Wednesday, March 19, 2014

Towards an Inviolable Internet

Resilience and Privacy - Jon Crowcroft 18.3.2014

Building an inviolable Internet

1. We want generational computing:-

Sublime reason
i) According to Vikram Chandra (geek sublime) there are 300,000 Sanskrit manuscripts
on palm leaves...  vanishing at the rate of several a day due to corrosion

Trivial pursuits...
ii) my life bits  - formats, kids - grandma's degree from st Petersburg 1971 etc


=> Resilience - tolerant to faults/flaws -> Integrity

2. We need information resource availability and correctness "5 nines" & better:

Seriously
i) the internet is my memory bank
my house deeds
my bank
my shopping
utility controls

Trivially
ii) and a source of end of endless pub disputes about facts

=> Availability

3. We have been sold centralised systems (the Cloud)
which aren't incented to do 1 or 2....

i). we can suddenly lose data if a central company goes broke (loss of generation)
ii) our DSL line is down or cell phone coverage is poor...(loss of availability too)

4. We'd like Confidentiality - privacy....(why - see later)

Trivially
i) Central cloud services are tempted to mission creep
targeted adverts and analytics (market research undermine confidentiality
accidental breaches leak massive data sets to the entire world

ii) Government mission creep leads to massive surveillance


Q. Are there alternatives?
A. Yes

1. Encrypt all human related data when stored as well as when transmitted
=> trustworthy encryption software
=> key management complexity
=> can we extend encryption to "safe" processing?

2a. Own the storage - whether in home, pocket or cloud
=> payment if centralised [because central cloud server no longer has analytics/advert revenue)
=> what are costs?
actually, a lot less than you think -
take google+facebook revenue/number of users (conservative (high) estimate
=> 3 euro per month  << internet access bill for broadband or cellular
=> could bundle with network access
=> Problem - central site is still open to
Coercion, Corruption, Connivance with Big Bad Agencies...
(coerce to weaken crypto or reveal keys etc etc), so how to tackle that...next, decentralize:
2b. alternative:
Decentralise - i.e. peer to peer
=> what are the incentives?
actually mutual benefit, but
could pay (much less than 2a, due to lack of need for big servers
soem electricity cost increase to home server (<< 2a)
=> what are risks?
store some other person's bad or embarrassing data
encrypt
=> efficiency
interesting approach is to "code" data so k/n is sufficient to recover all
much lower overhead than central (full) copies
=> Mutually Assured Destruction
Eternity service was envisaged e.g. to store
e.g. BBC + VOA + Al Jazeera on same servers
can't remove one without removing all:)

3. regulatory, legal and economic  control of breaches (sever penalties)
you would have different terms & conditions with central encrypted storage provider
or peers...


4. Ethics:- "You have nothing to hide, so you have nothing to fear"
This statement is nonsense -
The problem is that something on the Internet is not just not hidden,
it is effectively broadcast. This is problematic

a). Social
It is human nature to present different persona to different people
Removing this right is psychologically toxic

People have different points of view - this is normal

b) Personal
We live and learn - we have the right to make mistakes
(even to commit crimes and misdemeanours)
and have them forgotten (mainly) - many such
"embarrassments" -
minor drugs offences, terminated pregnancies
treatment for STDs, depression

c) Government (and law) change

Do you want to go back to the chill of not discussing socialism in McCarthy era USA (the real cold war)?

or civil rights in southern states?

or workers rights in 1930s England?

or if you are right wing libertarian, the removal of coal miners excessive union power under Thatcher?

or the government of South Africa having discussions with  Mandela in prison about handover of power , or of England with IRA about northern Ireland peace agreement?

d) Who polices police?
LovInT incidents

Worse - again, one click leak of all data  -
could release location of abused partners
to dangerous men, or of people under witness protection programmes
or of information that was gathered for intelligence,
but not intended as meeting laws of evidence (i.e. insufficient
for court, but bad enough for newspaper).

Conclusion.

Recent revelations mean that the governments (esp. of UK and US) have
"weaponised the Internet" against civil society.
They have broken the social contract about
what is reasonable to do, and the Internet must be fixed

To do so will mean that it becomes much harder for government agencies to track genuine bad guys - this is their fault - had they stayed within bounds of lawful intercept and civil society's understanding of that, there would have been no need to make the Internet and the Cloud inviolable.

The NSA and GCHQ  have forced that requirement on civil society and will have to work with the consequences. That is, after all, their job.