Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Internet has vuln.
From: coderman <coderman () gmail com>
Date: Fri, 6 Sep 2013 01:34:44 -0700

The NSA has undermined a fundamental social contract. We engineers
built the internet – and now we have to fix it...

By subverting the internet at every level to make it a vast,
multi-layered and robust surveillance platform, the NSA has undermined
a fundamental social contract. The companies that build and manage our
internet infrastructure, the companies that create and sell us our
hardware and software, or the companies that host our data: we can no
longer trust them to be ethical internet stewards.

This is not the internet the world needs, or the internet its creators
envisioned. We need to take it back.

And by we, I mean the engineering community...

One, we should expose. If you do not have a security clearance, and if
you have not received a National Security Letter, you are not bound by
a federal confidentially requirements or a gag order. If you have been
contacted by the NSA to subvert a product or protocol, you need to
come forward with your story... If you work with classified data and
are truly brave, expose what you know. We need whistleblowers....

Two, we can design. We need to figure out how to re-engineer the
internet to prevent this kind of wholesale spying. We need new
techniques to prevent communications intermediaries from leaking
private information.

We can make surveillance expensive again. In particular, we need open
protocols, open implementations, open systems...

Generations from now, when people look back on these early decades of
the internet, I hope they will not be disappointed in us. We can
ensure that they don't only if each of us makes this a priority, and
engages in the debate. We have a moral duty to do this, and we have no
time to lose.

Dismantling the surveillance state won't be easy. Has any country that
engaged in mass surveillance of its own citizens voluntarily given up
that capability? Has any mass surveillance country avoided becoming
totalitarian? Whatever happens, we're going to be breaking new ground.
 - Bruce Schneier

note from the editor: i'll believe we have made progress toward robust
crypto once every personal computing device has a robust hardware
entropy source.
 (backdoor generators like RDRAND don't count, of course ;)

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]