Inferring the NSA's MO from a short clip of Joel Brenner on BBC

dan at geer.org dan at geer.org
Fri Feb 14 10:37:24 PST 2014


Jen, I don't see anyone answering, so I will try a bit with the
disclaimer, if one need be given, that Joel Brenner is a friend of
mine.  His book, _America the Vulnerable_ is worth reading, and his
blog entry on the subject you are raising, an entry crossposted on
Lawfare, is germane to this discussion.  See
  http://joelbrenner.com/n-s-a-not-so-secret-anymore/

If I may synthesize from the material you posted, in the digital
world we are growing the attack surface faster than we can grow our
defensive capacity.  That being the fundamental dynamic, there are,
as both you and Joel imply, a set of choices that might be properly
called Hobbesian.  Hobbes himself argued that "the only way to
secure civil society is through universal submission to the absolute
authority of a sovereign."  What Hobbes could not envision is a
sovereign that was a machine.

I'm on the record in proposing to deliver a shock to the entire
system of software vendors by using the Treasury of the United
States to simply corner the world market in vulnerabilities and
exploits and to concommitantly release them to the public -- the
moral equivalent of administering an unproven chemotherapy for an
otherwise terminal cancer.

That proposal originally appeared in an article that I did for CNAS
(www.cnas.org/cyber) but my presumption is that there will always
be ready buyers (which there are), so the question is whether the
buying and selling is to be a black market or a white.  In truth,
I was focusing on a side effect of the USG having an unassailable
presence in a white market -- that there is some chance that we
could collapse the black market, not by outbidding it but by implying
that we had motivated the finding of vulnerabilities to such a level
that even if one searcher was able to find a vulnerability it would
not be long before some other searcher found it, too.  By cutting
the shelf-life of an unused but known vulnerability down to near
zero, we would cripple the stockpiling of weapons.  All of which,
to repeat, comes with my ironclad requirement that vulns found be
made public.  Otherwise, and as one would certainly imagine, buying
a lot of them at high prices only makes more get found such that
in a black-only market those vulns will presumaby be both sold and
re-sold to self-compartmentalized buyers.  ["We" learned only this
past week that the FBI is now buying for offensive purposes
(www.securityweek.com/fbi-looking-buy-malware-security-vendors).]

I am also on the record that Stuxnet was a Godsend insofar as it
proved by demonstration that mutual assured destruction is possible,
though one must quickly acknowledge that, unlike a missile with the
Kremlin's name on it, cyberweapons with understood-in-advance
collateral damage do not grow on trees.  (Website on which it
originally appeared has disappeared; a mirror is at
geer.tinho.net/geer.dsbox.18xi10.txt)

In October, 2012, I spoke with a recently retired gentleman who had
been at the top of NSA's threat evaluation wing.  I asked him then
what he would be worrying about if he were still on the job.  He
said "Today I'd be worrying about the maker community and especially
the drone crowd.  Tomorrow I'd worry about do-it-yourself bio."
These are by no means crazy answers.

All of which comes back to your Home Invasion 2.0 work (I broke
discipline and turned on Javascript just to get it).  There is an
enormous attack surface growing there, just as you say.  Electric
meters that report back everything are quintessential privacy
destroying even if they are being mandated for "green" reasons.
And so forth -- I'll restrain myself from enumerating all the things
of that sort, though a cpunks dictionary of such would be an useful
thing jointly to build.

Which brings us back to the NSA.  Their job description is to never
miss a needle in any haystack.  Haystacks are bigger than ever, and
those who control the needles are ever more powerful -- both being
side effects of the growth in power that is buried in cyberspace.
If you are obliged to miss nothing while the cardinality of the
things you might miss is growing at an accelerating rate, your only
choice is to capture everything.  Only when you have total surveillance
is it possible to say that the absence of evidence is the evidence
of absence.  What "we" need to do is tell our leaders that we do
not want their protections, that we will bloody well take care of
ourselves even if down that path lies the occasional loss of a major
city.  One is again reminded of Dostoyevsky's Grand Inquisitor, is
one not?


--dan




More information about the cypherpunks mailing list