“The fundamental fabric of the Internet has been destroyed,” says Bruce Schneier. “I assume that all big companies are now in cahoots with the NSA, cannot be trusted, are lying to us constantly. You cannot trust any company that makes any claims of the security of their products. Not one cloud provider, not one software provider, not one hardware manufacturer.”
“Bullrun,” which undermined most forms of encryption on which the world relies, pushed him over the edge. Surveying the wreckage of Internet security wrought by his own government, he calls for more whistleblowers, calls on engineers to rebuild encryption without backdoors and otherwise NSA-resistant, and calls for pressure on governments and corporations toward radical transparency:
I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA’s actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.
Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country’s internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can’t be dominated or abused by any one country.
VC Albert Wenger is wrong about Schneier but right about the future we need when he says:
We cannot and should not be living in digital fortresses any more than we are living in physical fortresses at home. Our homes are safe from thieves and from government not because they couldn’t get in if they wanted to but because the law and its enforcement prevents them from doing so….What we need to get back to is a political and legal system where when you use reasonable effort to secure your communications (and that should include using the mobile and cloud systems of companies such as Google, Yahoo, Microsoft, Apple) you have a reliable protection of your civil rights.
So what agenda would a US Government that really cared about jobs and the economy have for the Internet? Would it focus on trying to convince Europe, Brazil and Mexico not to worry? Or would a Marshall Plan for the Internet emphasize:
- more democratic accountability,
- more tolerance of whistleblowers, and
- the development of international norms that it would take as seriously as it purports to take the norms against physical weapons of mass destruction?