The US government has betrayed the Internet. We need to take it back

Fri Sep 6 09:37:53 UTC 2013

http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying

The NSA has undermined a fundamental social contract. We engineers built the
Internet – and now we have to fix it

Bruce Schneier

The Guardian, Thursday 5 September 2013 20.04 BST

Internet business cables in California.

'Dismantling the surveillance state won't be easy. But whatever happens,
we're going to be breaking new ground.' Photograph: Bob Sacha/Corbis
Government and industry have betrayed the Internet, and us.

By subverting the Internet at every level to make it a vast, multi-layered
and robust surveillance platform, the NSA has undermined a fundamental social
contract. The companies that build and manage our Internet infrastructure,
the companies that create and sell us our hardware and software, or the
companies that host our data: we can no longer trust them to be ethical
Internet stewards.

This is not the Internet the world needs, or the Internet its creators
envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires
political intervention.

But this is also an engineering problem, and there are several things
engineers can – and should – do.

One, we should expose. If you do not have a security clearance, and if you
have not received a National Security Letter, you are not bound by a federal
confidentially requirements or a gag order. If you have been contacted by the
NSA to subvert a product or protocol, you need to come forward with your
story. Your employer obligations don't cover illegal or unethical activity.
If you work with classified data and are truly brave, expose what you know.
We need whistleblowers.

We need to know how exactly how the NSA and other agencies are subverting
routers, switches, the Internet backbone, encryption technologies and cloud
systems. I already have five stories from people like you, and I've just
started collecting. I want 50. There's safety in numbers, and this form of
civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the Internet to
prevent this kind of wholesale spying. We need new techniques to prevent
communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open
protocols, open implementations, open systems – these will be harder for the
NSA to subvert.

The Internet Engineering Task Force, the group that defines the standards
that make the Internet run, has a meeting planned for early November in
Vancouver. This group needs to dedicate its next meeting to this task. This
is an emergency, and demands an emergency response.

Three, we can influence governance. I have resisted saying this up to now,
and I am saddened to say it, but the US has proved to be an unethical steward
of the Internet. The UK is no better. The NSA's actions are legitimizing the
Internet abuses by China, Russia, Iran and others. We need to figure out new
means of Internet governance, ones that makes it harder for powerful tech
countries to monitor everything. For example, we need to demand transparency,
oversight, and accountability from our governments and corporations.

Unfortunately, this is going play directly into the hands of totalitarian
governments that want to control their country's Internet for even more
extreme forms of surveillance. We need to figure out how to prevent that,
too. We need to avoid the mistakes of the International Telecommunications
Union, which has become a forum to legitimize bad government behavior, and
create truly international governance that can't be dominated or abused by
any one country.

Generations from now, when people look back on these early decades of the
Internet, I hope they will not be disappointed in us. We can ensure that they
don't only if each of us makes this a priority, and engages in the debate. We
have a moral duty to do this, and we have no time to lose.

Dismantling the surveillance state won't be easy. Has any country that
engaged in mass surveillance of its own citizens voluntarily given up that
capability? Has any mass surveillance country avoided becoming totalitarian?
Whatever happens, we're going to be breaking new ground.

Again, the politics of this is a bigger task than the engineering, but the
engineering is critical. We need to demand that real technologists be
involved in any key government decision making on these issues. We've had
enough of lawyers and politicians not fully understanding technology; we need
technologists at the table when we build tech policy.

To the engineers, I say this: we built the Internet, and some of us have
helped to subvert it. Now, those of us who love liberty have to fix it.

• Bruce Schneier writes about security, technology, and people. His latest
book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive.
He is working for the Guardian on other NSA stories