Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01

[Phillip Hallam-Baker <hallam@gmail.com>]

On Wed, Dec 4, 2013 at 6:35 PM, Bruce Perens <bruce@perens.com> wrote:

>  On 12/04/2013 02:57 PM, Phillip Hallam-Baker wrote:
>
>
> When someone starts accusing everyone of treason it isn't so much
> refutation that is appropriate as the men in white coats.
>
> Oh, come on Phillip. I did not accuse anyone, I said that it was arguably
> criminal or treasonous, and warned of the danger to you.
>

It seemed like more of a threat to me.

The NSA is very aware of the work that I am doing and its purpose. I
presented the work at MIT the week before Vancouver with several current
NSA employees present and a former NSA director.

One thing we know the NSA is going to need is usable data level security.
The only thing that differentiates my proposal from previous ones is that
(1) it requires exactly the same degree of effort as regular mail, (2) it
does not depend on building out infrastructure before deployment and (3) it
supports a policy layer so that in addition to discovering the recipient's
key, an application can determine the security policy of the recipient.

In other words, what differentiates my proposal is that it has a chance of
keeping Britain, American and their allies safe against the attacks that
are now going to be coming from all the other governments that are now
going to be playing copycat in the wake of Snowdonia.


The NSA is charged with two missions, not one. Protecting the US and its
allies from attack is far more important than attacking other countries.
The US has an electricity infrastructure that would embarrass many third
world countries, it has been defeated by squirrels let alone cyber-attacks.

Cyberwarfare has many of the same characteristics as terrorism. the
barriers to entry are low. It is inherently non-attributable and so
deterrence is infeasible. Any attempt to set red lines opens up the risk of
a false flag attack. And what might shock you is that people who have spent
their lives studying war had to have that pointed out by me.

Cyber is inherently destabilizing. And the risk is not just of a cyber
attack against the US and its allies. An attack against Russia or China
could lead to catastrophic consequences as well. Neither has the capacity
to develop an effective cyber defense in their critical infrastructure
unless the western powers develop the technology first. One of the ugly
costs of relying on industrial espionage is that it destroys any chance of
developing an indigenous research capacity.


The issues are vastly more complex than you imagine. NSA 1.0 spent its time
cracking mechanical ciphers to enable the CIA coups that stopped when the
world moved to digital in the mid 70s. NSA 2.0 grew large fat and lazy
while its military management spent their time boosting each other's egos
with (unsecured) Powerpoint presentations that almost certainly exaggerate
their capabilities.

We don't know what NSA 3.0 is going to be doing but it isn't going to have
anything like the intercept capabilities of the past and it will be two
congresses before they have any ability to shape the political landscape
again.


-- 
Website: http://hallambaker.com/