首页
社区
课程
招聘
[转帖]英国卫报爆出美国系统安插各种软件后门。安全专家Bruce Schneier号召技术人才夺回互联网
发表于: 2013-9-6 15:09 6295

[转帖]英国卫报爆出美国系统安插各种软件后门。安全专家Bruce Schneier号召技术人才夺回互联网

2013-9-6 15:09
6295
http://www.theguardian.com/commentisfree/2013/sep/05/government-betrayed-internet-nsa-spying

文章很震撼。

The US government has betrayed the internet. We need to take it back

The NSA has undermined a fundamental social contract. We engineers built the internet – and now we have to fix it
   
Bruce Schneier       

The Guardian, Thursday 5 September 2013 20.04 BST       

'Dismantling the surveillance state won't be easy. But whatever happens, we're going to be breaking new ground.' Photograph: Bob Sacha/Corbis

Government and industry have betrayed the internet, and us.

By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract. The companies that build and manage our internet infrastructure, the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.

This is not the internet the world needs, or the internet its creators envisioned. We need to take it back.

And by we, I mean the engineering community.

Yes, this is primarily a political problem, a policy matter that requires political intervention.

But this is also an engineering problem, and there are several things engineers can – and should – do.

One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by a federal confidentially requirements or a gag order. If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don't cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.

Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.

We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.

The Internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver. This group needs dedicate its next meeting to this task. This is an emergency, and demands an emergency response.

Three, we can influence governance. I have resisted saying this up to now, and I am saddened to say it, but the US has proved to be an unethical steward of the internet. The UK is no better. The NSA's actions are legitimizing the internet abuses by China, Russia, Iran and others. We need to figure out new means of internet governance, ones that makes it harder for powerful tech countries to monitor everything. For example, we need to demand transparency, oversight, and accountability from our governments and corporations.

Unfortunately, this is going play directly into the hands of totalitarian governments that want to control their country's internet for even more extreme forms of surveillance. We need to figure out how to prevent that, too. We need to avoid the mistakes of the International Telecommunications Union, which has become a forum to legitimize bad government behavior, and create truly international governance that can't be dominated or abused by any one country.

Generations from now, when people look back on these early decades of the internet, I hope they will not be disappointed in us. We can ensure that they don't only if each of us makes this a priority, and engages in the debate. We have a moral duty to do this, and we have no time to lose.

Dismantling the surveillance state won't be easy. Has any country that engaged in mass surveillance of its own citizens voluntarily given up that capability? Has any mass surveillance country avoided becoming totalitarian? Whatever happens, we're going to be breaking new ground.

Again, the politics of this is a bigger task than the engineering, but the engineering is critical. We need to demand that real technologists be involved in any key government decision making on these issues. We've had enough of lawyers and politicians not fully understanding technology; we need technologists at the table when we build tech policy.

To the engineers, I say this: we built the internet, and some of us have helped to subvert it. Now, those of us who love liberty have to fix it.

• Bruce Schneier writes about security, technology, and people. His latest book is Liars and Outliers: Enabling the Trust That Society Needs to Thrive. He is working for the Guardian on other NSA stories

[注意]传递专业知识、拓宽行业人脉——看雪讲师团队等你加入!

收藏
免费 0
支持
分享
最新回复 (9)
雪    币: 184
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
银行信息等各种互联网信息都不再安全,因为美国NSA已经破解了绝大部分的加密软件。2006年的互联网加密标准是NSA通过美国标准学会公布的。。而且NSA影响了商业加密软件的设计。。

http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security

Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with "brute force", and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
2013-9-6 15:36
0
雪    币: 185
活跃值: (25)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
不明觉厉。只看了betray..
2013-9-6 15:41
0
雪    币: 184
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
这个东西意义重大。首先可以明确看雪大部分兄弟做的加密解密在美国国安局看来不过是过家家。其次美国是典型的贼喊做贼。微软多次成为帮凶。现在可以想象微软的操作系统到底是否如他们说的那样干净了。
2013-9-6 15:44
0
雪    币: 185
活跃值: (25)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
就算没有这玩意。。看雪的大部分人在看雪高手眼里也是过家家
2013-9-6 15:54
0
雪    币: 184
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
6
看雪的高手在美国国安局看来也是过家家。。不是我不敬。别人掌握了底牌。。
2013-9-6 15:57
0
雪    币: 242
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
大可放心,国家安全从来都是绝密的,真正的高人都隐藏着呢,tian朝(过滤了,只能这么写)卫星都上天无数次了,没有点干货是不会这么勤快的。情报人员的斗争在和平年代要比战争年代更激烈、更残酷。任何时候对一个国家来说,保证安全、强大是从来不会松懈的,只是普通人不了解而已
2013-9-6 16:29
0
雪    币: 1559
活跃值: (1795)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
wbs
8
等高手去后门在用 哈哈哈
2013-9-6 17:35
0
雪    币: 204
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
nmn
9
D版的微软操作系统大多安插有各种后门。哈哈哈。。。
2013-9-11 03:26
0
雪    币: 47
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
软件安全本身就是一个悖论,上个世纪哥德尔已经证明了!
-- 天下武功无坚不破,唯快不破
2013-9-11 08:37
0
游客
登录 | 注册 方可回帖
返回
//