Imagine you could not lock your door. You could believe that you had locked your door, yet it could be opened with a secret knock. That secret knock could be found by anyone willing to search.
It would be deplorable. There would be widespread personal theft, with as many as one in fifteen adults victimized in a single year. Tax refund fraud from an inability to protect secrets information and secure homes would be a growing epidemic. Companies would be unable to secure their offices and discussions, with rampant intellectual property theft. There could even be suicides as vulnerable young people found their most intimate moments broadcast, locks hacked with secrets unprotected. The entire country recognizes that the first step to solving these problems is locking our doors. National pundits decry that people just will not lock those doors. Security experts argue that we need better lock design, locks are too hard to use!
Yet despite vast investment, police work, and an entire industry sector focused on securing your house, the doors can not be locked. Of course, locking the doors does not solve all the problems, but without the locks the problems are inherently insolvable.
Now, suppose that there were hundreds of millions of dollars of public funds investment in making certain that the doors never could be locked. Companies were being prevented, in secret, from selling truly secure, reliable locks. Upon revelation of the program, the President announces that there will be more due care in how often these broken locks will be jimmied by this secret spying force.
Well, my response to this would be, “Let’s lock the doors.”
This week, I was very proud to join fifty-two people with expertise in computer security that proposes this common sense approach in a joint letter, http://masssurveillance.info/. President Obama has addressed some of the practices of using these broken locks; he has made no statements about the NSA policies of undermining common mass-produced digital locking systems. The NSA has been and appears to be free to continue to undermine basic internet security. I joined my colleagues to argue that there is a more profound problem than when the NSA is allowed to jimmy our electronic locks: we need a policy of good locks. We need to secure the internet itself. At the very least, stop investing hundreds of millions in ensuring it remains systematically vulnerable. None of the problems of identity theft, information leakage, virtual property theft, and bullies hacking accounts to steal photos will be solved with superior technology alone. But none of these problems can be solved with chronically broken security, technologies that are damaged as a matter of policy.
We need to secure the internet. We need to secure our devices. Our bank accounts should be protected; and corporations should be able to keep their intellectual investments secure. Our children need to be able to make the stupid mistakes of the young without having their computers hacked and foolishness broadcast. As the letter says the, “ choice is between a communications infrastructure that is vulnerable to attack at its core and one that, by default, is intrinsically secure”. Unfortunately, that choice was made, and made with no public discussion. In fact, the companies that were forced to participate are forbidden from discussing any of their participation.
There is a wide range of technical expertise on this letter, and we are united by our rejection of the NSA excuses for massively undermining the technical security of our national infrastructure. And despite the widespread discussion about Snowden’s revelations, it appears that there is no move to reconsider this policy of self-inflicted, continuing damage.
There has been no discussion or change in the practice and policy of systematically creating vulnerabilities in the infrastructures that place every person reading this blog at increased risk. It is one thing to make a bad choice and pick a weak password. It is another to be prevented from securing your virtual possessions and digital property on the off chance that you may know someone who knows someone who could be sympathetic to terrorists. The only policy change is that your data may not be compiled if your are three, not two, degrees separated from a person of internet (i.e., if you only know someone who knows someone who knows someone who is a foreign national).
We need to be able to be safe online, even if we do err, which is why I signed that letter. None of us is a lawyer. None of us is a scholar of the Constitution, nor have we informed legal arguments on when it is justified to break into people’s homes and copy their correspondences. But we can speak on the extreme importance of ensuring that we can live in safe, secure virtual homes, trust our medical records, our employers, and the basic infrastructure itself.