Video The Internet Society is Unhappy with U.S. Govt's Internet Spying Tactics 107
Robin: My fist question is, “What does the Internet Society do?” and then we will talk about circumvention of encryption.
Paul: Great. Robin, thanks for having me on your broadcast. It is just wonderful to be here. I have to say though while we are involved in internet technology standards, we definitely don’t control the internet engineering taskforce. So I want to make that clear.
Robin: Nobody does.
Paul: Exactly. So we are the organizational home of the internet engineering taskforce and that is one of our key functions. We also work on internet development and emerging economies, particularly in Africa, we are working on internet exchanges there. We work on internet policy as well. So we have a public policy group based in Geneva that is tracking very closely all the activities related to the ITU and governments’ attempts to come in and try to regulate the internet in ways that are definitely not in line with the way the internet was developed and would potentially cause harm there. So yes, that is just a little overview of what we do.
Robin: And right now, earlier this month, it seems to me the United States government put out something, or we learned rather, because I think they have been doing it for a long time, has been trying to circumvent encryption and pry into everybody’s deep dark secrets. And from what I have been reading, the Internet Society doesn’t like this.
Paul: It is really not exactly clear what all the government has been doing. I think we are learning more every day. But what we are very concerned about is making sure that there is trust in the internet so that people can go online and do their business, have their conversations, have private conversations and know that that they are private, because if there is not trust in the internet then governments around the world will begin to lock down the internet, and potentially balkanize the internet.
And we are just seeing a few notes over the past couple of days where countries like Brazil, China, Russia and India and others are very much interested in keeping traffic away from the United States, and while you cannot blame them for having that sentiment based on some of the recent revelations, it is not the way the internet was designed to work. You want to be able to have consistent as much as possible regulations around the world for the internet. So that wherever I happen to be I can have an innovative web service, I can host it wherever I am, and it will be welcome and be usable anywhere across the Internet. And if we get into a situation where countries begin to balkanize and have very different regulations, that innovation will be stymied.
And that is our concern. We as the Internet Society, we are a global organization, and while we might have our headquarters in DC and Geneva, we have offices all over the world, and we encourage everyone to participate. In fact, our mantra is:The internet is for everyone. So yeah, this has been quite a dilemma and we are working hard to make sure policy makers understand that breaking down the trust that people have in the internet is a really bad idea and it is going to backfire, while it may seem like it is a good idea to capture intelligence on the Internet, and I can understand wanting to do that, people still like to have trust. And there needs to be some transparency.
Robin: Which is worse? The spying on people, seeing what we are saying, or just plain blocking it? Because I have also been to Saudi Arabia and I have sat on cushions on the floor of course, in the office of the man who controls the Saudi One Access Point Internet, where they have just one pipe in and out of the country, and you might go to the page let’s say for the Israeli Defense Force, and you won’t see it, you will see a note that says translated: The religious police have decided this is un-Islamic matter on this site, so you can’t see it. What about that? Which is worse, eavesdropping or censorship?
Paul: You know, it is a very hard choice. In some countries, I think it would probably rather be blocked for sure there is just no good answer to that. There is no good choice there. In either case, there is the potential for people’s privacy being stolen and things that they say being taken out of context, and it is just not an environment that is sustainable for the internet.
Robin: Okay, let’s assume that we are ordinary people or businesses in the United States of America, waving our little red, white and blue flags, what can we do to have less censorship and less eavesdropping – what can we do about it?
Paul: Well, the agencies that are responsible for the US security do have a job to do, they do need to do some spying activities I suppose, that’s why they exist, right? So I think you have to have a balance somehow where there can be enough transparency and enough trust that the rule of law is actually being applied. So I think a lot of what was the big concern in the US is that many of these decisions were made where it just wasn’t clear that courts were looking at these situations in an environment where you would have that traditional balance where you would have a conflict that could be resolved in the open, because it was all behind closed doors and there really wasn’t a public advocate there making sure that that view was represented in these discussions.
So I think these agencies are going to continue to exist, they probably have to continue to exist for national security, but just the way they go about doing what they do has to change I believe, and hopefully they are getting that message. You know, from a business perspective, like you mentioned, I think we are beginning to see some of the business leaders talk about this issue. I think that in the headlines just recently we’ve had Mark Zuckerberg come out and I think his quote was that US government blew it.
And so I think many people share that sentiment. And hopefully they are going to learn. I know that the administration has special working groups that are reporting directly to the president I believe, trying to get that perspective in, I know that CDT the Center for Democracy and Technology is involved and they have some very bright people, who are working in that working group. So nothing with the government happens overnight. But I do hope that there will be some positive changes here, and I have some hope that it will happen.
Robin: Thinking of Zuckerberg, a lot of people thought his coming down on the government for eavesdropping was kind of amusing, because Facebook, and of course, we all know that Google is doing evil, aha, and I say this as somebody, I am a devoted Google Drive and email and whatnot fan, and I use them like mad.
Paul: Great products.
Robin: Great products, worked for me. I don’t worry about it. Should I worry more?
Paul: Well, we have a privacy and identity team that looks at these issues very closely. And I think, it is hard for me to speak for them, because this is not exactly my specialty and they are really deep into the technologies here, but my understanding from what they have told me is that yes, you should be worried more. And that you should think about ways where mechanisms, technical mechanisms to ensure that you are not being tracked and that you understand the deal that you are making with these companies when they take that data, and understand what data that they are taking. I think that that’s the key issue for the Internet Society, is that you are inherently making a bargain with these companies, when you conduct service with them, you are giving them the data in return for these great services, but not everyone really understands what all they are giving up. And we do our best to help people to try to understand and then give them tools to limit the sharing of that information if they don’t want to. So we have a whole group, Lucy Lynch is one of the best experts in the world on these topics, leads our group for us and they are doing some good work in that area.
Robin: Can you give me any suggestions as to what an individual or a small business can do on their own behalf?
Paul: I would have to direct you to we have an area on our website that gives a lot of resources for this, a lot of education resources, and specifically it gives you some tools, plug-ins that we have worked with others to develop that will let you know what information is being collected. So I think that would be a good first step. Look for those trusted resources. The Internet Society is a trusted resource, a global nonprofit organization set up by the guys who created the internet. And we are working for the benefit of the internet, to make it sustainable, and we are definitely not working for any one of these companies that collect the data. So you should look for organizations like ours. CDT would also be a good one. And others.
Robin: And what about joining the Internet Society? What about getting in there and helping? Are there opportunities for us to, well, first of all, to join, we know that, it costs nothing, I am a member, have been for years, and you out there, listening and watching this, you should be too, right?
Paul: Definitely, you should be. You know, it is easy to join. When you join, one of the biggest benefits you get is just periodic emails that give you some information about what’s happening in the internet community. We have events all over the world, and almost all of these events are webcast, so no matter your nationality wherever you happen to be, you have the opportunity to tune into these events, we’ve already had one of them this year on cyber security and privacy and trust issues – that was in Washington DC just a couple of months ago, but we’ve got another one that’s coming up just in a few days, October 2nd and that is in San Francisco it is going to be at CNET’s headquarters. And that’s being organized by our chapter there, the San Francisco Bay Area chapter. So when you think about getting involved, there are chapters around the world, where you can connect with individuals with shared values, and they are also out there working to make the internet work better, and then bring together good discussions like this on very relevant topics that are key to the internet’s success.
Robin: So right now and I think I do have a link to it in the intro text to this little video. You should be alert for the October 2nd webcast if you are not in the San Francisco area. And you might want to tune in on that and see what’s going on and see what you can do with the tools that the Internet Society has developed and how you might even help develop more tools. Right?
Paul: Definitely, lots of opportunities.
Only read the headline (Score:5, Informative)
Re:Only read the headline (Score:4, Insightful)
We only unlocked your doors, snuck through your house, and examined all your belongings to make sure there wasn't anything dangerous there. You should be thankful.
Re:Only read the headline (Score:5, Funny)
Nice green dildo by the way.
Re: (Score:1)
Re: (Score:1)
Re:Only read the headline (Score:4, Interesting)
"We" is a lot of people, some that could be respectful, some that not [go.com]. Also forced the maker of your locks to be able to be opened with a clip to make things easier for us, knowing that no "proper" thief would never figure that. And planted a few hidden bombs [schneier.com] just in case we think that you are misbehaving.
Did we mention that we have to pay private prisons if we don't keep them nearly full [salon.com]? Is not that you would have to worry about that [wsj.com]
Re:Only read the headline, 'thanks to your Teacher (Score:2)
Re: (Score:1)
To some extent, that thing people sometimes say about greyhats, does come into play, though. Someone just violated your house, and in so doing, they have shown the entire world (including you!) that it's easy to do that, and that therefore probably lots of assholes are doing that. How many other people have been walking through your house, unknown to you, because they don't have Snowdens to tell you about it?
The analogy starts to break here, because securing a house is actually kind of hard. In the end,
Re: (Score:2)
Re: (Score:2)
But no shit, Sherlock.
They even wrote a letter expressing their outrage. In strongly worded but politically correct terms. Surely the US spy agency will take heed!
Re: (Score:1)
Meh. Go build your own Internet and cloud services. :-P
Re: (Score:1)
Re: (Score:2)
What a kind title. How about apologizing (and kissing) each other and finishing things kindly!
Not that it isn't bad, but... (Score:1)
To say that they "undermine the technical foundations of the Internet" is going a bit far.
Re:Not that it isn't bad, but... (Score:5, Insightful)
The move away from robust peer-to-peer to centralisation - esp. more points of failure at which all traffic passes/arrives - is absolutely undermining technical foundations.
The Internet could easily have become about all computers acting as peers, caching data for one massive net of networked data storage ("the network is the computer" taken quite literally). Instead, thanks to the desire of capitalists and governments (but I repeat myself) to control, it's very firmly split itself between producers and consumers - just the way the boys at the top like it.
Re: (Score:2, Interesting)
The majority of internet traffic is P2P filesharing (bittorrent).
Re: (Score:1)
Nope, it's video streaming. Also, 2008 called and wants its statistics back.
Your answer, sir. (Score:2)
The move away from robust peer-to-peer to centralisation - esp. more points of failure at which all traffic passes/arrives - is absolutely undermining technical foundations.
The Internet could easily have become about all computers acting as peers, caching data for one massive net of networked data storage ("the network is the computer" taken quite literally). Instead, thanks to the desire of capitalists and governments (but I repeat myself) to control, it's very firmly split itself between producers and consumers - just the way the boys at the top like it.
http://geti2p.net/ [geti2p.net]
Everyone is both a peer and a load-bearing router for the network. This has the side effect of providing better protection from traffic analysis than Tor. And their new email system is based on decentralized DHT.
Re: (Score:2)
Pathetic.
Re:Not that it isn't bad, but... (Score:4, Insightful)
Re: Not that it isn't bad, but... (Score:3)
There are many reports that the NSA weakened encryption to aid their spying efforts. Even putting aside the NSA's spying, weakened encryption means greater likelihood of a hacker cracking your encryption which weakens the security of the Internet. Even if I were crazy enough to support the NSA spying, I'd still see weakened encryption as a threat to everyone.
Re: (Score:2)
Re: (Score:2)
No, actually it isn't going too far. Cryptography is fundamental to the success of the Internet. Every time you log in to a web site, every time you buy something, you are using encryption to avoid revealing your password and your credit card to anybody who happens to be sniffing any wire between you and the web site you are accessing.
When you use "the cloud" to do business, you are relying on the security of a system that is not under your control. If the security of that system can be routinely comp
Re: (Score:2)
Pay per view is another threat (Score:5, Informative)
.
What if Verizon succeeds in killing the Internet? [infoworld.com]
I've posted countless essays over the years on the importance of Net neutrality and how big ISPs are trying to turn the Internet into a pay-per-view system, rather than the open-access system it was always intended to be. I've written open letters to federal legislators; remarked on the various games being played by AT&T, Verizon, Comcast, and the like; and cheered Google Fiber for demonstrating that the big ISPs are full of nonsense when they claim their backs are against the wall in terms of broadband speeds and reach.
And now, Verizon is claiming it has free speech rights to limit and block content flowing from the Internet to its customers....
Re:Pay per view is another threat (Score:5, Insightful)
OK fine, if Verizon wants anything that goes over their network to be their speech, then let them be held liable for all the kiddie porn on their network.
Either you're a common carrier or you're not. You can't have it both ways until you build a quantum network.
Re: (Score:2)
Either you're a common carrier or you're not. You can't have it both ways until you build a quantum network.
And even then you can only have it both ways until the wave function collapses.
Riiiight (Score:2, Insightful)
and possibly help beat back some of the U.S. government eavesdropping and encryption circumvention efforts.
And I got a bridge to sell you.
People are more up in arms about Milli Vanilli Cyrus than they are about the who NSA reading your emails thing. The government knows that it's as safe as can be. The two party system will go on as planned, duping the Americans into thinking that it's a problem with what party is in power... 90+% of the morons ate that up hook, line and sinker.
Noth
Internet Party (Score:5, Interesting)
Internet Society + EFF + ACLU + FSF + Wikipedia + Reddit + Slashdot + every place else that gives a shit = Internet Party candidates on the ballot in 2014-2020 in every single local, state and national election.
Republicans? Democrats? A pox on both their houses.
Re:Couch Potatoe Party (Score:2, Interesting)
Good luck prying them away from their privileged, unsustainable lifestyles and getting them into the voting booths.
Seriously, if it can be done, that's great, prove me wrong, go do it. The world would be a better place. But it can't be done, because the people you are referencing are all talk and no action.
Re: (Score:2)
You don't. They campaign from the couches. Everything is online these days. You can even vote by absentee ballot.
Re: (Score:1)
Here are some additional planks for this hypothetical Slashdot-Reddit-plus-plus party:
1. All pizza places must stay open for deliveries after 2 a.m.
2. FPS games should be an Olympic sport.
3. Homeowners to be fined for each instance of asking their adult live-in dependents anything along the lines of 'When are you going to find a real job so you can move out of here?'
4. Immigration reform for manual labor and factory jobs, but strict quotas for anything having to do with I.T.
5. 'All information wants to be f
Re: (Score:1)
Internet Society + EFF + ACLU + FSF + Wikipedia + Reddit + Slashdot + every place else that gives a shit = Internet Party candidates on the ballot in 2014-2020 in every single local, state and national election.
Republicans? Democrats? A pox on both their houses.
Don't make me laugh. From just what you named, you'd have at least eight different tiny parties, each of which has their own petty arguments against the other at least seven, up against two parties that demand lockstep conformity from their members backed by a culture of trivially-available severe political punishment for any deviations from the party line, all up for election by a public that has neither the ability nor desire to understand the incessant bickering of at least eight sub-sub-subcultures tha
Re: (Score:1, Insightful)
Wikipedia? Are you really trying to make people believe that those who use Wikipedia are of some monolithic ideology? What?
Not to mention that just about anything that gets any real attention within the Slashdot community is normally from one of the same 300 or so users. There may be a larger user base here but most of it goes unheard and the inner circle of mods and posters is established to the point that if you're not in it you won't be taken seriously no matter how factual or insightful you real
Re:Internet Party (Score:4, Insightful)
Wikipedia? Are you really trying to make people believe that those who use Wikipedia are of some monolithic ideology? What?
Not to mention that just about anything that gets any real attention within the Slashdot community is normally from one of the same 300 or so users. There may be a larger user base here but most of it goes unheard and the inner circle of mods and posters is established to the point that if you're not in it you won't be taken seriously no matter how factual or insightful you really are.
Try logging in. Then we'll talk.
Re: (Score:1)
See my UserID? I'm new here. But I have mod points today even so. You'd have gotten one if you had anything worthwhile to say. Instead, I am replying only to let people who think they may want to join know that, yes, there's a point to logging in when you comment. Moderation is not a closed circle, and if you keep at it you will have your day eventually.
Want my mod point? Here's how to get it: tell me something I might not know, that's interesting or useful. Give me a clever turn of phrase to borrow for an
Re: (Score:2)
Re: (Score:1)
That sounds better than what we have now, where countries spy on their citizens and cooperate with other countries to help each other better spy on their citizens.
The Russians had it right (Score:2)
The Soviet security service Ian Fleming's James Bond had to deal with was "Smert Spionam", or in English, "Death to Spies".
Let's bring back the 1940s and wage war against spies instead of terrorists (;-))
--dave
Re: (Score:3)
Would this be like or unlike a LAN party?
Re: (Score:2)
"World's biggest LAN party."
Only problem(?), if we decided wars that way, South Korea would rule the world.
Re:Internet Party? Pirate Part! (Score:3)
Re: (Score:2)
I was thinking a less-scary sounding name so as not to frighten the masses, but that's the general idea.
The platform would be pretty simple. "Hi. We're all the people who made the internet, that thing you all love, and carry around connections to in your pocket 24/7. Sure, it's got its hiccups, but for the most part, it runs pretty well. Would you like your nation to run like that? If so, vote Internet Party."
Slogans are pretty easy too. "We're from the Internet, and we're here to help."
The SOPA protest wor
Re: (Score:3, Insightful)
Re: (Score:2)
No, that's not the ONLY possible action. However, it IS one of the totally pointless actions.
Re: (Score:2)
Soon... (Score:5, Insightful)
Are you now, or have you ever been a member of the socialist "Internet Society" party?
You think McCarthy era internment camps were bad? Imagine the horrific witch hunt + the victims also having data-overload withdrawals, being cut off from texting & social media updates.
The web will fracture. The cracks have already formed. National Networks are coming with every approved packet signed via digital user IDs.
I can hear it now: You want the Internet back?! Why? So you can connect to your Chinese and Russian Spys? Or even Terrorist websites?!
Reject national digital ID systems w/ PKI authentication. That is the key they need to enforce the fracture.
Long live the Sneakernet, the last bastion of information freedom. It's what took down the other oppressive regimes in years past, and I fear we'll soon need it again when the Internet society has failed.
Never under estimate the bandwidth of a condom full of micro SDs.
Re: (Score:2)
Re:Soon... (Score:4, Informative)
Uh, are we mis-remembering history? There were no "internment camps" during the McCarthy era.
Want some more unwanted knowledge? Turns out, the State Department really was full of Communist sympathizers. McCarthy was right. Historical fact, look it up.
Re: (Score:3, Informative)
He was accidentally right - he was just pretending to have a list of CommieMutantTraitors, and the whole witch hunt did a poor job of discovering them. The problem was real, though.
Re: (Score:1)
Turns out, the State Department really was full of Communist sympathizers.
Anyone with a college education at that time was a "Communist sympathizer", insofar as they had read literature written by Communists. Admitting reality was all it took to be accused.
Re: (Score:2)
Want some more unwanted knowledge? Turns out, the State Department really was full of Communist sympathizers. McCarthy was right. Historical fact, look it up.
So? He violated the US Constitution by having government agents harassing people for exercising their right to free speech. Doesn't matter if he was right or wrong or right about what but not who.
Re: (Score:2)
You think McCarthy era internment camps were bad?
I was going to leave this alone but I just can't. McCarthy had nothing to do with any fucking internment camps. He wasn't even elected until AFTER WW2. But of course, why let facts get in the way of your astounding edumacation.
Re: (Score:2)
Re: (Score:1)
Never underestimate a Coke bottle full of MicroSDs, buried at a secret place in the woods.
Good for
o Backup Storage
o Fed-safe Storage
o Massive Release of Information to (hopefully) trusted journalists
o Communication With Fellow Minutemen
Wouldn't it be easier... (Score:1)
..to list who is happy with state sponsored spying?
Are they really be surprised by the spying? (Score:4, Insightful)
Are they really surprised by the spying, and if not why didn't they respond sooner? Their leadership is questionable if they wait until they are compelled to act.
The U.S. government's spying has been reported for years. I understand that the general public didn't necessarily understand, but the Internet Society? It also involved the cooperation of many people from many companies, and I assume many of those people are involved with the Internet Society. People talk, even about confidential things. There must have been some awareness of what was happening.
Re: (Score:2)
I'm guessing most people underestimated it by a fair margin ...
The Internet Society is not most people; they are supposed to have expert knowledge and exercise foresight and leadership far beyond what posters on Slashdot think of or know.
Re: (Score:2)
US domestic law would have prevented it.
Stock in a US firm would be at risk if/when exposed - legal teams would have stopped any meeting/demands with a request for a very focused warrant from a real US court.
Tech staff would have seen the packets moving, informed the legal team and your back to needing a focused warrant from a real US court.
Political leaders would not allow domestic spying due to their own self interest in getting elect
Re: (Score:2)
The fantasy was not about data sets sizes, cpu power, cooling, storage, optical loops/mirroring, brand names helping, indexing - the fantasy was the legal system.
Very good point (though the fantasy was a bit about technical issues).
Re: (Score:3)
It has been suspected for years, but anyone reporting or inferring it has been written off as a tinfoil wearing conspiracy theorist by the deaf dumb and blind patriot idiots making up the majority of the population.
Even now, when the truth is starting to come out, you have people defending the practice.
Re: (Score:2)
It has been suspected for years, but anyone reporting or inferring it has been written off as a tinfoil wearing conspiracy theorist by the deaf dumb and blind patriot idiots making up the majority of the population.
Then the Internet Society should have worked to change those opinions. They are way behind on a very important issue, not ahead of it. For example, they could have worked to reduce some of the vulnerabilities.
Re: (Score:2)
Agreed, but the damage has already been done (Score:2)
I agree 100%: the greatest harm that could have possibly come about from this mess is not the truth that we have no privacy left, but the mistrust this generates in the spirit of keeping the Internet "Free" and "Open" as a world wide network of computers that enable the free exchange of information and ideas.
Things like the "The Great Firewall of China" will become more and more common - because this event completely validates the fears that these firewalls and countermeasures were designed to address.
Prett
Re: (Score:2)
no commercials please (Score:1)
Crypto ?? Anyone... ANYONE? (Score:5, Insightful)
And still, people use gmail, hotmail, Facebook, mobile me ....
Even worse: no one uses crypto. PGP is there. TOR is there (OK, with some problems with the latter),. a 4096bit key is a tough cookie to crack. There are 2-3 click installers for almost every OS (linux, win, osx, ios and android).
There is also OTR chat for chatting.
Still, I cannot convince one single person to use it, even for business matters that shouldn't go through mail servers and chat servers in clear text form.
I am talking about programmers, technical managers and system administrators, who find these tools either unnecessary, or too bothersome to use..... So how will average Joe convince grandma, grandpa, and uncle Joe to install these tools and go through the incredibly long (5 minute tops) learning curve and start using the F@#$@#$ tools?
Let's use diaspora, go back to vote-in BBS systems with made up names and use crypto ... but no... people are upset about their privacy while posting borderline illegal videos with under their own name with location services stamping info into the media.
ARE WE STUPID or what ?
Re: (Score:2)
ARE WE STUPID or what ?
Are we? Metadata is still accessible with PGP and OTR. Tor was recently revealed to have weak encryption and Tormail is now RIP.
There needs to be *one* general purpose crypto layer with *one* learning curve or else its not going to stick. I2P is the closest thing I've seen to that; You should check it out.
Re: (Score:3)
I know I2P ...
And agree with mostly what you say. However I think ANY crypto would be better than NO crypto. I think we can agree on the following:
sending a PGP encoded mail out on my connection that has a bitcoin purchased (no payment info) VPN, maybe even do that over TOR (shit or not) makes things a little more complicated for whoever that wants to see that mail and where it was coming from.
That said, a friend argued, that if I started using crypto chat over Skype (OTR with Adium or Pidgin) then I would
Re: (Score:2)
Why would you want to make things a *little* more complicated? These are not basement-dwelling hackers or even crime syndicates we're talking about. They can stride over your speedbumps while hardly noticing, and regular services have a tendency to ban Tor traffic when they start getting a lot of government inquiries about it.
The point is to deprive them of metadata, because metadata is our data.
A remailer like mixmaster is more robust, but very few use it and it doesn't have the benefit of being mixed-in w
Spying Tactics? No, no, no... (Score:3)
We're not spying on you. Not at all. Only spying on select traffic in the interest of national security. Don't worry.
p.s. you're out of milk
Re: (Score:1)
I wonder how long... (Score:1)
...before we hear of Ms. St. Amour being held for 9 hours as she enters some Murrica-patsy country or other. Anyone with any sense knows the Great American Bully is not going to take this lying down.