Liars and Outliers (33 page)
Read Liars and Outliers Online
Authors: Bruce Schneier
Comparing the top picture with the middle one shows the difference between less and more technology. In the middle, the gap between attacker and defender is the same width, but because there's more technology, the area is greater. There are actually two dimensions to innovation: technological advancement and technological prevalence. In either dimension, the more technology there is, the greater the security gap. In other words, if there are more innovations to exploit, there will be more damage resulting from society's inability to keep up with exploiters of all of them.
Think about it this way. Technology is available to both the attackers and the defenders, and it's pretty much all there is until moral, reputational, and institutional pressures catch up. When there's more technology out there, the attackers have more opportunity to increase the scope of defection before the defenders catch up. Technology can affect the scope of defection in many ways, but in general, it gives the attackers more leverage. So the more technological a society is, the greater the security gap is.
This is an intrinsic condition of the problem, for all the reasons we just talked about. The security gap cannot be eliminated.
The security gap is also greater in periods of rapid technological change, as society struggles to manage the broader social changes as well as quickly adapting defectors do. In 1970, futurist
Alvin Toffler wrote
about
future shock
, the psychological and social problems that result from people being forced to absorb too much technological change too quickly. His estimates about how much technological change people could deal with were way too low—the rate of technological change in the second decade of the 21st century is much faster than the seventh decade of the 20th—but his basic ideas are sound.
People learn how
to cope with new technologies at their own pace, some more easily than others. And groups of people move more slowly than some of their members. Defectors are not inherently less susceptible to future shock than society at large, but the more successful ones are. Successful defectors are always going to be able to outpace the average capability of society.
Again, look at
Figure 15
, the bottom this time. In a period of rapid change, technology increases faster, so the curve climbs higher in the same period of time than in the earlier figures. This faster growth rate makes for a larger area under the curve in the same period of time—a greater security gap.
This has happened before, notably in the 19th century. That's when we got railroads, steamships, the widespread use of paper mail, the telegraph, and then the telephone—all allowing people to communicate at greater distances and with greater speed. But perhaps even more important than any of that, there were significant changes in attitudes about people and the world. Society came to expect economic growth, along with universal education and universal betterment. The world changed, and that affected security.
The ease of rapid travel meant more people traveled. On one hand, this meant that you could no longer distrust people just because they came from “out of town.” On the other, this allowed for a
new type of grifter
, conning people out of their money and moving on before he could be caught. At the same time, cities got larger.. Policing in 18th-century London was a hodge-podge of unpaid and unorganized constables and a draconian court system (160 different crimes carried the death penalty). This sort of community policing didn't scale to a large modern city, so Sir Robert Peel organized the first modern police force and criminal justice system.
Other cities followed
suit.
Technology directly changed society as well. The telegraph meant that money could be transferred instantaneously, but the open nature of the system meant conversations could be eavesdropped on and spoofed. So operators developed codes to prevent that. Other examples were the mass production of timepieces, making it easier to manage employees; the rise of unions, giving employees more power with respect to their employers; and the telegraph and then the telephone, an enormous change in communication that affected everyone. It was an age where defectors adapted to a changing society, and society had to adapt to changing defectors.
Today, we're seeing the effects of both more technology than ever before
and
a faster rate of technological change than ever before.
2
In particular, the revolutionary social and political changes brought about by information technology are causing security and trust problems to a whole new degree. We've already seen several manifestations of this: the global financial crisis, international terrorism, and cyberspace fraud. We've seen music and movie piracy grow from a minor annoyance to an international problem due to the ease of distributing pirated content on the Internet. We've seen Internet worms progress from minor annoyances to criminal tools to military-grade weapons that cause real-world damage, like the
Internet worm Stuxnet
, the first military-grade cyberweapon the public has seen. All this has come about because information technology increases the scope of defection in several ways:
- Migration of all data onto the Internet.
As data moves onto computer networks, there are more—and, more importantly, different—risks. The security that worked when the systems were manual, or housed on computers not attached to a global network, no longer works.
3 - Technological mediation of social systems.
Similarly, social systems—including systems of reputational pressure—are vulnerable to technological attacks as they become technologically enabled. For example, e-mail has security risks that paper mail does not. Electronic voting has security risks that paper voting does not. Internet telephony has security risks that conventional telephony does not. - Migration of evolved social systems into deliberately created socio-technical systems.
In Chapter 14, we discussed the problem of delegating societal pressures to institutions, specifically government institutions. More and more, we are delegating societal pressures to corporations: the security of our conversations, our photographs, and our data. This trend of corporations acting as institutions gives those corporations more ability and incentive to defect. - Class breaks.
A product, or line of products, may have common vulnerabilities that impact every copy of the product that has ever been made. As globalization allows a single product to be used worldwide, the discovery of such a vulnerability can have a global impact. This is not new, but information systems are particularly prone to this type of problem. Information systems have common vulnerabilities that can be exploited
en masse.
Someone who finds, for example, a vulnerability in an operating system that allows him to steal data can steal data from the entire class of computers using that operating system. - Automation.
Information system attacks can be automated. Instead of manually having to break into computer systems, an attacker can write a program to do it automatically. This not only drastically increases the frequency of defection, it also has two other effects. One, it makes attacks whose probability of success is very small viable. And two, it makes attacks whose profitability is very small—so-called
salami attacks
because of how thinly sliced each instance of fraud is—viable. - Action at a distance.
Attacks that used to require the attacker to get up close and personal to his victims can now be done remotely, from anywhere on the planet. It used to be that a store in Los Angeles didn't have to worry about burglars living in London or Lagos; those places were simply too far away for it to be worth the burglar's time or expense to fly to Los Angeles. But on the Internet, every web store has to worry about every cyber burglar in the world. There are no natural defenses against distance. Similarly, 20 years ago, few Americans had to worry about encountering Ukrainian or Nigerian criminals. On the Internet, it happens constantly. - Technique propagation.
Because information system attacks can be automated and encapsulated in software, the capability to launch these attacks can propagate. No longer does a criminal have to learn how to attack a security system: pick a lock, defraud a bank, or whatever. On the Internet, only the first attacker has to be skilled. Everyone else can
just use software
. - Technique iteration and improvement.
Because attacks can be so efficient, it's easier for attackers to learn from their mistakes and improve their attacks. They can create ten varieties of a computer worm and test which one works best, or a hundred varieties of spam to see which one fools recipients best. Because so many Internet attack tools become public, it's easy for one attacker to learn from another's work. - Defector aggregation
. One thing that makes it easier to defect from society is finding a subgroup of defectors. This both makes it easier to overcome moral and reputational pressures, and allows defectors to trade tips on overcoming the legal pressure and security systems. The Internet itself lets defectors easily find and communicate with like-minded individuals. There's a whole online community of people who think childhood immunization is evil. There are terrorist-sympathetic websites, which might—it's hard to separate reality from media hype—also act as terrorist-recruiting websites. There are a gazillion places on the Internet where you can learn to hack computer systems and commit fraud.
There are two more changes that belong on this, too, but they won't fit neatly into bullet points: changes in organizational structure and changes in organizational behavior.
Let's start with organizational structure. The Internet reduces the cost of organization dramatically, enabling ad hoc and loosely connected organizations of individuals who contribute tiny amounts of effort towards a large goal.
4
Linux and Wikipedia are both informally produced and freely available “products” created by legions of unpaid volunteers; and both are viable competition to corporate, traditionally created, alternatives. Crowdsourcing can produce results superior to more traditional mechanisms of delegating work.
From a societal pressure perspective, the normal competing interests we've come to expect from traditional organizations don't apply in the same way to these ad hoc organizations. For example, Microsoft can be—and in the past has been—pressured by the U.S. government to deliberately weaken encryption software in its products, so the government could better spy on people. This works because Microsoft is an American corporation, and in at least some ways beholden to American interests. Its operating system competitor, Linux, is not. Linux is an open-source operating system, not controlled by a business. The Linux team, even the few individuals at the core, are not motivated by profit. They're not in any one country. They are probably unlikely to agree to a confidential meeting with government officials of any nationality. They are a different sort of actor. On the other hand, Microsoft probably has better systems in place to prevent infiltration by rogue programmers.
WikiLeaks is another stateless organization. WikiLeaks sits somewhere between a loose organization of activists and the personal mission of a single individual named Julian Assange. It exposes information that governments and powerful corporations would rather keep secret. In this way it is very much like an organization of journalists. But because it is not a commercial enterprise, and because it is not moored within a country, it's much more difficult to corral. And this scares countries like the United States.
Compare WikiLeaks to a traditional newspaper. That newspaper is in a societal dilemma with all the other newspapers in that country.
| Societal Dilemma: Newspapers publishing government secrets. | |
| Society: All the newspapers in the country and the government. | |
| Group interest: Government not clamping down on freedom of the press. | Competing interest: Increase market share. |
| Group norm: Self-censor. | Corresponding defection: Publish any juicy secrets you discover. |
| To encourage people to act in the group interest, the society implements a variety of societal pressures. Moral: It's unpatriotic, or otherwise wrong, to publish government secrets. Reputational: Newspapers want good reputations because it keeps their readers, advertisers, and sources all happy. Institutional: Often, none. In fact, the U.S. Supreme Court has held that it is legal to publish secrets, even though it is illegal to leak them. Security: Potentially, espionage that lets the government know when a story is about to leak. |
This doesn't look like effective societal pressure, but it largely works. It works because, even in the absence of any laws, the pressure to cooperate—to self-censor—is surprisingly powerful. No press organization wants to be labeled as unpatriotic or traitorous, or jeopardize its advertisers.
The result is that newspapers sometimes publish embarrassing government secrets, and sometimes they don't. In 1971, the
New York Times
published the Pentagon Papers, a secret and damning history of U.S. military involvement in Vietnam. In mid-2004, the
New York Times
learned about the NSA's illegal wiretapping of American citizens without a warrant, but
delayed publishing
the information for over a year—until well after the presidential election. Presumably there are things the
New York Times
has learned about and decided not to publish, period.
WikiLeaks changes that dynamic. It's not an American company. It's not even a for-profit company. It's not a company at all. And it's not really located in any legal jurisdiction. It simply isn't subject to the same pressures that the
New York Times
is. This means the government can't rely on the partial cooperation of WikiLeaks in the same way it can rely on that of traditional newspapers.
5
