Group items tagged

But spy-agencies and law-enforcement have created a bustling marketplace for “zero-days,” which are weaponised for the purpose of attacking the computers and networks of “bad guys”. The incentives have shifted, and now a newly discovered bug had a good chance of remaining unpatched and live in the field because governments wanted to be able to use it to hack their enemies.

Last year, when I finished that talk in Seattle, a talk about all the ways that insecure computers put us all at risk, a woman in the audience put up her hand and said, “Well, you’ve scared the hell out of me. Now what do I do? How do I make my computers secure?”And I had to answer: “You can’t. No one of us can. I was a systems administrator 15 years ago. That means that I’m barely qualified to plug in a WiFi router today. I can’t make my devices secure and neither can you. Not when our governments are buying up information about flaws in our computers and weaponising them as part of their crime-fighting and anti-terrorism strategies. Not when it is illegal to tell people if there are flaws in their computers, where such a disclosure might compromise someone’s anti-copying strategy.But: If I had just stood here and spent an hour telling you about water-borne parasites; if I had told you about how inadequate water-treatment would put you and everyone you love at risk of horrifying illness and terrible, painful death; if I had explained that our very civilisation was at risk because the intelligence services were pursuing a strategy of keeping information about pathogens secret so they can weaponise them, knowing that no one is working on a cure; you would not ask me ‘How can I purify the water coming out of my tap?’”

Because when it comes to public health, individual action only gets you so far. It doesn’t matter how good your water is, if your neighbour’s water gives him cholera, there’s a good chance you’ll get cholera, too. And even if you stay healthy, you’re not going to have a very good time of it when everyone else in your country is striken and has taken to their beds.If you discovered that your government was hoarding information about water-borne parasites instead of trying to eradicate them; if you discovered that they were more interested in weaponising typhus than they were in curing it, you would demand that your government treat your water-supply with the gravitas and seriousness that it is due.The public health analogy is suprisingly apt here. The public health threat-model is in a state of continuous flux, because our well-being is under continuous, deliberate attack from pathogens for whom we are, at best, host organisms, and at worst, dinner. Evolution drives these organisms to a continuously shifting array of tactics to slide past our defenses.Public health isn’t just about pathogens, either – its thorniest problems are about human behaviour and social policy. HIV is a blood-borne disease, but disrupting its spread requires changes to our attitudes about sex, pharmaceutical patents, drugs policy and harm minimisation. Almost everything interesting about HIV is too big to fit on a microscope slide.

And so it is for security: crypto is awesome maths, but it’s just maths. Security requires good password choice, good password management, good laws about compelled crypto disclosure, transparency into corporate security practices, and, of course, an end to the governmental practice of spending $250M/year on anti-security sabotage through the NSA/GCHQ programmes Bullrun and Edgehill.

But for me, the most important parallel between public health and internet security is their significance to our societal wellbeing. Everything we do today involves the internet. Everything we do tomorrow will require the internet. If you live near a nuclear power plant, fly in airplanes, ride in cars or trains, have an implanted pacemaker, keep money in the bank, or carry a phone, your safety and well-being depend on a robust, evolving, practice of network security.This is the most alarming part of the Snowden revelations: not just that spies are spying on all of us – that they are actively sabotaging all of our technical infrastructure to ensure that they can continue to spy on us.There is no way to weaken security in a way that makes it possible to spy on “bad guys” without making all of us vulnerable to bad guys, too. The goal of national security is totally incompatible with the tactic of weakening the nation’s information security.

“Virus” has been a term of art in the security world for decades, and with good reason. It’s a term that resonates with people, even people with only a cursory grasp of technology. As we strive to make the public and our elected representatives understand what’s at stake, let’s expand that pathogen/epidemiology metaphor. We’d never allow MI5 to suppress information on curing typhus so they could attack terrorists by infecting them with it. We need to stop allowing the NSA and GCHQ to suppress information on fixing bugs in our computers, phones, cars, houses, planes, and bodies.If GCHQ wants to improve the national security of the United Kingdom – if the NSA want to impove the American national security – they should be fixing our technology, not breaking it. The technology of Britons and Americans is under continuous, deadly attack from criminals, from foreign spies, and from creeps. Our security is better served by armouring us against these threats than it is by undermining security so that cops and spies have an easier time attacking “bad guys.”

It’s as though ISIS and the U.S. media and political class worked in perfect unison to achieve the same goal here when it comes to American public opinion: fully terrorize them. (3) Although Americans favor military action against ISIS, today’s above-cited CNN poll finds that – at least of now – most do not want ground troops in Iraq or Syria (“61%-38%, oppose placing U.S. soldiers on the ground in Iraq and Syria to combat the terrorist group”). But almost every credible expert has said that airstrikes, without troops, is woefully inadequate to achieve any of the stated goals. Other than further inflaming anti-American sentiment in the region and strengthening ISIS, what possible purpose can such airstrikes have? The answer given by much of the U.S. media, as FAIR documented, seems clear: to “flex muscles” and show “toughness”:

What kind of country goes around bombing people with no strategic purpose and with little motive other than to “flex muscles” and “show toughness”? This answer also seems clear: one that is deeply insecure about its ongoing ability to project strength (and one whose elites benefit in terms of power and profit from endless war). (4) For those who favor air strikes: if, as most regional and military experts predict, it turns out that airstrikes are insufficient to seriously degrade ISIS, would you then favor a ground invasion? If you really believe that ISIS is a serious threat to the “homeland” and other weighty interests, how could you justify opposing anything needed to defeat them up to and including ground troops? And if you wouldn’t support that, isn’t that a compelling sign that you don’t really see them as the profound threat that one should have to see them as before advocating military action against them?

(5) For those who keep running around beating their chests talking about the imperative to “destroy ISIS”: will that take more or less time than it’s taken to “destroy the Taliban”? Does it ever occur to such flamboyant warriors to ask why those sorts of groups enjoy so much support, and whether yet more bombing of predominantly Muslim countries – and/or flooding the region with more weapons – will bolster rather than subvert their strength? Just consider how a one-day attack in the U.S., 13 years ago, united most of the American population around the country’s most extreme militarists and unleashed an orgy of collective violence that is still not close to ending. Why does anyone think that constantly bringing violence to that part of the world will have a different effect there?

6) When I began writing about politics in 2005, it was very common to hear the “chickenhawk” slur cast about: all as a means of arguing that able-bodied people who advocate war have the obligation to fight in those wars rather than risking other people’s lives to do so. Since January, 2009, I’ve almost never heard that phrase. How come? Does the obligation-to-fight apply now to those wishing to deploy military force to “destroy ISIS”? (7) It’s easy to understand why beheading videos provoke such intense emotion: they’re savage and horrific to watch, by design. But are they more brutal than the constant, ongoing killing of civilians, including children, that the U.S. and its closest allies have been continuously perpetrating? In 2012, for instance, Pakistani teenager Tariq Kahn attended an anti-drone meeting, and then days later, was “decapitated” by a U.S. missile - the high-tech version of beheading – and his 12-year-old cousin was also killed by that drone. Whether “intent” is one difference is quite debatable (see point 3), but the brutality is no less. It’s true that we usually don’t see that carnage, but the fact that it’s kept from the U.S. population doesn’t mean it disappears or becomes more palatable or less savage.

(8) Here’s how you know you live in an empire devoted to endless militarism: when a new 3-year war is announced and very few people seem to think the president needs anyone’s permission to start it (including Congress) and, more so, when the announcement - of a new multiple-year war - seems quite run-of-the-mill and normal. (9) How long will we have to wait for the poll finding that most Americans “regret” having supported this new war in Iraq and Syria and view it as a “mistake”, as they prepare, in a frenzy of manufactured fear, to support the next proposed war?   UPDATE [Tues.]: In case you’re wondering how so many Americans have been led to embrace such fear-mongering tripe, consider the statement last week of Democratic Sen. Bill Nelson of Florida:

“This is a terrorist group the likes of which we haven’t seen before, and we better stop them now. It ought to be pretty clear when they start cutting off the heads of journalists and say they’re going to fly the black flag of ISIS over the White House that ISIS is a clear and present danger.” They’re a “clear and present danger” because they threatened to “fly the black flag of ISIS over the White House.” It’s hard to believe the fear-mongering is anything but deliberate.