[LINK] Schneier: government, big data pose bigger 'Net threat than criminals

[Kim Holburn]

http://arstechnica.com/business/news/2012/02/schneier-gov-big-data-pose-bigger-net-threat-than-criminals.ars


> As Bruce Schneier spent the past decade watching the growing rash of phishers, malware attacks, and identity theft, a new Internet threat has emerged that poses even greater risks, the security expert said.
> 
> Unlike the security risks posed by criminals, the threat from government regulation and data hoarders such as Apple and Google are  more insidious because they threaten to alter the fabric of the Internet itself. They're also different from traditional Internet threats because the perpetrators are shielded in a cloak of legitimacy. As a result, many people don't recognize that their personal information or fortunes are more susceptible to these new forces than they ever were to the Russian Business Network or other Internet gangsters.

....

> He called the new model "feudal security" in which Kindle Fire owners trust their security to Amazon, iPhone users trust their Apple, and so on. As a result, the devices no longer come with general-purpose capabilities. Open environments are increasingly being replaced with closed systems that are designed to give users less control.

.....

> In addition to the threat from big data—which Schneier coined "the risks of Layer 8 and Layer 9 attacks"—he said Internet users are being harmed by the surge in government attempts to redesign Internet infrastructure. As more and more of the world goes online, it's a given more crime will follow, he said. As a result, laws such as the 1994 Communications Assistance for Law Enforcement Act—which mandated telecom companies redesign switches and other gears so law enforcement agents could tap them—are slowly being extended to Internet technologies, possibly such as Skype and Hushmail.
> 

> Another example is a push among governments in Europe to require ISPs to store logs of user activity for 12 months or longer in case the information is needed in an investigation.
> 
> "Here, we have an example of government coming in an effort they believe will make us all safer," he said. "I look at it and say it's much less safe because once you have that data you're going to have to secure it. And the securest thing you can do is to delete it. So again we're seeing people who are not Internet security people trying to push a security policy."
> 

> The third force of this outside, nontechnical threat is posed by a "cyberwar" arms race, in which countries around the planet develop weapons such as the Stuxnet worm, case each other's networks, and possibly even plant backdoors in case they're needed during a time of war.
> 
> "We're now living in a world where nations are stockpiling cyber weapons," he said. "The military industrial complex is alive and well and quite happy to spend lots of money on cyber weapons and cyberwar and cyber defense. This feels incredibly destabilizing to me. I'm not convinced these things couldn't go off by accident "



-- 
Kim Holburn
IT Network & Security Consultant
T: +61 2 61402408  M: +61 404072753
mailto:kim at holburn.net  aim://kimholburn
skype://kholburn - PGP Public Key on request