[LINK] Schneier on 'Feudal Security'
Roger Clarke
Roger.Clarke at xamax.com.au
Sun Dec 16 08:43:32 AEDT 2012
[It's nice to occasionally be a year or two ahead of industry gurus.
[Bruce Schneier (details below) says:
>Today's internet feudalism ... is ad hoc and one-sided. We give
>companies our data and trust them with our security, but we receive
>very few assurances of protection in return, and those companies
>have very few restrictions on what they can do. This needs to
>change.
I published an analysis of user risks in the cloud in early 2010:
User Requirements for Cloud Computing Architecture
http://www.rogerclarke.com/II/CCSA.html#RA
>Cloud computing ... exacerbates many of the risks arising from
>outsourcing, and creates some new ones. The following sub-sections
>provide outlines of key operational, contingent, security and
>business risks. ...
I then presented this paper, back in June 2011:
The Cloudy Future of Consumer Computing
http://www.rogerclarke.com/EC/CCC.html
including:
>Consumers are increasingly dependent on services and data remote
>from their own devices.
>Consumers are at dire risk of service malfunctions, loss of data,
>and provider exploitation of their data. Further serious concerns
>include low standards of accessibility and clarity of Terms, and
>largely unfettered scope for providers to change the Terms, in most
>cases without notice and with immediate effect.
>Given the power imbalance, and the increasing importance of consumer
>services, consumer protections would appear to be essential. There
>is, however, an almost complete absence of effective regulation.
Ego-trips aside, this is an important article:
Feudal Security
Bruce Schneier
http://www.schneier.com/crypto-gram-1212.html#1 (15 Dec 2012)
http://www.wired.com/opinion/2012/11/feudal-security/ (26 Nov 2012)
It's a feudal world out there.
Some of us have pledged our allegiance to Google: We have Gmail
accounts, we use Google Calendar and Google Docs, and we have Android
phones. Others have pledged allegiance to Apple: We have Macintosh
laptops, iPhones, and iPads; and we let iCloud automatically synchronize
and back up everything. Still others of us let Microsoft do it all. Or
we buy our music and e-books from Amazon, which keeps records of what we
own and allows downloading to a Kindle, computer, or phone. Some of us
have pretty much abandoned e-mail altogether... for Facebook.
These vendors are becoming our feudal lords, and we are becoming their
vassals. We might refuse to pledge allegiance to all of them -- or to a
particular one we don't like. Or we can spread our allegiance around.
But either way, it's becoming increasingly difficult to not pledge
allegiance to at least one of them.
Feudalism provides security. Classical medieval feudalism depended on
overlapping, complex, hierarchical relationships. There were oaths and
obligations: a series of rights and privileges. A critical aspect of
this system was protection: vassals would pledge their allegiance to a
lord, and in return, that lord would protect them from harm.
Of course, I'm romanticizing here; European history was never this
simple, and the description is based on stories of that time, but that's
the general model.
And it's this model that's starting to permeate computer security today.
Traditional computer security centered around users. Users had to
purchase and install anti-virus software and firewalls, ensure their
operating system and network were configured properly, update their
software, and generally manage their own security.
This model is breaking, largely due to two developments:
1. New Internet-enabled devices where the vendor maintains more control
over the hardware and software than we do -- like the iPhone and Kindle; and
2. Services where the host maintains our data for us -- like Flickr and
Hotmail.
Now, we users must trust the security of these hardware manufacturers,
software vendors, and cloud providers.
We choose to do it because of the convenience, redundancy, automation,
and shareability. We like it when we can access our e-mail anywhere,
from any computer. We like it when we can restore our contact lists
after we've lost our phones. We want our calendar entries to
automatically appear on all of our devices. These cloud storage sites do
a better job of backing up our photos and files than we would manage by
ourselves; Apple does a great job keeping malware out of its iPhone apps
store.
In this new world of computing, we give up a certain amount of control,
and in exchange we trust that our lords will both treat us well and
protect us from harm. Not only will our software be continually updated
with the newest and coolest functionality, but we trust it will happen
without our being overtaxed by fees and required upgrades. We trust that
our data and devices won't be exposed to hackers, criminals, and
malware. We trust that governments won't be allowed to illegally spy on us.
Trust is our only option. In this system, we have no control over the
security provided by our feudal lords. We don't know what sort of
security methods they're using, or how they're configured. We mostly
can't install our own security products on iPhones or Android phones; we
certainly can't install them on Facebook, Gmail, or Twitter. Sometimes
we have control over whether or not to accept the automatically flagged
updates -- iPhone, for example -- but we rarely know what they're about
or whether they'll break anything else. (On the Kindle, we don't even
have that freedom.)
I'm not saying that feudal security is all bad. For the average user,
giving up control is largely a good thing. These software vendors and
cloud providers do a lot better job of security than the average
computer user would. Automatic cloud backup saves a lot of data;
automatic updates prevent a lot of malware. The network security at any
of these providers is better than that of most home users.
Feudalism is good for the individual, for small startups, and for
medium-sized businesses that can't afford to hire their own in-house or
specialized expertise. Being a vassal has its advantages, after all.
For large organizations, however, it's more of a mixed bag. These
organizations are used to trusting other companies with critical
corporate functions: They've been outsourcing their payroll, tax
preparation, and legal services for decades. But IT regulations often
require audits. Our lords don't allow vassals to audit them, even if
those vassals are themselves large and powerful.
Yet feudal security isn't without its risks.
Our lords can make mistakes with security, as recently happened with
Apple, Facebook, and Photobucket. They can act arbitrarily and
capriciously, as Amazon did when it cut off a Kindle user for living in
the wrong country. They tether us like serfs; just try to take data from
one digital lord to another.
Ultimately, they will always act in their own self-interest, as
companies do when they mine our data in order to sell more advertising
and make more money. These companies own us, so they can sell us off --
again, like serfs -- to rival lords...or turn us in to the authorities.
Historically, early feudal arrangements were ad hoc, and the more
powerful party would often simply renege on his part of the bargain.
Eventually, the arrangements were formalized and standardized: both
parties had rights and privileges (things they could do) as well as
protections (things they couldn't do to each other).
Today's internet feudalism, however, is ad hoc and one-sided. We give
companies our data and trust them with our security, but we receive very
few assurances of protection in return, and those companies have very
few restrictions on what they can do.
This needs to change. There should be limitations on what cloud vendors
can do with our data; rights, like the requirement that they delete our
data when we want them to; and liabilities when vendors mishandle our data.
Like everything else in security, it's a trade-off. We need to balance
that trade-off. In Europe, it was the rise of the centralized state and
the rule of law that undermined the ad hoc feudal system; it provided
more security and stability for both lords and vassals. But these days,
government has largely abdicated its role in cyberspace, and the result
is a return to the feudal relationships of yore.
Perhaps instead of hoping that our Internet-era lords will be
sufficiently clever and benevolent -- or putting our faith in the Robin
Hoods who block phone surveillance and circumvent DRM systems -- it's
time we step in in our role as governments (both national and
international) to create the regulatory environments that protect us
vassals (and the lords as well). Otherwise, we really are just serfs.
A version of this essay was originally published on Wired.com.
http://www.wired.com/opinion/2012/11/feudal-security/
Government spying:
http://www.wired.com/opinion/2012/10/from-spyware-to-mobile-malware/
Safety in Apps:
http://www2012.wwwconference.org/proceedings/proceedings/p311.pdf
Companies getting security wrong:
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/
http://www.bbc.co.uk/news/technology-20180229
http://www.redorbit.com/news/technology/1112674890/photobucket-fusking-081412/
or http://tinyurl.com/cgg4x49
http://www.wired.com/gadgetlab/2012/10/amazons-remote-wipe-of-customers-kindle-highlights-perils-of-drm/
or http://tinyurl.com/8gcjxxu
Companies cooperating with governments against users:
http://www.wired.com/threatlevel/2012/11/gmail-location-data-petraeus/
http://m.bbc.co.uk/news/technology-20319505
Blocking and circumvention:
https://mobilescope.net/
http://www.wired.com/gadgetlab/2011/01/how-to-strip-drm-from-kindle-e-books-and-others/
or http://tinyurl.com/66lrty6
** *** ***** ******* *********** *************
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Faculty of Law University of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list