I just came across this article in the Washington Post from a few weeks back that I wanted to share. It’s very relevant to what we are all doing and I think gives a really decent overview of the birth of the Internet from a security perspective.
Great find Nick - a great summary of the development of the internet and the why and how of insecurity and security.
I liked this bit under the heading:
‘It’s kind of like safe sex’
Telephone networks, it was often said, had an intelligent core — the
switches that ran everything — and “dumb” edges, meaning the handsets in
nearly every home and business in the nation. The Internet, by
contrast, would have a “dumb” core — all the network did was carry data —
with intelligent edges, meaning the individual computers controlled by
A “dumb” core offered few opportunities for centralized forms of
security but made it easy for new users to join. This model worked so
long as the edges were controlled by colleagues who shared motives and a
high degree of trust. But that left the edges with a responsibility to
serve as gatekeepers to the network.
“We’ve ended up at this place of security through individual
vigilance,” said Abbate, the Virginia Tech historian. “It’s kind of like
safe sex. It’s sort of ‘the Internet is this risky activity, and it’s
up to each person to protect themselves from what’s out there.’ . . .
There’s this sense that the [Internet] provider’s not going to protect
you. The government’s not going to protect you. It’s kind of up to you
to protect yourself.”
Fascinating. TCP/IP was a great success, but would have been better had it’s developers not be inhibited from baking encryption into it. They had technical challenges, but the main barrier was the NSA. Are we surprised?
I think the main barrier was the technology, or at least it was an insurmountable barrier at the time. With smartphones as powerful as they are today, its hard to imagine how long it took to encrypt anything in the early days of the PC, which itself came after the design of TCP/IP.
Yeah. I guess my point is that they were really TRYING to solve it, and in addition to the technical hurtle, they were ultimately discouraged from proceeding by political pressure. Not definitive in terms of how the result would have come forward at that point. Just annoying. (It’s one of my jobs in life to highlight such things. We really should be annoyed by such.)
I agree, and I do also think it is attractive to paint people as bad or good. Snowden is an exceptional example, and I’m sure we can name more :-), but if you’ve followed him closely you’ll know he regards most at the NSA as good people, and not stupid people, who truly believe what they are doing is important, necessary and good - and that what Snowden did was bad. That too is black and white. Snowden is not just being clever here IMO, he seems to me to see beyond the black and white and even from within the depths of a powerful disciplined culture and mindset, was and is able to see a bigger picture.
The same black and white leads to demonisation and prejudice everywhere. Not saying you are doing this! But I think that is the danger with seeing the NSA as bad, rather than being able to get in their shoes. Best to judge actions rather than people or organisations, but even with actions, we need to be careful.
I think it also highlights how amazing hindsight is (I was talking about this with @BenMS). They had no idea how pervasive the Internet would become at that time, or that there would be anything of significant value on it. Very difficult to imagine e-commerce websites, online banking…etc… back then. One of the great quotes from the article:
"People don’t break into banks because they’re not secure. They break into banks because that’s where the money is.”
It makes you wonder what trends we will fail to anticipate that will cause the SAFE Network issues down the road.
I have no doubt that most in the NSA are basically well intentioned and think they’re doing the right thing. Rulers sometimes, if not often, are. It isn’t the individuals but the institutional mindset that I highlight.
@nicklambert points out, “It makes you wonder what trends we will fail to anticipate that will cause the SAFE Network issues down the road.” But I’m not so worried about Project SAFE, because the thought is to empower individuals by buttressing their privacy, security and freedom, while the likes of the NSA (et al) at their best seek to “keep ‘the country’ safe” by inhibiting the privacy, security and freedom of individuals. This is the mindset of sheepherders. It empowers a very small cadre and disempowers others.
That’s the opposite of what we’re doing with Project SAFE. And the mindset will make all the difference in the long run, regardless of any lack of ability to anticipate future hiccups due to lack of technical foresight of all possibilities. So I predict, anyway.