150 points by hsnewman 9 days ago
"As I have repeatedly said, we need to decide if we are going to build our future Internet systems for security or surveillance. Either everyone gets to spy, or no one gets to spy. And I believe we must choose security over surveillance, and implement a defense-dominant strategy."
Can't agree more!
Even if you encrypt all traffic they can still spy you can't prevent physical attacks nor can you prevent government spying trought warrants or by compromising the service and content providers.
It doesn't matter if Facebook is going to be accessible trough TOR only or not if the NSA or any other capable intelligence agency can compromise Facebook.
Even if you do somehow manage to put all physical transport links in the hands of some impenetrable organization the US and China would just send a sub to the ocean and tap the cables.
And just like it's granted that AT&T cables can be accessed by US authorities China can access anything that a Chinese company lays down and likely even with more ease.
>Even if you encrypt all traffic they can still spy you can't prevent physical attacks
Yes but a vast swathe of attacks are stopped with good encryption.
Recall for example that TLS ("HTTPS") provides integrity verification, not just encryption.
Yes they are but it also doesn't have anything to do with this attack vector where the ISP/backbone is the point of compromise.
A) If the traffic going over the backbone is properly encrypted compromise of the backbone doesn't accomplish anything.
B) Why can't the backbone nodes be encrypted too so that any attempt to splice the fiber would result in a break of the connection?
Some quantom cryptography can work but it's very iffy and expensive, there are ways to detect taps and even when a cable is bent.
Simply cutting the connection because the signal was interupted won't work, not to mention that many taps can be inserted without interruption and it's not like the NSA can't figure out how to work around maintenance windows.
But in this case it's not even a covert unauthorized tap it's a Chinese company ofc they'll cooperate with the Chinese government.
But again encryption doesn't prevent physical attacks of this sort they can still suck all the data out and while it maybe useless unless they can decrypt it this vector has nothing to do with building a secure internet.
The problem is that even if you encrypt everything state actors can simply go one step up the chain at the end of the day someone needs to be able to decrypt your packets besides you.
It does seem odd that traffic between nations is apparently not encrypted by agreement of those nations, with nation-pair crypto keys.
For example, a link from Vatican City to San Marino should be protected from Italy. A link from Bolivia to Switzerland should be protected from all the other countries along the route.
They aren't spying on "undersea cables". They aren't sending subs down to split fibers or plant taps. Those days are long gone.
They are perhaps tapping at point where cables leave the shore, but even that is old hat. With everything being encrypted, and the sheer volume of traffic, intel agencies these days find it much easier to go to the source. If the NSA or China want to read your email, they don't tap undersea cables. They go directly to your email/text/cell service and siphon only the data they want. Or, for things like meta data/location tracking, they can just buy the data like any other company. That is the real future: the commoditization of espionage.
> If the NSA or China want to read your email, they don't tap undersea cables
It is naive to say that the NSA does or does not use a particular collection method. The truth is they use them all to varying levels of success.
Upstream collection (targeting the communication medium and infrastructure) has been confirmed dating back to the 70s and as recent as 2013 with the Snowden leaks. Even the PRISM program with its "direct access" to providers like Yahoo and Google was eventually discovered to be tapping the fiber optic links between the companies datacenters without their knowledge or consent.
if you build it, they will tap
> and siphon only the data they want
All of it.
If they can't decrypt it now they'll save it until they can.
>> If they can't decrypt it now they'll save it until they can.
Save it on what? Can someone do a back of the envelope calculation on what it takes to back "all of it" for an indeterminate amount of time?
Someone could, someone did, and this was the result:
Hard drive production is about 400 million drives per year.
In 2017, global IP traffic was 1.5 ZB per year, or 1.5 billion terabytes. So assuming you were using 10TB drives you'd need 150 million hard drives per year, or about 37% of global production.
You can dump any traffic that originates from a bulk traffic provider like Netflix, Youtube, Prime, Xbox Live Download, etc - it would be sufficient to collect metadata if you were interested in this at all. This source suggests that content makes up about 33% of global IP traffic, with unspecified media providers (probably porn) making up another 15% or so, so on the whole you can probably round that up to between 40 and 50%.
From there the numbers get a little squishy depending on your estimates of various categories of traffic and how conservative you want to be about discarding content.
In theory you can discard anything that you can collect from another source - i.e. stuff like gmail, you can get from google directly, no need to capture that. If you are not interested in retaining un-encrypted content, you could dump a bunch more. Only about 50% of traffic is encrypted, although that is probably weighted towards non-bulk content being the encrypted stuff.
If you can dump, let's say 75% of all non-bulk content then you'd be looking at retaining about 12.5% of total IP traffic, 187.5 million terabytes per year, which would require 18.75 million drives per year, or about 4.69% of global production.
You could, of course, blow it all down to tape filed according to cipher, and then read it back in when you have broken it. No need to keep everything online forever when it's not broken yet. LTO-8 tapes are 12 TB each (encrypted data will not compress), so the numbers work out similarly to 10 TB drives. LTO tape production is a lot smaller though, about 20 million tapes per year, so there is not enough tape sold to do that, unless you are doing a private factory to produce your own tapes. But at that scale, it would probably be more affordable than drives.
Some people speculate that Amazon Glacier is actually a library of BDXL discs and that they are purchasing big batches from factories. That's about 125 GB per disc, but in bulk they are probably also cheaper than drives as well.
FWIW Snowden's docs suggested that they were only retaining data for a month (iirc) and then dumping it, but it's possible they could be selectively retaining encrypted data for longer. Presumably the Utah datacenter was built for a reason. I would assume that at this point they have "high-risk" selectors that automatically get pulled out but that they are probably not collecting everything everything and keeping it forever.
Also, a footnote here is that this would be a logistically significant operation, you would either need your own parallel data links with a significant fraction of the capacity of the primary backbone (far beyond what SIPRNET/NIPRNET likely can support), or you would need to be moving shipping containers of drives/tapes back to Utah like Amazon Snowmobile. You'd also need people regularly going into those tap rooms to change out the drives and so on. It would be high maintenance to attempt this.
I suspect that even if they don't retain content long term, they would probably retain metadata. What sites you visited and who you talked to is very revealing, especially on a timeline measured in decades.
I wonder how much value there is in tapping undersea cables anymore. HTTPS is pretty well established and companies are encrypting traffic between data centers.
Metadata and DPI is still pretty informative.
it seems like the obvious solution would be to buy bandwidth on those and just send a continuous bytestream over the cable, as a transport layer, say between "2" and "3" and someone would just have to implement the standard protocols (tcp/udp) over a subscription service to the moving bytestream.
Depends where in the network you are and what transport you are using. WAN is a different game to access.
I will try to exemplify internet cables with a fisherman going into the ocean. The person can take a variety of strategies to achieve their goals, here are a few:
- Fisherman goes to X location because he knows at that time he will be able to catch tuna & mackerels.
- Fisherman goes to a random location capturing whatever he can. He can later decide what is of value or not, whether he will throw it back into the ocean or not is up to the captain.
- Fisherman goes to a random location and captures everything. There seems to be some stuff he doesn't know if it is edible or not, but it doesn't matter. He can store the catch and see if he can cook it later.
Some of the catches will spoil before you are able to figure out whether it is edible or not, others can be useful decades later.
What could someone do if they were to store all the encrypted data and then wait for quantum computing to make the data usable?.. you could target certain streams of data, from certain periods of time, build a case and then decide on the next course of action (target for more data or take physical action.)
I always wonder how big the spy traffic is?
How many times is the average packet on the internet copied for surveillance purposes, and how much does it slow down the net as a whole?
I'm sure all large countries are spying on undersea internet cables.
I'm already being spyed on by the USA, and have been for probably decades, what's the difference?
As the article says, "This shouldn't surprise anyone. For years, the US and the Five Eyes have had a monopoly on spying on the Internet around the globe. Other countries want in."
Yes, but now China can check to be sure that the data they have tunneled out of the Five Eyes stores are accurate... see that's getting real intelligence information :^)
Which has a bad taste of whataboutism.
The huge difference is the NSA collects to achieve political goals. China spies for political and economic benefit. Foreign businesses are frequently targeted with the singular goals of IP theft or gaining leverage in business negotiations.
Wow. I'm always astonished by the people who think economic espionage isn't a huge part of Western intelligence services. It is.
The Americans just hide it better and it's entirely within their mandate. China couldn't care less if the world finds out. France is absolutely running wild and has been for decades. Australia has been caught planting bugs in foreign leaders offices for the sole purpose of an oil companies business deal.
Usually "whataboutism" is an attempt to deflect blame; I doubt that was Schneier's intent.
The NSA claims it doesn't do economic espionage but there's evidence suggesting otherwise. Google brings up plenty of articles. For example:
Depends on who you are. I am absolutely against this kind of surveillance. HOWEVER, as a US citizen I trust the US more with my data (or Germany or, etc.) then China.
I feel exactly the opposite.
As a US citizen living in the US, even if the Chinese were to have every bit of my private data, they wouldn't really pose any threat to me as I'm not in their jurisdiction. The US, on the other hand, has a very real ability to use my data against me.
With very few exceptions (e.g. you are being explicitly targeted by a hostile nation-state for high-profile activities), surveillance by foreign governments will always pose less risk than surveillance by your own government.
I agree with that, the US poses a much greater realistic threat with my data. However I'm also more confident in our government system to have at least some form of recourse.
However, I'll counter with the idea that while I as an individual am at minimal risk from direct legal action from China, the greater collection of data as a whole on say American's could be used maliciously. One example would be "Cambridge Analytica style" targeting of advertising, similar to the previous US election.
What I mean to say is that this data may pose a strategic advantage for China in ways other then targeting individuals. Yes the US can do this to me as well, but again I'm more confident in our system of checks/balances to at least minimize the damage.
Again, I do oppose all State surveillance, I just mean to voice my opinion the "lesser of the two evils"
Do you think the NSA or China is more likely to blackmail you into giving up trade secrets of your employer?
That's a shortsighted view. If China is ever going to war with the US they sure as hell are going to use every bit of your data against your and other US citizens.
In that scenario I think we would face problems larger than our internet usage patterns.
China has a limited overseas power projection. China does not have the power to get you. But the US can pretty much get anybody. Congrats on being a US citizen.
Is this a joke, ignorance or just being plain disingenuous?
The issue of Chinese money disrupting regulatory bodies and academia in Australia and New Zealand is quite severe. China has fantastic power projection with far less restraint than the US. The power projection of the US armed forces is overt in active conflict zones in the third world, but China's power projection via economic means in the first world is clearly apparent, and I think the age where this does not impact individuals directly is rapidly drawing to a close.
One solution, beside bashing China, is to vote for a liberal agenda that would give more funding to universities. Guggenheim and other art institutions took money from the Sacklers, who started the opioid crisis. Because they need money. And universities need money. They have to get money one way or another.
I hate the Chinese regime more than you do. The problem here is by exaggerating Chinese power, right-wing rhetoric in the West is singing a war song against China, which usually carries a racist undertone. And the dictator in China would stupidly believe China is indeed powerful. That's how the trade war between Xi and Trump started.
> China has a limited overseas power projection
For a limited definition of 'power projection'.
I am of the opinion that we are in the midst of a paradigm shift from overt physical power to weaponized and atomized informational power.
That is to say, the use of information technology and very fine-grained details about individuals to achieve ends that suit those projecting power.
No. I'm not here to argue with anybody. I don't intend to change anyone's standing point. I realized long ago that online argument is more about sending pheromones so that the like-minded will come to you.
> Congrats on being a US citizen.
I apologize, I didn't mean to come off as snarky. What I mean is that it's my own country. If I was from say Sweden, I'd likely trust the Swedish government more as a Swedish Citizen.
No worries. It's true being a US citizen carries certain guarantee of basic rights that a citizenship of any other country does not.
You wouldn't believe. Sweden is really a high-trust society. You can look up any person in the country online, etc, etc.
How do they analyze the traffic? Is it possible to get something from these actions?
So where in the article does it say that China is spying on the cables?
much of the internet traffic is served over TLS these days, DPI and such equipment are becoming more and more useless. But hey, up to L4 is still plaintext!
Security has been the red-headed stepchild of software and, in some cases, hardware innovation for a long time. And I agree that it's important to take steps to ensure that changes.
I think two simple principles should be remembered to facilitate this:
1. Most end users will choose convenience over security
2. Security without usability is a compromise to security
If developers of these innovative technologies take the time to implement tried-and-tested security/privacy controls while providing easy-to-undersatnd education for non-technical users, then I believe things can certainly improve.
Are we just making China the Boogeyman now on hacker news? I'm not trying to be a whataboutist, but literally everything China is doing had been done for decades by everyone else capable of doing that thing. Why are we suddenly up in arms about China?
Because the US is engaged in a strategic struggle with China over ideological dominance and influence on world events.
You can see the conflict spanning the South China see to trade relations and economic investment to accusations both directions of misconduct in technology manufacturing.
China has been getting more aggressive due to perceived US weakness, and this kind of PR is part of a multi-pronged US response. As are increased prosecutions for financial crimes and kicking up a fuss over the trade deal.
elites attempting to distract population and create scapegoat for impending economic/sociological/demographic crisis.