Welt am Sontag in Germany asked me for an op-ed on Wikileaks. Here it is, auf Englisch. Hier, auf Deutsch.
Government should be transparent by default, secret by necessity. Of course, it is not. Too much of government is secret. Why? Because those who hold secrets hold power.
Now Wikileaks has punctured that power. Whether or not it ever reveals another document—and we can be certain that it will—Wikileaks has made us all aware that no secret is safe. If something is known by one person, it can be known by the world.
Interesting article in the New York Times – “How China meddled with the Internet,” based on a report to Congress by the United States-China Economic and Security Review Commission. The Times article talks about an incident where IDC China Telecommunication broadcast inaccurate Web traffic routes for about 18 minutes back in April. According to the Times, Chinese engineering managers said the incident was accidental, but didn’t really explain what happened, and “the commission said it had no evidence that the misdirection was intentional.” So there was a technical screwup, happens all the time, no big deal? Or should we be paranoid?
No doubt there’s a lot to worry about in the world of cyber-security, but what makes the Times article interesting is this contention (not really attributed to any expert):
While sensitive data such as e-mails and commercial transactions are generally encrypted before being transmitted, the Chinese government holds a copy of an encryption master key, and there was speculation that China might have used it to break the encryption on some of the misdirected Internet traffic.
That does sound scary right? China has an “encryption master key” for Internet traffic?
Except it doesn’t seem to be true. Experts tell me that there are no “master keys” associated with Internet traffic. In fact, conscientious engineers have avoided creating that sort of thing. They use public key encryption.
So why would the times suggest that there’s a “master key”?
Phi Beta Iota: We have three thoughts:
1) There's been a movie on the idea, and a low-rent mind might have been led to use the idea for spin.
2) Much more seriously, we have been told that many routers strip security as a routine means of increasing speed. We do not know the truth of the matter, since encrypted emails do arrive with encryption, but as a general proposition, security does seem to have been sacrificed to speed, and it may be there is no need for an Internet key in general.
3) Finally, we would observe that 80% of signals intelligence is pattern analysis, and being able to pull a massive amount of Internet into a place where pattern analysis of who is talking to who can take place, might, conceivably be worth doing.
Tim Wu explains the rise and fall of information monopolies in a conversation with New York Times blogger Nick Bilton. Author of The Master Switch: The Rise and Fall of Information Empires (Borzoi Books), Wu is known for the concept of “net neutrality.” He’s been thinking about this stuff for several years, and has as much clarity as anyone (which is still not much) about the future of the Internet.
I think the natural tendency would be for the system to move toward a monopoly control, but everything that’s natural isn’t necessarily inevitable. For years everyone thought that every republic would eventually turn into a dictatorship. So I think if people want to, we can maintain a greater openness, but it’s unclear if Americans really want that…. The question is whether there is something about the Internet that is fundamentally different, or about these times that is intrinsically more dynamic, that we don’t repeat the past. I know the Internet was designed to resist integration, designed to resist centralized control, and that design defeated firms like AOL and Time Warner. But firms today, like Apple, make it unclear if the Internet is something lasting or just another cycle.
Mid-1990s: Gonzalez, 14, is visited by F.B.I. agents at his high school for hacking into NASA.
Gonzalez, law-enforcement officials would discover, was more than just a casher. He was a moderator and rising star on Shadowcrew.com, an archetypal criminal cyberbazaar that sprang up during the Internet-commerce boom in the early 2000s. Its users trafficked in databases of stolen card accounts and devices like magnetic strip-encoders and card-embossers; they posted tips on vulnerable banks and stores and effective e-mail scams. Created by a part-time student in Arizona and a former mortgage broker in New Jersey, Shadowcrew had hundreds of members across the United States, Europe and Asia. It was, as one federal prosecutor put it to me, “an eBay, Monster.com and MySpace for cybercrime.”
Phi Beta Iota: We opened Hackers on Planet Earth (HOPE) in 1994, making the observation that when the Israeli's captured a hacker they gave him a job, while the US simply kicked them in the teeth and sent them to jail. We tried to keep Phiber Optic out of jail, and we have for decades been on record comparing hackers to astronauts–full of the right stuff and pushing the edge of the envelope. No one, including Marty Harris then in charge of the National Information Infrastructure (NII) wanted to listen. Today the US Government is again ignoring the warnings on the urgency of getting a grip on all information in all languages all the time, and roughly 20 years behind in creating “root” cyber-security. This article by James Verini is a phenomenal update on what we all knew in the mid-1990's that the US Government is still oblivious to–this is not a problem technology or wanton spending can solve–this is a problem that demands discipline, integrity, intelligence, and sharing. It is neither possible nor desireable to secure government or military computers in isolation–this is an “all in” smart safe nation challenge.
Phi Beta Iota: This is one of the most balanced sensible white papers from a vendor it has been our pleasure to encounter. Taken in context of Microsoft thinking about buying Adobe after failing to see the value of Sun's Open Office, this white paper merits broad appreciation against the possibility that Adobe could become the Context & Content Division that Microsoft does not have and will not have under Steve Ballmer now that Ray Ozzie has given up on Microsoft and moved on.
Listen to the generals speak, and you’d think the Pentagon’s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of “incidents of malicious cyber activity” in the Defense Department has actually decreased in 2010. It’s the first such decline since the turn of the millennium.
In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. “If the rate of malicious activity from the first half of this year continues through the end of the year,” the commission notes in a draft report on China and the internet, “2010 could be the first year in a decade in which the quantity of logged events declines.”
The figures are in stark contrast to the sky-is-falling talk coming out of the Beltway.
“Over the past ten years, the frequency and sophistication of intrusions into U.S.military networks have increased exponentially,” Deputy Defense Secretary William Lynn wrote in a recent issue of Foreign Affairs.