Cybersecurity, My Foot
Image Stolen From HereBear with me... I try to avoid talking about technology here, what with spending my life in that arena, and all. (Actually, I just reread the next two posts, and this statement is apparently a big ol' lie.)
However, I've just been sent our Illustrious Leader's "10-Point CyberSecurity Action Plan," and I had to comment.
However, I've just been sent our Illustrious Leader's "10-Point CyberSecurity Action Plan," and I had to comment.
Applaud a federal move to ensure "cybersecurity" all you like, but this has the stink of Big Brother all over it.
The Feds here are looking to be able to "ensure security" on the public Internet. That same Internet has always been (at least since the demise of ARPAnet in the face of commercial network access) a loosely controlled interplay of networks which are, for the most part, wholly owned and operated by either private or public companies, and in some cases, individuals. The controls placed over traffic traversing those networks is entirely up to those same entities.
Since the Internet we know is essentially a dynamic and loosely-coupled aggregate of smaller heterogeneous networks, under widely varied management regimes, it is naturally fairly insecure. But it is that same lack of overarching policy and organization that makes it eminently flexible and usable. Without the flexibility of the current Internet (the ability to introduce new protocols and information interchange methods at will, for instance), even the establishment of the ubiquitous World Wide Web could not have taken place.
The only way for the Federal monster to "ensure security," unless I understand things poorly, will be to ensure that there is a high degree of federal control, either physically, or in the form of policy and law, applied to the infrastructures provided by the alluded-to companies and individuals. This may take the form of federally mandated software or hardware, and federally dictated settings for either or both. And it would be hard to envision such measures without some degree of direct federal control.
And once the Feds have direct controls on, and visibility, into the Internet at its most critical areas, how long before they will want to actually see the content flying around? (Yes, I know, the prevailing belief is that the Boys and Girls at Fort Meade already do this.) "No problem: encrypted traffic with SSL," you say? Well once unencrypted content analysis is wholesale, then how long until only "approved" cryptography is allowed to traverse the 'net? I'll give you a hint: federal back-doors, a la Clipper and key-escrow.
I have very little to hide, or at least very little I'm willing to go to great lengths to hide, but I'm still not interested in some GS-8 field agent being able to look at my bank statements or snag my passwords in mid-stream, for cause or not.
And, as a personal aside, it annoys me to no end that our Commander in Chief insists on using the term "Cyber"-anything If you're the Leader of the Free World, then you or your advisors ought to be able to come up with something more serious-sounding than a damned pop-culture reference.
Rant off.
posted by Mark of NOLA at 3:01 PM
0 comments
