and shutting down portions of it would have all sorts of
unforeseen ancillary effects.
Would ATMs work? What about the stock exchanges? Which emergency
services would fail? Would trucks and trains be able to route their
cargo? Would airlines be able to route their passengers? How much of the
military's logistical system would fail?
That's to say nothing of the variety of corporations that rely on the
Internet to function, let alone the millions of Americans who would need
to use it to communicate with their loved ones in a time of crisis.
Even worse, these effects would spill over internationally. The Internet
is international in complex and surprising ways, and it would be
impossible to ensure that the effects of a shutdown stayed domestic and
didn't cause similar disasters in countries we're friendly with.
The third flawed assumption is that we could build this capability
securely. We can't.
Once we engineered a selective shutdown switch into the Internet, and
implemented a way to do what Internet engineers have spent decades
making sure never happens, we would have created an enormous security
vulnerability. We would make the job of any would-be terrorist intent on
bringing down the Internet much easier.
Computer and network security is hard, and every Internet system we've
ever created has security vulnerabilities. It would be folly to think
this one wouldn't as well. And given how unlikely the risk is, any
actual shutdown would be far more likely to be a result of an
unfortunate error or a malicious hacker than of a presidential order.
But the main problem with an Internet kill switch is that it's too
coarse a hammer.
Yes, the bad guys use the Internet to communicate, and they can use it
to attack us. But the good guys use it, too, and the good guys far
outnumber the bad guys.
Shutting the Internet down, either the whole thing or just a part of it,
even in the face of a foreign military attack would do far more damage
than it could possibly prevent. And it would hurt others whom we don't
want to hurt.
For years we've been bombarded with scare stories about terrorists
wanting to shut the Internet down. They're mostly fairy tales, but
they're scary precisely because the Internet is so critical to so many
things.
Why would we want to terrorize our own population by doing exactly what
we don't want anyone else to do? And a national emergency is precisely
the worst time to do it.
Just implementing the capability would be very expensive; I would rather
see that money going toward securing our nation's critical
infrastructure from attack.
Defending his proposal, Sen. Lieberman pointed out that China has this
capability. It's debatable whether or not it actually does, but it's
actively pursuing the capability because the country cares less about
its citizens.
Here in the U.S., it is both wrong and dangerous to give the president
the power and ability to commit Internet suicide and terrorize Americans
in this way.
This essay was originally published on AOL.com News.
http://www.aolnews.com/opinion/article/opinion-3-reasons-to-kill-the-intern…
or http://tinyurl.com/249mora
http://www.opencongress.org/bill/111-s3480/show
http://www.pcmag.com/article2/0,2817,2365393,00.asp
http://www.networkworld.com/columnists/2009/041309-backspin.html
http://www.engadget.com/2010/06/24/the-internet-kill-switch-and-other-lies-…
or http://tinyurl.com/2cxd7wz
Text of bill:
http://www.govtrack.us/congress/billtext.xpd?bill=s111-3480
** *** ***** ******* *********** *************
News
Dating recordings by power line fluctuations:
http://www.theregister.co.uk/2010/06/01/enf_met_police/
In at least three U.S. states, it is illegal to film an active duty
policeman:
http://www.schneier.com/blog/archives/2010/06/filming_the_pol.html
Doesn't the DHS have anything else to do than patrol the U.S./Canada border?
http://www.americanthinker.com/blog/2010/06/homeland_security_cracks_down.h…
or http://tinyurl.com/24874ay
Hot dog security:
http://www.schneier.com/blog/archives/2010/06/hot_dog_securit.html
The Atlantic on stupid terrorists:
http://www.theatlantic.com/magazine/archive/2010/05/the-case-for-calling-th…
or http://tinyurl.com/342mnth
Reminds me of my own "Portrait of the Modern Terrorist as an Idiot":
http://www.schneier.com/essay-174.html
Security risks of remote printing to an e-mail address:
http://www.schneier.com/blog/archives/2010/06/remote_printing.html
AT&T's iPad security breach:
http://www.schneier.com/blog/archives/2010/06/atts_ipad_secur.html
Cheating on tests, by the teachers:
http://www.nytimes.com/2010/06/11/education/11cheat.html
Buying an ATM skimmer:
http://krebsonsecurity.com/2010/06/atm-skimmers-separating-cruft-from-craft/
or http://tinyurl.com/2a633yv
http://krebsonsecurity.com/2010/06/sophisticated-atm-skimmer-transmits-stol…
or http://tinyurl.com/2foc85z
The New York Times Room for Debate blog did the topic: "Do We Tolerate
Too Many Traffic Deaths?"
http://roomfordebate.blogs.nytimes.com/2010/05/27/do-we-tolerate-too-many-t…
or http://tinyurl.com/337ltvq
In an article on using terahertz rays (is that different from terahertz
radar?) to detect biological agents, we find this quote: "High-tech,
low-tech, we can't afford to overlook any possibility in dealing with
mass casualty events.... You need multiple methods of detection and
response. Terrorism comes in many forms; you have to see, smell, taste
and analyze everything." He's got it completely backwards. I think we
can easily afford not to do what he's saying, and can't afford to do it.
The technology to detect traces of chemical and biological agents is
neat, though. And I am very much in favor of research along these lines.
http://www.globalsecuritynewswire.org/gsn/nw_20100614_3990.php
Popsicle machines as a security threat:
http://www.schneier.com/blog/archives/2010/06/popsicle_makers.html
Long, but interesting, profile of WikiLeaks's Julian Assange.
http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian
or http://tinyurl.com/236khrd
http://www.guardian.co.uk/media/2010/jun/21/wikileaks-founder-julian-assang…
or http://tinyurl.com/2boptpw
http://www.abc.net.au/tv/bigideas/stories/2010/06/08/2920615.htm
http://www.huffingtonpost.com/2010/06/11/daniel-ellsberg-wikileaks-assange_…
This is only peripherally related, but Bradley Manning -- an American
soldier -- has been arrested for leaking classified documents to WikiLeaks.
http://www.wired.com/threatlevel/2010/06/leak/
http://www.csmonitor.com/USA/Military/2010/0607/Soldier-arrested-in-WikiLea…
or http://tinyurl.com/33alldt
http://www.huffingtonpost.com/2010/06/07/bradley-manning-us-intell_n_602582…
or http://tinyurl.com/2w4ouw8
http://news.bbc.co.uk/2/hi/technology/10265430.stm
http://www.washingtonian.com/blogarticles/people/capitalcomment/15873.html
or http://tinyurl.com/28fvmjj
http://www.theatlanticwire.com/opinions/view/opinion/Behind-the-Arrest-of-A…
or http://tinyurl.com/2eqko6o
http://abcnews.go.com/Politics/Media/us-soldier-arrested-iraq-allegedly-lea…
or http://tinyurl.com/2fvs3rq
http://motherjones.com/mojo/2010/06/wikileaks-iraq-video-leaker-arrest
http://en.wikinews.org/wiki/US_intelligence_analyst_arrested_over_Wikileaks…
or http://tinyurl.com/29usply
The TacSat-3 "hyperspectral" spy satellite is operational.
http://www.theregister.co.uk/2010/06/11/artemis_goes_active/
Security trade-offs in crayfish:
http://www.sciencedaily.com/releases/2010/06/100615191751.htm
It's not that this surprises anyone, it's that researchers can now try
and figure out the exact brain processes that enable the crayfish to
make these decisions.
Hacker scare story: "10 Everyday Items Hackers Are Targeting Right Now."
http://www.foxnews.com/scitech/2010/06/11/everyday-items-hackers-targeting-…
or http://tinyurl.com/23afrcv
And Richard Clarke thinks hackers can set your printer on fire.
http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/
This rant about baby terrorists, from Congressman Louie Gohmert of
Texas, is about as dumb as it gets:
http://www.schneier.com/blog/archives/2010/06/baby_terrorists.html
Space terrorism? Yes, space terrorism. This article, by someone at the
European Space Policy Institute, hypes a terrorist threat I've never
seen hyped before. The author waves a bunch of scare stories around,
and then concludes that "the threat of 'Space Terrorism' is both real
and latent," then talks about countermeasures. Certainly securing our
satellites is a good idea, but this is just silly.
http://www.espi.or.at/images/stories/dokumente/Perspectives/espi%20perspect…
or http://tinyurl.com/2ae7wnk
Cryptography success story from Brazil. The moral, of course, is to
choose a strong key and to encrypt the entire drive, not just key files.
http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
Cryptography failure story: by Russian spies. "Ricci said the
steganographic program was activated by pressing control-alt-E and then
typing in a 27-character password, which the FBI found written down on a
piece of paper during one of its searches."
http://news.cnet.com/8301-13578_3-20009101-38.html
http://www.computerworld.com/s/article/9178762/Russian_spy_ring_needed_some…
or http://tinyurl.com/2bf5vsg
http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jh…
or http://tinyurl.com/34kokkh
Vigilant citizens: 1950 vs. today:
http://www.schneier.com/blog/archives/2010/07/vigilant_citize.html
Secret stash: hiding objects in everyday objects.
http://yitingcheng.webs.com/psecretstash2010.htm
Tracking location based on water isotope ratios:
http://news.sciencemag.org/sciencenow/2010/06/scienceshot-this-beer-knows-w…
or http://tinyurl.com/2bd5doo
http://pubs.acs.org/stoken/presspac/presspac/full/10.1021/jf1003539
>From the National Academies in 2009: "Technology, Policy, Law, and
Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities."
It's 390 pages.
http://books.nap.edu/openbook.php?record_id=12651&page=R1
"Don't Commit Crime": the sign is from a gas station in the U.K.
http://www.schneier.com/blog/archives/2010/07/dont_commit_cri.html
This is a really interesting philosophical essay: "Does Surveillance
Make Us Morally Better?"
http://www.philosophynow.org/issue79/79westacott.htm
Long and interesting article on the Toronto 18, a terrorist cell
arrested in 2006. Lots of stuff I had not read before.
http://www3.thestar.com/static/toronto18/index.html
The measures used to prevent cheating during college tests remind me of
casino security measures.
http://www.nytimes.com/2010/07/06/education/06cheat.html
TSA blocks access to websites with "controversial opinions." I wonder
if my blog counts.
http://www.cbsnews.com/8301-31727_162-20009642-10391695.html
The TSA reversed itself. Or, at least, they now claim that isn't what
they meant.
http://www.cbsnews.com/8301-31727_162-20009804-10391695.html
Serial killers are now terrorists. Try to keep up.
http://www.schneier.com/blog/archives/2010/07/serial_killers.html
The Chaocipher is a mechanical encryption algorithm invented in 1918. No
one was able to reverse-engineer the algorithm, given sets of plaintexts
and ciphertexts -- at least, nobody publicly. On the other hand, I don't
know how many people tried, or even knew about the algorithm. I'd never
heard of it before now. Anyway, for the first time, the algorithm has
been revealed. Of course, it's not able to stand up to computer
cryptanalysis.
http://www.ciphermysteries.com/2010/07/03/the-chaocipher-revealed
http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaocipher-Rev…
Hemingway authentication scheme from 1955, intended as humor:
http://www.schneier.com/blog/archives/2010/07/hemingway_authe.html
On an Android phone, it's easy to access someone else's voicemail by
spoofing the caller ID. This isn't new; what is new is that many people
now have easy access to caller ID spoofing. The spoofing only works for
voicemail accounts that don't have a password set up, but AT&T has no
password as the default.
http://news.slashdot.org/story/10/06/29/1840241/Hack-ATampT-Voicemail-With-…
Burglar detection through video analytics:
http://www.schneier.com/blog/archives/2010/07/burglary_detect.html
Random numbers from quantum noise. It's not that we need more ways to
get random numbers, but the research is interesting.
http://www.technologyreview.com/blog/arxiv/25355/?nlid=3170
I don't think it's a good idea to give Russian intelligence the source
code to Windows 7.
http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code…
or http://tinyurl.com/2w8moaq
** *** ***** ******* *********** *************
Third SHB Workshop
Last month I attended SHB 2010, the Third Interdisciplinary Workshop on
Security and Human Behaviour, at Cambridge University. This is a two-day
gathering of computer security researchers, psychologists, behavioral
economists, sociologists, philosophers, and others -- all of whom are
studying the human side of security -- organized by Ross Anderson,
Alessandro Acquisti, and me.
SHB 2010:
http://www.cl.cam.ac.uk/~rja14/shb10/
The program:
http://www.cl.cam.ac.uk/~rja14/shb10/schedule10.html
Ross Anderson's summaries of the talks and discussions:
http://www.lightbluetouchpaper.org/2010/06/28/security-and-human-behaviour-…
or http://tinyurl.com/2ekv6w3
The first SHB workshop:
http://www.schneier.com/blog/archives/2008/06/security_and_hu.html
The second SHB workshop:
http://www.schneier.com/blog/archives/2009/06/second_shb_work.html
** *** ***** ******* *********** *************
Schneier News
None this month. Summers are always slow.
** *** ***** ******* *********** *************
Data at Rest vs. Data in Motion
For a while now, I've pointed out that cryptography is singularly
ill-suited to solve the major network security problems of today:
denial-of-service attacks, website defacement, theft of credit card
numbers, identity theft, viruses and worms, DNS attacks, network
penetration, and so on.
Cryptography was invented to protect communications: data in motion.
This is how cryptography was used throughout most of history, and this
is how the militaries of the world developed the science. Alice was the
sender, Bob the receiver, and Eve the eavesdropper. Even when
cryptography was used to protect stored data -- data at rest -- it was
viewed as a form of communication. In "Applied Cryptography," I
described encrypting stored data in this way: "a stored message is a way
for someone to communicate with himself through time." Data storage was
just a subset of data communication.
In modern networks, the difference is much more profound. Communications
are immediate and instantaneous. Encryption keys can be ephemeral, and
systems like the STU-III telephone can be designed such that encryption
keys are created at the beginning of a call and destroyed as soon as the
call is completed. Data storage, on the other hand, occurs over time.
Any encryption keys must exist as long as the encrypted data exists. And
storing those keys becomes as important as storing the unencrypted data
was. In a way, encryption doesn't reduce the number of secrets that must
be stored securely; it just makes them much smaller.
Historically, the reason key management worked for stored data was that
the key could be stored in a secure location: the human brain. People
would remember keys and, barring physical and emotional attacks on the
people themselves, would not divulge them. In a sense, the keys were
stored in a "computer" that was not attached to any network. And there
they were safe.
This whole model falls apart on the Internet. Much of the data stored on
the Internet is only peripherally intended for use by people; it's
primarily intended for use by other computers. And therein lies the
problem. Keys can no longer be stored in people's brains. They need to
be stored on the same computer, or at least the network, that the data
resides on. And that is much riskier.
Let's take a concrete example: credit card databases associated with
websites. Those databases are not encrypted because it doesn't make any
sense. The whole point of storing credit card numbers on a website is so
it's accessible -- so each time I buy something, I don't have to type it
in again. The website needs to dynamically query the database and
retrieve the numbers, millions of times a day. If the database were
encrypted, the website would need the key. But if the key were on the
same network as the data, what would be the point of encrypting it?
Access to the website equals access to the database in either case.
Security is achieved by good access control on the website and database,
not by encrypting the data.
The same reasoning holds true elsewhere on the Internet as well. Much of
the Internet's infrastructure happens automatically, without human
intervention. This means that any encryption keys need to reside in
software on the network, making them vulnerable to attack. In many
cases, the databases are queried so often that they are simply left in
plaintext, because doing otherwise would cause significant performance
degradation. Real security in these contexts comes from traditional
computer security techniques, not from cryptography.
Cryptography has inherent mathematical properties that greatly favor the
defender. Adding a single bit to the length of a key adds only a slight
amount of work for the defender, but doubles the amount of work the
attacker has to do. Doubling the key length doubles the amount of work
the defender has to do (if that -- I'm being approximate here), but
increases the attacker's workload exponentially. For many years, we have
exploited that mathematical imbalance.
Computer security is much more balanced. There'll be a new attack, and a
new defense, and a new attack, and a new defense. It's an arms race
between attacker and defender. And it's a very fast arms race. New
vulnerabilities are discovered all the time. The balance can tip from
defender to attacker overnight, and back again the night after. Computer
security defenses are inherently very fragile.
Unfortunately, this is the model we're stuck with. No matter how good
the cryptography is, there is some other way to break into the system.
Recall how the FBI read the PGP-encrypted email of a suspected Mafia
boss several years ago. They didn't try to break PGP; they simply
installed a keyboard sniffer on the target's computer. Notice that SSL-
and TLS-encrypted web communications are increasingly irrelevant in
protecting credit card numbers; criminals prefer to steal them by the
hundreds of thousands from back-end databases.
On the Internet, communications security is much less important than the
security of the endpoints. And increasingly, we can't rely on
cryptography to solve our security problems.
This essay originally appeared on DarkReading. I wrote it in 2006, but
lost it on my computer for four years. I hate it when that happens.
http://www.darkreading.com/blog/archives/2010/06/data_at_rest_vs.html
As several readers have pointed out, I overstated my case when I said
that encrypting credit card databases, or any database in constant use,
is useless. In fact, there is value in encrypting those databases,
especially if the encryption appliance is separate from the database
server. In this case, the attacker has to steal both the encryption key
and the database. That's a harder hacking problem, and this is why
credit card database encryption is mandated within the PCI security
standard. Given how good encryption performance is these days, it's a
smart idea. But while encryption makes it harder to steal the data, it
is only harder in a computer security sense, not in a cryptography sense."
** *** ***** ******* *********** *************
Reading Me
The number of different ways to read my essays, commentaries, and links
has grown recently. Here's the rundown:
You can read my writings daily on my blog.
http://www.schneier.com/
These are reprinted on my Facebook page.
http://www.facebook.com/bruce.schneier
They are also reprinted on my LiveJournal feed.
http://syndicated.livejournal.com/bruce_schneier/
You can follow them on Twitter.
http://twitter.com/schneierblog/
You can subscribe to the RSS feed:
http://www.schneier.com/blog/index.rdf
Or you can subscribe to the alternative RSS feed, if you prefer excerpts
instead of full text:
http://www.schneier.com/blog/index.xml
Finally, you can read the same writing aggregated once a month and
e-mailed directly to you: Crypto-Gram.
http://www.schneier.com/crypto-gram.html
I think that about covers it for useful distribution formats right now.
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing
summaries, analyses, insights, and commentaries on security: computer
and otherwise. You can subscribe, unsubscribe, or change your address
on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues
are also available at that URL.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to
colleagues and friends who will find it valuable. Permission is also
granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the
best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies,"
and "Applied Cryptography," and an inventor of the Blowfish, Twofish,
Threefish, Helix, Phelix, and Skein algorithms. He is the Chief
Security Technology Officer of BT BCSG, and is on the Board of Directors
of the Electronic Privacy Information Center (EPIC). He is a frequent
writer and lecturer on security topics. See <http://www.schneier.com>.
Crypto-Gram is a personal newsletter. Opinions expressed are not
necessarily those of BT.
Copyright (c) 2010 by Bruce Schneier.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0
CRYPTO-GRAM
July 15, 2010
by Bruce Schneier
Chief Security Technology Officer, BT
schneier(a)schneier.com
http://www.schneier.com
A free monthly newsletter providing summaries, analyses, insights, and
commentaries on security: computer and otherwise.
For back issues, or to subscribe, visit
<http://www.schneier.com/crypto-gram.html>.
You can read this issue on the web at
<http://www.schneier.com/crypto-gram-1007.html>. These same essays and
news items appear in the "Schneier on Security" blog at
<http://www.schneier.com/blog>, along with a lively comment section. An
RSS feed is available.
** *** ***** ******* *********** *************
In this issue:
The Threat of Cyberwar Has Been Grossly Exaggerated
Internet Kill Switch
News
Third SHB Workshop
Schneier News
Data at Rest vs. Data in Motion
Reading Me
** *** ***** ******* *********** *************
The Threat of Cyberwar Has Been Grossly Exaggerated
There's a power struggle going on in the U.S. government right now.
It's about who is in charge of cyber security, and how much control the
government will exert over civilian networks. And by beating the drums
of war, the military is coming out on top.
"The United States is fighting a cyberwar today, and we are losing,"
said former NSA director -- and current cyberwar contractor -- Mike
McConnell. "Cyber 9/11 has happened over the last ten years, but it
happened slowly so we don't see it," said former National Cyber Security
Division director Amit Yoran. Richard Clarke, whom Yoran replaced, wrote
an entire book hyping the threat of cyberwar.
General Keith Alexander, the current commander of the U.S. Cyber
Command, hypes it every chance he gets. This isn't just rhetoric of a
few over-eager government officials and headline writers; the entire
national debate on cyberwar is plagued with exaggerations and hyperbole.
Googling those names and terms -- as well as "cyber Pearl Harbor,"
"cyber Katrina," and even "cyber Armageddon" -- gives some idea how
pervasive these memes are. Prefix "cyber" to something scary, and you
end up with something really scary.
Cyberspace has all sorts of threats, day in and day out. Cybercrime is
by far the largest: fraud, through identity theft and other means,
extortion, and so on. Cyber-espionage is another, both government- and
corporate-sponsored. Traditional hacking, without a profit motive, is
still a threat. So is cyber-activism: people, most often kids, playing
politics by attacking government and corporate websites and networks.
These threats cover a wide variety of perpetrators, motivations,
tactics, and goals. You can see this variety in what the media has
mislabeled as "cyberwar." The attacks against Estonian websites in 2007
were simple hacking attacks by ethnic Russians angry at anti-Russian
policies; these were denial-of-service attacks, a normal risk in
cyberspace and hardly unprecedented.
A real-world comparison might be if an army invaded a country, then all
got in line in front of people at the DMV so they couldn't renew their
licenses. If that's what war looks like in the 21st century, we have
little to fear.
Similar attacks against Georgia, which accompanied an actual Russian
invasion, were also probably the responsibility of citizen activists or
organized crime. A series of power blackouts in Brazil was caused by
criminal extortionists -- or was it sooty insulators? China is engaging
in espionage, not war, in cyberspace. And so on.
One problem is that there's no clear definition of "cyberwar." What does
it look like? How does it start? When is it over? Even cybersecurity
experts don't know the answers to these questions, and it's dangerous to
broadly apply the term "war" unless we know a war is going on.
Yet recent news articles have claimed that China declared cyberwar on
Google, that Germany attacked China, and that a group of young hackers
declared cyberwar on Australia. (Yes, cyberwar is so easy that even kids
can do it.) Clearly we're not talking about real war here, but a
rhetorical war: like the war on terror.
We have a variety of institutions that can defend us when attacked: the
police, the military, the Department of Homeland Security, various
commercial products and services, and our own personal or corporate
lawyers. The legal framework for any particular attack depends on two
things: the attacker and the motive. Those are precisely the two things
you don't know when you're being attacked on the Internet. We saw this
on July 4 last year, when U.S. and South Korean websites were attacked
by unknown perpetrators from North Korea -- or perhaps England. Or was
it Florida?
We surely need to improve our cybersecurity. But words have meaning, and
metaphors matter. There's a power struggle going on for control of our
nation's cybersecurity strategy, and the NSA and DoD are winning. If we
frame the debate in terms of war, if we accept the military's expansive
cyberspace definition of "war," we feed our fears.
We reinforce the notion that we're helpless -- what person or
organization can defend itself in a war? -- and others need to protect
us. We invite the military to take over security, and to ignore the
limits on power that often get jettisoned during wartime.
If, on the other hand, we use the more measured language of cybercrime,
we change the debate. Crime fighting requires both resolve and
resources, but it's done within the context of normal life. We willingly
give our police extraordinary powers of investigation and arrest, but we
temper these powers with a judicial system and legal protections for
citizens.
We need to be prepared for war, and a Cyber Command is just as vital as
an Army or a Strategic Air Command. And because kid hackers and
cyber-warriors use the same tactics, the defenses we build against crime
and espionage will also protect us from more concerted attacks. But
we're not fighting a cyberwar now, and the risks of a cyberwar are no
greater than the risks of a ground invasion. We need peacetime
cyber-security, administered within the myriad structure of public and
private security institutions we already have.
This essay previously appeared on CNN.com.
http://www.cnn.com/2010/OPINION/07/07/schneier.cyberwar.hyped/
Hyperbole:
http://www.washingtonpost.com/wp-dyn/content/article/2010/02/25/AR201002250…
or http://tinyurl.com/yecwrzv
http://www.wired.com/threatlevel/2009/06/cyberthreat/
http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/
http://www.wired.com/dangerroom/2010/04/pentagon-networks-targeted-by-hundr…
or http://tinyurl.com/y6zw5sl
http://www.computerworld.com/s/article/9174682/Senators_ramp_up_cyberwar_rh…
or http://tinyurl.com/yfat7kl
http://www.wired.com/dangerroom/2010/04/top-officer-fears-cyberwar-hearts-k…
or http://tinyurl.com/y54ufmz
http://www.salon.com/news/opinion/glenn_greenwald/2010/03/29/mcconnell
http://www.guardian.co.uk/technology/2010/mar/04/internet-hi-tech-crime
or http://tinyurl.com/ya4wryz
http://www.wired.com/threatlevel/2008/01/feds-must-exami/
http://www.businessweek.com/the_thread/techbeat/archives/2009/02/fearing_cy…
or http://tinyurl.com/26feftb
http://www.wired.com/threatlevel/2009/04/conficker-war-r/
http://www.computerworld.com/s/article/9173967/Cyberattacks_an_existential_…
or http://tinyurl.com/yd3z5a9
http://thehill.com/opinion/op-ed/70319-no-line-between-cyber-crime-and-cybe…
or http://tinyurl.com/yka5cuk
http://techcrunch.com/2007/10/18/cyberwar-china-declares-war-on-western-sea…
or http://tinyurl.com/39dht45
http://news.softpedia.com/news/Germany-Attacks-China-For-Starting-The-Cyber…
or http://tinyurl.com/2fgdhbz
http://www.independent.co.uk/news/world/australasia/operation-titstorm-hack…
or http://tinyurl.com/yk458ro
http://www.schneier.com/essay-280.html
http://www.wired.com/dangerroom/2010/05/cyber-command-we-dont-wanna-defend-…
or http://tinyurl.com/38gzkz5
Cyberattacks:
http://www.wired.com/threatlevel/2007/08/cyber-war-and-e/
http://www.csoonline.com/article/443579/georgia-cyber-attacks-from-russian-…
or http://tinyurl.com/2enpbrm
http://www.csoonline.com/article/499778/georgia-cyberattacks-linked-to-russ…
or http://tinyurl.com/2c4t8cp
http://www.cbsnews.com/stories/2009/11/06/60minutes/main5555565.shtml
http://www.wired.com/threatlevel/2009/11/brazil_blackout/
http://www.schneier.com/essay-227.html
Good article:
http://www.economist.com/node/16481504?story_id=16481504
Earlier this month, I participated in a debate: "The Cyberwar Threat has
been Grossly Exaggerated." Marc Rotenberg of EPIC and I were for the
motion; Mike McConnell and Jonathan Zittrain were against. We lost.
We lost fair and square, for a bunch of reasons -- we didn't present our
case very well, Jonathan Zittrain is a way better debater than we were
-- but basically the vote came down to the definition of "cyberwar." If
you believed in an expansive definition of cyberwar, one that
encompassed a lot more types of attacks than traditional war, then you
voted against the motion. If you believed in a limited definition of
cyberwar, one that is a subset of traditional war, then you voted for it.
http://intelligencesquaredus.org/index.php/past-debates/cyber-war-threat-ha…
or http://tinyurl.com/2fapxhf
http://intelligencesquaredus.org/wp-content/uploads/Cyber-War-060810.pdf
or http://tinyurl.com/23hoxly
http://www.vimeo.com/12464156
http://finance.yahoo.com/news/The-Threat-of-Cyber-War-is-bw-2992953718.html…
or http://tinyurl.com/295ofod
http://www.npr.org/templates/story/story.php?storyId=127861446
http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/
or http://tinyurl.com/2cqwnch
http://www.businesswire.ca/portal/site/ca-fr/permalink/?ndmViewId=news_view…
or http://tinyurl.com/233u6uz
http://jldugger.livejournal.com/38537.html
http://www.darkreading.com/security/vulnerabilities/showArticle.jhtml?artic…
or http://tinyurl.com/26p5ezm
http://www.theatlantic.com/science/archive/2010/06/the-cyber-war-threat-deb…
or http://tinyurl.com/2cxmpmh
Last month the Senate Homeland Security Committee held hearings on
"Protecting Cyberspace as a National Asset: Comprehensive Legislation
for the 21st Century." Unfortunately, the DHS is getting hammered at
these hearings, and the NSA is consolidating its power.
http://hsgac.senate.gov/public/index.cfm?FuseAction=Hearings.Hearing&Hearin…
or http://tinyurl.com/2c7hqxs
North Korea was probably not responsible for last year's cyberattacks.
Good thing we didn't retaliate.
http://www.networkworld.com/news/2010/070610-north-korea-not-responsible-fo…
or http://tinyurl.com/279sx59
http://www.scmagazineus.com/cyber-retaliation-debate-is-north-korea-guilty-…
or http://tinyurl.com/2cxfbwk
** *** ***** ******* *********** *************
Internet Kill Switch
Last month, Sen. Joe Lieberman, I-Conn., introduced a bill that might --
we're not really sure -- give the president the authority to shut down
all or portions of the Internet in the event of an emergency. It's not a
new idea. Sens. Jay Rockefeller, D-W.Va., and Olympia Snowe, R-Maine,
proposed the same thing last year, and some argue that the president can
already do something like this. If this or a similar bill ever passes,
the details will change considerably and repeatedly. So let's talk about
the idea of an Internet kill switch in general.
It's a bad one.
Security is always a trade-off: costs versus benefits. So the first
question to ask is: What are the benefits? There is only one possible
use of this sort of capability, and that is in the face of a
warfare-caliber enemy attack. It's the primary reason lawmakers are
considering giving the president a kill switch. They know that shutting
off the Internet, or even isolating the U.S. from the rest of the world,
would cause damage, but they envision a scenario where not doing so
would cause even more.
That reasoning is based on several flawed assumptions.
The first flawed assumption is that cyberspace has traditional borders,
and we could somehow isolate ourselves from the rest of the world using
an electronic Maginot Line. We can't.
Yes, we can cut off almost all international connectivity, but there are
lots of ways to get out onto the Internet: satellite phones, obscure
ISPs in Canada and Mexico, long-distance phone calls to Asia.
The Internet is the largest communications system mankind has ever
created, and it works because it is distributed. There is no central
authority. No nation is in charge. Plugging all the holes isn't possible.
Even if the president ordered all U.S. Internet companies to block, say,
all packets coming from China, or restrict non-military communications,
or just shut down access in the greater New York area, it wouldn't work.
You can't figure out what packets do just by looking at them; if you
could, defending against worms and viruses would be much easier.
And packets that come with return addresses are easy to spoof. Remember
the cyberattack July 4, 2009, that probably came from North Korea, but
might have come from England, or maybe Florida? On the Internet,
disguising traffic is easy. And foreign cyberattackers could always have
dial-up accounts via U.S. phone numbers and make long-distance calls to
do their misdeeds.
The second flawed assumption is that we can predict the effects of such
a shutdown. The Internet is the most complex machine mankind has ever
built, and shutting down portions of it would have all sorts of
unforeseen ancillary effects.
Would ATMs work? What about the stock exchanges? Which emergency
services would fail? Would trucks and trains be able to route their
cargo? Would airlines be able to route their passengers? How much of the
military's logistical system would fail?
That's to say nothing of the variety of corporations that rely on the
Internet to function, let alone the millions of Americans who would need
to use it to communicate with their loved ones in a time of crisis.
Even worse, these effects would spill over internationally. The Internet
is international in complex and surprising ways, and it would be
impossible to ensure that the effects of a shutdown stayed domestic and
didn't cause similar disasters in countries we're friendly with.
The third flawed assumption is that we could build this capability
securely. We can't.
Once we engineered a selective shutdown switch into the Internet, and
implemented a way to do what Internet engineers have spent decades
making sure never happens, we would have created an enormous security
vulnerability. We would make the job of any would-be terrorist intent on
bringing down the Internet much easier.
Computer and network security is hard, and every Internet system we've
ever created has security vulnerabilities. It would be folly to think
this one wouldn't as well. And given how unlikely the risk is, any
actual shutdown would be far more likely to be a result of an
unfortunate error or a malicious hacker than of a presidential order.
But the main problem with an Internet kill switch is that it's too
coarse a hammer.
Yes, the bad guys use the Internet to communicate, and they can use it
to attack us. But the good guys use it, too, and the good guys far
outnumber the bad guys.
Shutting the Internet down, either the whole thing or just a part of it,
even in the face of a foreign military attack would do far more damage
than it could possibly prevent. And it would hurt others whom we don't
want to hurt.
For years we've been bombarded with scare stories about terrorists
wanting to shut the Internet down. They're mostly fairy tales, but
they're scary precisely because the Internet is so critical to so many
things.
Why would we want to terrorize our own population by doing exactly what
we don't want anyone else to do? And a national emergency is precisely
the worst time to do it.
Just implementing the capability would be very expensive; I would rather
see that money going toward securing our nation's critical
infrastructure from attack.
Defending his proposal, Sen. Lieberman pointed out that China has this
capability. It's debatable whether or not it actually does, but it's
actively pursuing the capability because the country cares less about
its citizens.
Here in the U.S., it is both wrong and dangerous to give the president
the power and ability to commit Internet suicide and terrorize Americans
in this way.
This essay was originally published on AOL.com News.
http://www.aolnews.com/opinion/article/opinion-3-reasons-to-kill-the-intern…
or http://tinyurl.com/249mora
http://www.opencongress.org/bill/111-s3480/show
http://www.pcmag.com/article2/0,2817,2365393,00.asp
http://www.networkworld.com/columnists/2009/041309-backspin.html
http://www.engadget.com/2010/06/24/the-internet-kill-switch-and-other-lies-…
or http://tinyurl.com/2cxd7wz
Text of bill:
http://www.govtrack.us/congress/billtext.xpd?bill=s111-3480
** *** ***** ******* *********** *************
News
Dating recordings by power line fluctuations:
http://www.theregister.co.uk/2010/06/01/enf_met_police/
In at least three U.S. states, it is illegal to film an active duty
policeman:
http://www.schneier.com/blog/archives/2010/06/filming_the_pol.html
Doesn't the DHS have anything else to do than patrol the U.S./Canada border?
http://www.americanthinker.com/blog/2010/06/homeland_security_cracks_down.h…
or http://tinyurl.com/24874ay
Hot dog security:
http://www.schneier.com/blog/archives/2010/06/hot_dog_securit.html
The Atlantic on stupid terrorists:
http://www.theatlantic.com/magazine/archive/2010/05/the-case-for-calling-th…
or http://tinyurl.com/342mnth
Reminds me of my own "Portrait of the Modern Terrorist as an Idiot":
http://www.schneier.com/essay-174.html
Security risks of remote printing to an e-mail address:
http://www.schneier.com/blog/archives/2010/06/remote_printing.html
AT&T's iPad security breach:
http://www.schneier.com/blog/archives/2010/06/atts_ipad_secur.html
Cheating on tests, by the teachers:
http://www.nytimes.com/2010/06/11/education/11cheat.html
Buying an ATM skimmer:
http://krebsonsecurity.com/2010/06/atm-skimmers-separating-cruft-from-craft/
or http://tinyurl.com/2a633yv
http://krebsonsecurity.com/2010/06/sophisticated-atm-skimmer-transmits-stol…
or http://tinyurl.com/2foc85z
The New York Times Room for Debate blog did the topic: "Do We Tolerate
Too Many Traffic Deaths?"
http://roomfordebate.blogs.nytimes.com/2010/05/27/do-we-tolerate-too-many-t…
or http://tinyurl.com/337ltvq
In an article on using terahertz rays (is that different from terahertz
radar?) to detect biological agents, we find this quote: "High-tech,
low-tech, we can't afford to overlook any possibility in dealing with
mass casualty events.... You need multiple methods of detection and
response. Terrorism comes in many forms; you have to see, smell, taste
and analyze everything." He's got it completely backwards. I think we
can easily afford not to do what he's saying, and can't afford to do it.
The technology to detect traces of chemical and biological agents is
neat, though. And I am very much in favor of research along these lines.
http://www.globalsecuritynewswire.org/gsn/nw_20100614_3990.php
Popsicle machines as a security threat:
http://www.schneier.com/blog/archives/2010/06/popsicle_makers.html
Long, but interesting, profile of WikiLeaks's Julian Assange.
http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian
or http://tinyurl.com/236khrd
http://www.guardian.co.uk/media/2010/jun/21/wikileaks-founder-julian-assang…
or http://tinyurl.com/2boptpw
http://www.abc.net.au/tv/bigideas/stories/2010/06/08/2920615.htm
http://www.huffingtonpost.com/2010/06/11/daniel-ellsberg-wikileaks-assange_…
This is only peripherally related, but Bradley Manning -- an American
soldier -- has been arrested for leaking classified documents to WikiLeaks.
http://www.wired.com/threatlevel/2010/06/leak/
http://www.csmonitor.com/USA/Military/2010/0607/Soldier-arrested-in-WikiLea…
or http://tinyurl.com/33alldt
http://www.huffingtonpost.com/2010/06/07/bradley-manning-us-intell_n_602582…
or http://tinyurl.com/2w4ouw8
http://news.bbc.co.uk/2/hi/technology/10265430.stm
http://www.washingtonian.com/blogarticles/people/capitalcomment/15873.html
or http://tinyurl.com/28fvmjj
http://www.theatlanticwire.com/opinions/view/opinion/Behind-the-Arrest-of-A…
or http://tinyurl.com/2eqko6o
http://abcnews.go.com/Politics/Media/us-soldier-arrested-iraq-allegedly-lea…
or http://tinyurl.com/2fvs3rq
http://motherjones.com/mojo/2010/06/wikileaks-iraq-video-leaker-arrest
http://en.wikinews.org/wiki/US_intelligence_analyst_arrested_over_Wikileaks…
or http://tinyurl.com/29usply
The TacSat-3 "hyperspectral" spy satellite is operational.
http://www.theregister.co.uk/2010/06/11/artemis_goes_active/
Security trade-offs in crayfish:
http://www.sciencedaily.com/releases/2010/06/100615191751.htm
It's not that this surprises anyone, it's that researchers can now try
and figure out the exact brain processes that enable the crayfish to
make these decisions.
Hacker scare story: "10 Everyday Items Hackers Are Targeting Right Now."
http://www.foxnews.com/scitech/2010/06/11/everyday-items-hackers-targeting-…
or http://tinyurl.com/23afrcv
And Richard Clarke thinks hackers can set your printer on fire.
http://www.amazon.com/exec/obidos/ASIN/0061962236/counterpane/
This rant about baby terrorists, from Congressman Louie Gohmert of
Texas, is about as dumb as it gets:
http://www.schneier.com/blog/archives/2010/06/baby_terrorists.html
Space terrorism? Yes, space terrorism. This article, by someone at the
European Space Policy Institute, hypes a terrorist threat I've never
seen hyped before. The author waves a bunch of scare stories around,
and then concludes that "the threat of 'Space Terrorism' is both real
and latent," then talks about countermeasures. Certainly securing our
satellites is a good idea, but this is just silly.
http://www.espi.or.at/images/stories/dokumente/Perspectives/espi%20perspect…
or http://tinyurl.com/2ae7wnk
Cryptography success story from Brazil. The moral, of course, is to
choose a strong key and to encrypt the entire drive, not just key files.
http://www.theregister.co.uk/2010/06/28/brazil_banker_crypto_lock_out/
Cryptography failure story: by Russian spies. "Ricci said the
steganographic program was activated by pressing control-alt-E and then
typing in a 27-character password, which the FBI found written down on a
piece of paper during one of its searches."
http://news.cnet.com/8301-13578_3-20009101-38.html
http://www.computerworld.com/s/article/9178762/Russian_spy_ring_needed_some…
or http://tinyurl.com/2bf5vsg
http://www.darkreading.com/insiderthreat/security/encryption/showArticle.jh…
or http://tinyurl.com/34kokkh
Vigilant citizens: 1950 vs. today:
http://www.schneier.com/blog/archives/2010/07/vigilant_citize.html
Secret stash: hiding objects in everyday objects.
http://yitingcheng.webs.com/psecretstash2010.htm
Tracking location based on water isotope ratios:
http://news.sciencemag.org/sciencenow/2010/06/scienceshot-this-beer-knows-w…
or http://tinyurl.com/2bd5doo
http://pubs.acs.org/stoken/presspac/presspac/full/10.1021/jf1003539
>From the National Academies in 2009: "Technology, Policy, Law, and
Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities."
It's 390 pages.
http://books.nap.edu/openbook.php?record_id=12651&page=R1
"Don't Commit Crime": the sign is from a gas station in the U.K.
http://www.schneier.com/blog/archives/2010/07/dont_commit_cri.html
This is a really interesting philosophical essay: "Does Surveillance
Make Us Morally Better?"
http://www.philosophynow.org/issue79/79westacott.htm
Long and interesting article on the Toronto 18, a terrorist cell
arrested in 2006. Lots of stuff I had not read before.
http://www3.thestar.com/static/toronto18/index.html
The measures used to prevent cheating during college tests remind me of
casino security measures.
http://www.nytimes.com/2010/07/06/education/06cheat.html
TSA blocks access to websites with "controversial opinions." I wonder
if my blog counts.
http://www.cbsnews.com/8301-31727_162-20009642-10391695.html
The TSA reversed itself. Or, at least, they now claim that isn't what
they meant.
http://www.cbsnews.com/8301-31727_162-20009804-10391695.html
Serial killers are now terrorists. Try to keep up.
http://www.schneier.com/blog/archives/2010/07/serial_killers.html
The Chaocipher is a mechanical encryption algorithm invented in 1918. No
one was able to reverse-engineer the algorithm, given sets of plaintexts
and ciphertexts -- at least, nobody publicly. On the other hand, I don't
know how many people tried, or even knew about the algorithm. I'd never
heard of it before now. Anyway, for the first time, the algorithm has
been revealed. Of course, it's not able to stand up to computer
cryptanalysis.
http://www.ciphermysteries.com/2010/07/03/the-chaocipher-revealed
http://www.mountainvistasoft.com/chaocipher/ActualChaocipher/Chaocipher-Rev…
Hemingway authentication scheme from 1955, intended as humor:
http://www.schneier.com/blog/archives/2010/07/hemingway_authe.html
On an Android phone, it's easy to access someone else's voicemail by
spoofing the caller ID. This isn't new; what is new is that many people
now have easy access to caller ID spoofing. The spoofing only works for
voicemail accounts that don't have a password set up, but AT&T has no
password as the default.
http://news.slashdot.org/story/10/06/29/1840241/Hack-ATampT-Voicemail-With-…
Burglar detection through video analytics:
http://www.schneier.com/blog/archives/2010/07/burglary_detect.html
Random numbers from quantum noise. It's not that we need more ways to
get random numbers, but the research is interesting.
http://www.technologyreview.com/blog/arxiv/25355/?nlid=3170
I don't think it's a good idea to give Russian intelligence the source
code to Windows 7.
http://www.zdnet.co.uk/news/security/2010/07/08/microsoft-opens-source-code…
or http://tinyurl.com/2w8moaq
** *** ***** ******* *********** *************
Third SHB Workshop
Last month I attended SHB 2010, the Third Interdisciplinary Workshop on
Security and Human Behaviour, at Cambridge University. This is a two-day
gathering of computer security researchers, psychologists, behavioral
economists, sociologists, philosophers, and others -- all of whom are
studying the human side of security -- organized by Ross Anderson,
Alessandro Acquisti, and me.
SHB 2010:
http://www.cl.cam.ac.uk/~rja14/shb10/
The program:
http://www.cl.cam.ac.uk/~rja14/shb10/schedule10.html
Ross Anderson's summaries of the talks and discussions:
http://www.lightbluetouchpaper.org/2010/06/28/security-and-human-behaviour-…
or http://tinyurl.com/2ekv6w3
The first SHB workshop:
http://www.schneier.com/blog/archives/2008/06/security_and_hu.html
The second SHB workshop:
http://www.schneier.com/blog/archives/2009/06/second_shb_work.html
** *** ***** ******* *********** *************
Schneier News
None this month. Summers are always slow.
** *** ***** ******* *********** *************
Data at Rest vs. Data in Motion
For a while now, I've pointed out that cryptography is singularly
ill-suited to solve the major network security problems of today:
denial-of-service attacks, website defacement, theft of credit card
numbers, identity theft, viruses and worms, DNS attacks, network
penetration, and so on.
Cryptography was invented to protect communications: data in motion.
This is how cryptography was used throughout most of history, and this
is how the militaries of the world developed the science. Alice was the
sender, Bob the receiver, and Eve the eavesdropper. Even when
cryptography was used to protect stored data -- data at rest -- it was
viewed as a form of communication. In "Applied Cryptography," I
described encrypting stored data in this way: "a stored message is a way
for someone to communicate with himself through time." Data storage was
just a subset of data communication.
In modern networks, the difference is much more profound. Communications
are immediate and instantaneous. Encryption keys can be ephemeral, and
systems like the STU-III telephone can be designed such that encryption
keys are created at the beginning of a call and destroyed as soon as the
call is completed. Data storage, on the other hand, occurs over time.
Any encryption keys must exist as long as the encrypted data exists. And
storing those keys becomes as important as storing the unencrypted data
was. In a way, encryption doesn't reduce the number of secrets that must
be stored securely; it just makes them much smaller.
Historically, the reason key management worked for stored data was that
the key could be stored in a secure location: the human brain. People
would remember keys and, barring physical and emotional attacks on the
people themselves, would not divulge them. In a sense, the keys were
stored in a "computer" that was not attached to any network. And there
they were safe.
This whole model falls apart on the Internet. Much of the data stored on
the Internet is only peripherally intended for use by people; it's
primarily intended for use by other computers. And therein lies the
problem. Keys can no longer be stored in people's brains. They need to
be stored on the same computer, or at least the network, that the data
resides on. And that is much riskier.
Let's take a concrete example: credit card databases associated with
websites. Those databases are not encrypted because it doesn't make any
sense. The whole point of storing credit card numbers on a website is so
it's accessible -- so each time I buy something, I don't have to type it
in again. The website needs to dynamically query the database and
retrieve the numbers, millions of times a day. If the database were
encrypted, the website would need the key. But if the key were on the
same network as the data, what would be the point of encrypting it?
Access to the website equals access to the database in either case.
Security is achieved by good access control on the website and database,
not by encrypting the data.
The same reasoning holds true elsewhere on the Internet as well. Much of
the Internet's infrastructure happens automatically, without human
intervention. This means that any encryption keys need to reside in
software on the network, making them vulnerable to attack. In many
cases, the databases are queried so often that they are simply left in
plaintext, because doing otherwise would cause significant performance
degradation. Real security in these contexts comes from traditional
computer security techniques, not from cryptography.
Cryptography has inherent mathematical properties that greatly favor the
defender. Adding a single bit to the length of a key adds only a slight
amount of work for the defender, but doubles the amount of work the
attacker has to do. Doubling the key length doubles the amount of work
the defender has to do (if that -- I'm being approximate here), but
increases the attacker's workload exponentially. For many years, we have
exploited that mathematical imbalance.
Computer security is much more balanced. There'll be a new attack, and a
new defense, and a new attack, and a new defense. It's an arms race
between attacker and defender. And it's a very fast arms race. New
vulnerabilities are discovered all the time. The balance can tip from
defender to attacker overnight, and back again the night after. Computer
security defenses are inherently very fragile.
Unfortunately, this is the model we're stuck with. No matter how good
the cryptography is, there is some other way to break into the system.
Recall how the FBI read the PGP-encrypted email of a suspected Mafia
boss several years ago. They didn't try to break PGP; they simply
installed a keyboard sniffer on the target's computer. Notice that SSL-
and TLS-encrypted web communications are increasingly irrelevant in
protecting credit card numbers; criminals prefer to steal them by the
hundreds of thousands from back-end databases.
On the Internet, communications security is much less important than the
security of the endpoints. And increasingly, we can't rely on
cryptography to solve our security problems.
This essay originally appeared on DarkReading. I wrote it in 2006, but
lost it on my computer for four years. I hate it when that happens.
http://www.darkreading.com/blog/archives/2010/06/data_at_rest_vs.html
As several readers have pointed out, I overstated my case when I said
that encrypting credit card databases, or any database in constant use,
is useless. In fact, there is value in encrypting those databases,
especially if the encryption appliance is separate from the database
server. In this case, the attacker has to steal both the encryption key
and the database. That's a harder hacking problem, and this is why
credit card database encryption is mandated within the PCI security
standard. Given how good encryption performance is these days, it's a
smart idea. But while encryption makes it harder to steal the data, it
is only harder in a computer security sense, not in a cryptography sense."
** *** ***** ******* *********** *************
Reading Me
The number of different ways to read my essays, commentaries, and links
has grown recently. Here's the rundown:
You can read my writings daily on my blog.
http://www.schneier.com/
These are reprinted on my Facebook page.
http://www.facebook.com/bruce.schneier
They are also reprinted on my LiveJournal feed.
http://syndicated.livejournal.com/bruce_schneier/
You can follow them on Twitter.
http://twitter.com/schneierblog/
You can subscribe to the RSS feed:
http://www.schneier.com/blog/index.rdf
Or you can subscribe to the alternative RSS feed, if you prefer excerpts
instead of full text:
http://www.schneier.com/blog/index.xml
Finally, you can read the same writing aggregated once a month and
e-mailed directly to you: Crypto-Gram.
http://www.schneier.com/crypto-gram.html
I think that about covers it for useful distribution formats right now.
** *** ***** ******* *********** *************
Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing
summaries, analyses, insights, and commentaries on security: computer
and otherwise. You can subscribe, unsubscribe, or change your address
on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues
are also available at that URL.
Please feel free to forward CRYPTO-GRAM, in whole or in part, to
colleagues and friends who will find it valuable. Permission is also
granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.
CRYPTO-GRAM is written by Bruce Schneier. Schneier is the author of the
best sellers "Schneier on Security," "Beyond Fear," "Secrets and Lies,"
and "Applied Cryptography," and an inventor of the Blowfish, Twofish,
Threefish, Helix, Phelix, and Skein algorithms. He is the Chief
Security Technology Officer of BT BCSG, and is on the Board of Directors
of the Electronic Privacy Information Center (EPIC). He is a frequent
writer and lecturer on security topics. See <http://www.schneier.com>.
Crypto-Gram is a personal newsletter. Opinions expressed are not
necessarily those of BT.
Copyright (c) 2010 by Bruce Schneier.
----- End forwarded message -----
--
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE
1
0