Computer Security 8 - Governments vs. The Internet

Free speech and freedom:

Beware of he who would deny you access to information, for
in his heart he dreams himself your master.
  -- Sid Meier

"Read him his rights" .. we all know what that means

The Starsky And Hutch theory of human rights:

We seem much more comfortable with propagating...values to future
generations nonverbally, through a process of being steeped in
media. Apparently this actually works to some degree, for police in
many lands are now complaining that local arrestees are insisting on
having their Miranda rights read to them, just like perps in American
TV cop shows. When it's explained to them that they are in a different
country, where those rights do not exist, they become
outraged. Starsky and Hutch reruns, dubbed into diverse languages, may
turn out, in the long run, to be a greater force for human rights than
the Declaration of Independence.
  -- Neal Stephenson

• I'll talk about 2 major trends of Governments vs. The Internet
• 1. Government Surveillance - In the news!
• 2. Governments vs. Free Speech

Category 1: Government Surveillance

• Snowden disclosures
• NSA spying on everybody
• How much?
• 2 scenarios are clear, 1 unknown

1. Motivated Spying

• Say a government/agency is highly motivated to spy on a particular person
• e.g. Government trying to prosecute a Mafia type conspiracy
• In this case, the attacker can likely get all sorts of info (mostly legally):
• 1. Warrant -- they could get warrant for email records, phone records, wiretaps, ...
• 2. They could physically break in and install a keylogger on a laptop or gadget on a car ...
• 3. They could exploit an unknown vulnerability to install malware on a particular person's machine (China and the NSA are accused of this)
• "Spear Phishing" .. like phishing, but crafted for just that person
• e.g. send a specially crafted email trojan to a particular person
• Summary: for a motivated, well financed attacker, the attack is probably successful
• With a warrant, it's legal too

2. Motivated Encryption

• Now from the other side
• Encryption is reliable, e.g. AES encryption
• If someone encrypts a hard drive or file with a good password, it's unbreakable
• So long as the password is nice and long
• e.g. Child Porn encrypted hard drive
• For months the government could not crack/guess the password, child porn
• If the password was, say, twice as long, it would never have been cracked
• Doubling password length squares the space of possible passwords
• Interesting edge case in the law: can a suspect be required to divulge a password?
• Can a suspect be required to give a PIN or fingerprint?
• Those are not yet settled 5th-amendment issues in the US:
  - Can a suspect be forced to reveal a password/PIN under probable cause

3. Government Surveillance

• The US government does not have the resources to monitor everything going on on the internet
• But they could be monitoring some things in coarse detail (Snowden revelations)
• e.g. who calls who (which numbers call which numbers, not the audio)
• e.g. who visits certain web sites
• Is that legal without a specific warrant?
• How much are they doing?
• Nobody is sure, but it's some -- the Snowden disclosure
• It looks like theUS Government was collecting information without a warrant
• The level of surveillance was too high - illegal

Category 2: Governments vs. Free Speech

• Another category of Governments vs. The Internet
• Autocracies are against sharing ideas: free speech, opinions, blogs, newspapers, twitter
• Reasons for hope:
• Fall of communism: VHS video tapes showing western life overpowered the 24/7 regime propaganda (Francis Fukuyama, Stanford)
• Fukuyama in a nutshell: people can tell when they're being lied to all the time, they deeply dislike it, and this dislike cannot be erased, no matter how voluminous the propaganda
• Neal Stephenson story about Miranda rights (above)
• China, dictatorships etc. strongly against free speech
• Being critical of your own institutions is an important value
• The US Government has many flaws
• The US Government is extremely good on freedom of speech

How Governments Censor Free Speech

• e.g China, North Korea: traditional autocratic, what-the-people-are-allowed-to-say / read
• e.g. Pakistan, Saudi Arabia .. mixing in limitations on un-islamic thought, combined with autocracy
• Control TCP/IP routers the connect country to whole internet
• Block certain IP addresses, domain names
• China has an army of people who monitor blogs etc., delete ideas that are not officially permitted
• China also has an army that floods the forums etc. with government-view posts
• I wonder how effective this is, probably not zero
• What "Tiananmen" search looks like with censorship inside China
• Washington Post Censorship Works
• e.g. my free CS video materials are blocked in China
• This all seems like a tragic error that's going to hold China back
• I strongly believe in the value of free speech, China's censorship looks insane
• The censorship has the appearance of a kleptocracy
  - just trying to keep out-of-power people in the dark
• Hope: email, twitter, video ... increasing ease of information sharing making it harder to suppress the truth, per Francis Fukuyama