A new, secure and free Internet… Dream on

A new, secure and free Internet… Dream on

Summary: Bruce Schneier thinks we (engineers) should re-engineer the Internet to make it harder for governments to conduct surveillance. This is just silly. If we aren't willing to re-engineer it to stop criminals we sure won't do so to stop governments.

TOPICS: Security

Almost everyone's outraged to one degree or another by the latest Edward Snowden revelations. I have my problems with some of the claims, but others are clearly disturbing. What are we to do about it?

Bruce Schneier is a famous and respected cryptographer and analyst of security more generally. He has been working with Glenn Greenwald of The Guardian and has his own advice for how people should protect themselves in light of the news. Some of this seems a bit overwrought to me, but it's all meant to be practical advice.

His other essay yesterday was less practical. In fact, it's anything but practical. His idea that we, by whom he means engineers, should redesign the Internet so that it is less amenable to the sorts of abusive surveillance we are seeing from the US government. And it's the US government he calls out. I guess any features of the Internet abused by China don't concern him as much.

I'm really quite amazed at how ridiculous an idea this is. I imagine it felt good to write, but let's think through the implications.

  • The new, secure and free Internet would probably have to be incompatible with the old one. Making it compatible would, if nothing else, increase the complexity of it to the point of compromising the security. Better that it's simple.
  • There could be gateways between the new and old Internets, but many types of content wouldn't necessarily be transferrable.

There are many other interesting points I could make about it, but those two are enough to satisfy me that such an Internet has no chance of gaining enough adherents to be worth using. Without scale, it's going to go nowhere. Will Amazon.com do the substantial re-engineering necessary to support the new Internet? Will Netflix? Will Comcast and Verizon and AT&T offer service for it? Only if they see money to be made.

In fact, it's not just silly, it's offensive in a way. If the weaknesses in the Internet that make widespread crime against innocent 3rd parties by freelance criminals is unworthy of a complete redesign, why is government surveillance worthy of it?

About 10 years ago I wrote my own column toying with this idea. My focus was e-mail, as the standards efforts were heating up to try to make email authentication practical and widespread. Even then it was clear that it would be a massive problem, and 10 years later it's accomplished very little.

Nobody serious considered making a new, parallel and incompatible email system, even if it were to be immune from the numerous problems we have with e-mail. At least nobody spent real money on it. If you could never convince people to replace e-mail, an important protocol which everyone agrees was built with fundamental errors with which we are stuck, how could you start the whole Internet over? 

Schneier's call for rethinking Internet governance is similarly utopian. He sees himself that other governments and International bodies (the ITU in particular) are no solution, so that does that leave? Surely governments could find ways to subvert the IETF and other such bodies. If Schneier can't think of an answer, maybe it's because there are no benevolent overlords we can go to.

He also doesn't consider, at least initially, the downsides to so secure a network. Sometimes it's good, for instance, for police to be able to track down criminals. Do we really always want to impede that, even if there's a legal process for obtaining the access? 

He does make some good points. It would be good if engineers did not stay silent about government pressure to subvert the security of their products. Whistleblowing about this sort of thing seems honorable to me. More broadly, we do need to think about what to do, because the current situation is not acceptable. 

But there's no way to get around governments on this. The answer to the problem of surveillance by the US government has to be reform through US political processes. There is a constituency for this. If engineers, or even mere mortals, think something should be done about it, the ballot box is the place to do much of it.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not because of one or the other but both

    A new "Enternet" based on a new protocol TCP/EP with new services such as DES domain entity service to replace DNS etc. is perhaps the only way to root out all the criminals as well as all governments. None of the current Internet or protocols were designed with security in mind it just wasn't even thought of back then.

    Call it an Internet reset. Nefarious doers would certainly begin to creep in, I wish there was a way to prevent that but to do that you have to change human DNA apparently. That said what's a person to do... Once Sodom and Gomorrah née the Internet are saturated with corruption, destruction seems the appropriate response.
    • It should be like Bitcoin system

      In this case no government could control it o take it down. My thoughts about this idea: http://mtomas.com/342/internet-reboot-to-be-independent-and-secure-it-should-be-like-bitcoin
      Tomas M.
  • The price of safety?

    If the adherents of a 'totally free' internet were aware of the number of lives that are saved annually as a result of surveillance they might just pause for thought. Do I want to be 'free' or 'more safe'? Answers on a currency note of your choice.
    • Same quetion...

      Do you want to be free, or a slave?
    • Those who are willing to sacrifice...

      freedom for safety, deserve neither.
    • Safety is an illusion

      You are no more safe while under surveillance than without it. Just like the airport security checks, it is done to present the illusion of safety for sheep who are easily reassured. The reality is, radicals are still able to get knifes, guns, and even explosives onto planes, despite the big show of security. Who was really responsible for 9/11 when our own government new about it a month in advance and even ordered the fighter jets to stand down when they were in place, and prepared to shoot down the airliners long before they reached any metro areas?

      The people you should fear the most are the ones who control your daily life. Germany traded freedom for safety when Hitler was rising in power. Look where that got them.
  • Government abuse

    The US government's undeclared war on American Internet users has the very real possibility of SERIOUS abuses. Imagine Senator Joe McCarthy's communist witch hunt if he had access to what the NSA does today. Look up this low point of American history and then look me in the eyes and say it can't happen today.
    • It may be true that such could happen

      We do need to remember that most, if not all, of his "prey" were in fact communists, but that was deemed politically incorrect and he was villified for it. It may have been his method or the fact that they were indeed as he accused and were the ones in power and they shoved him out.
      I was reading that the DEA has more in their database than the NSA has, so watch what you do anywhere.
      • That's not the point

        It's not "whether they were communists" . . .

        I hope you aren't that thick and are just playing for responses here.
        • McCarthy's witch hunt was less of one

          than you were taught it was.
          • And what is your evidence of that?

            A witch hunt is what it was. McCarthy was doing nothing but trying to build his own power base to try to go for President. Worked right along side of Hoover, in charge of the FBI.

            People were arrested without warrents, probable cause, or even justification - other than what McCarthy said.
      • You do understand, don't you...

        ...the the "Communists" to which you refer were about as much threat to the national security of the US as your average Girl Scout troop? To a man (or woman), they were powerless intellectuals passionately committed to debating the intricacies of Marxist theory and smoking cigarettes. If Stalin's tanks came roaring across the Plains of Frankonia, they would have been useful to him only for greasing tank treads. Even if there had been real witches at Salem, all they ever achieved was to set a bunch of girls to giggling, and the Communists in the US achieved even less than that. What they were useful for was serving as bugaboo dolls for a bunch of cynical politicians intent on frightening Americans into acquiescing in turning the world into American neocolonies. McCarthy thought himself a player in this game; actually, he himself was a stooge set up to see just how far the game could be pushed. When he managed to revolt a substantial part of the electorate, he was sacrificed and the game pulled back a little, but continued. It continues to this day; the nominal villains are changed, but the politics of hate endureth forever. The first step in liberating yourself from this game is to see precisely how ineffectual the "bad guys" have been at each stage, compared to how they have been portrayed. You aren't helping any here by perpetuating the myth of the Communist Menace of the 1940s.
      • Nothing wrong with being a Communist

        You're within your rights as an American to hold whatever political beliefs you want. It's a big leap from that to engaging in a conspiracy to overthrow the US government. McCarthy leapt to the assumption that anyone with Communist leanings was an agent of the Soviet Union, though I'm sure he knew better - it was just demagoguery. It's a lot like assuming that every believer in Islam is working for global jihad...oh, wait, some people do, don't they?
    • Isn't being a communist protected by 1st ?

      Just curious.

      Isn't being a communist protected by 1st amendment ?
      I thought you can believe in anything you want, you should be just fine until you start plotting to harm people. Then you become the enemy.
  • you sure?

    You certainly make it sound like you are "aware of the number of lives that are saved annually as a result of surveillance".
    Well, are you?
    • How many plots were spoiled?

      They aren't saying, so how do we know if they are being effective at keeping us safe? However, I am sure they know what website I was on last night, and have that information stored for all eternity...
  • GnuPG is free.

    GnuPG is Free Software (meaning that it respects your freedom).
    Tony Burzio
  • redesigning the internet to fight crime ??

    Larry's bio states that he is an expert in security. However statements such as

    "If the weaknesses in the Internet that make widespread crime against innocent 3rd parties by freelance criminals is unworthy of a complete redesign, why is government surveillance worthy of it?"

    show an utter lack of understanding of security. When Bruce speaks of redesign he is specifically addressing "confidentiality and Integrity" of communication. This is a clear security problem that can be addressed. When you talk about "crime" and building safeguards this could mean any number of things. For instance preventing old ladies from being duped by the Nigerian crap emails , etc. The brush is so broad it is clear you have never been exposed to the concept of developing security safeguards, because safeguards can only be developed for actionable items.

    On a different note as Ben Franklin stated "They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety" , sadly your article advocates we give up liberty for the sake of safety.
  • Free Net

    You should examine mesh nets, there is no reason that the government can't be excluded.
  • The solutions are TOR and Freenet

    Secure and compatible Internet exists - it's called Tor and Freenet. Strange that you didn't mention them. The more people used them, the better anonymity and speed. So use them!