Instruments for treason
Translator's Note:
Just yesterday I read this post on TechCrunch. I found it necessary to translate it primarily because it applies not only to the States and not only to the NSA, but rather a post about the complex and confusing relationship between the private life of an individual and where the states see the boundary of this private life and national security.
PS This is my first translation and first post. I hope that I can bring something to them in the community, or at least generate a constructive discussion.
If there are errors in the translation that I didn’t catch, I ask you in the BOS, I will try to make corrections as quickly as possible.
Our rights and freedoms are expanded and limited depending on the tools we use. The Internet has greatly expanded our ability to express freedom of speech, but at the same time, it has also severely limited what we used to call private life. And we, by the way, personally handed out our personal data at every step. Even burned, we still returned to tell more about ourselves. It seems to me that we did this because we trusted those to whom we transmitted this data, although almost all of them have already lost this trust. And, it seems, any trust that will continue to be shown should never be unconditional. So why bother with this trust at all?
It seems that if we could start everything from scratch, then the basic principle of building our communication means should be not trust, but impossibility of trust.
It's a little cynical, but it is necessary. If trust is present in any part of the system, they will be used. If there is at least one place in a long chain of servers, routers, cables, interpreters, loggers, drivers, protocols, interfaces and displays, in which you are not 100% controlling your data, then they are already compromised, and such a system will not work properly .
')
The trick is to treat any information transmitted as a potential act of terrorism. The NSA, for example, does just that. For them, this is an excuse, but for us it should be a leitmotif. If you start from this, then you can build a system that will work. If you develop a system based on this, you will be told that you are developing a tool for traitors, scoundrels and criminals. And yes, that’s what you’ll be doing.
And great. If it is not illegal, then it is not safe enough. If the government does not blame it, it is not reliable enough. Tools suitable for traitors are the only things that are suitable for protecting our privacy today.
Let's be honest: these tools will be used for evil, both petty and monstrous: for selling child pornography, for selling drugs, for planning murders, for planning terrorist attacks. You will be told that you are arming the enemy. Yes it is. But these tools are not necessary and sufficient to commit crimes. Any kitchen knife is sharp enough to cut a person close to you; any hammer hard enough to smash heads; any car moves at a speed sufficient to shoot down pedestrians. They must be such as to fulfill their purpose, and with regard to information, everything is exactly the same.
Understand, we are not only talking about chats on Facebook or searching Google. What may seem too serious to protect personal mail may not be entirely enough to coordinate the guerrilla operations across borders. Many people don’t care about their privacy at all when it comes to a single e-mail address leaked from Facebook or Gmail account metadata. They may come to this later, or they may not, but there must be someone who achieves that by this moment the very concept of private life still exists.
If your algorithm does not allow the pedophile to irreversibly spoil your hard drive and avoid punishment, it will not help people who are under ideological pressure to keep prohibited books. If your instant messenger application does not allow you to safely plan a terrorist attack at the World Championships, then it will not help the activist talk about human rights violations. If your map does not allow poachers to catch rhinos without attracting the attention of environmental organizations, it will not be able to be used by national minorities to avoid “cleansing”. The power of the tool determines the very possibility of these things, and this is a very, very old question about the purpose for which this tool will be used. And the answer, as usual, will be "for those and for others."
And how can we undoubtedly do such magical things? In fact, there are only two mandatory requirements, if we assume (in most cases, in vain; at least at first) that users use them correctly.
They must completely ignore the law. There is no point in following it - even governments do not. Inquiries from the police, lawsuits and any legal methods should be absolutely useless without the desire of the user. But contempt of the law is not enough, if the user is not inviolable for him.
Therefore, such systems should not be centralized. PaaS are well suited, and will be suitable, for editing photos and rating restaurants, but not for personal communication or any confidential information. Even services like Spideroak put following the laws above the needs of users and decrypt the data if such a request arrives. Independent placement on your own or rented (or virtual) equipment is the only way to be sure that your data is secure.
Put a web-based NAS into every home and see how many existing institutions are crumbling. With affordable Internet, end-to-end encryption and p2p, our communication tools will no longer be dependent on anything but the most basic infrastructure - and even this dependence can be overcome with time. The choice of really working protocols, plugging holes in them and extending compatibility will take time, but this must be done. As with Bittorent, Pandora’s box won't close anymore. Bittorent took 10 years to enter the lives of ordinary people, but given the speed with which services and agencies are found to distribute personal data to the right and left at the first request, it can take much less time for people to make friends with the cryptographer within. Make the installation of such a system as easy as installing a client for social networks and you start something that will not stop so easily.
The government and the forces that we trusted proved to be unworthy of this trust, unreliable (if not moreover). Respect for their interests should no longer be our concern, and further decentralization of the Internet should be the next step. Creating something that will serve the interests of the private life (and / or security) of a person, and not the interests of those who want to impose themselves on people, should be the top priority in creating software and platforms for the coming years.
Those who are above will not like it, because freedom is the freedom to do both good and evil; and they, as judges, are horrified that they will not know what you are doing. We are tired of the fact that they know everything about us, tired of their attempts to learn. We have technology in our hands. We can declare our independence. We have done this before.
Just yesterday I read this post on TechCrunch. I found it necessary to translate it primarily because it applies not only to the States and not only to the NSA, but rather a post about the complex and confusing relationship between the private life of an individual and where the states see the boundary of this private life and national security.
PS This is my first translation and first post. I hope that I can bring something to them in the community, or at least generate a constructive discussion.
If there are errors in the translation that I didn’t catch, I ask you in the BOS, I will try to make corrections as quickly as possible.
Our rights and freedoms are expanded and limited depending on the tools we use. The Internet has greatly expanded our ability to express freedom of speech, but at the same time, it has also severely limited what we used to call private life. And we, by the way, personally handed out our personal data at every step. Even burned, we still returned to tell more about ourselves. It seems to me that we did this because we trusted those to whom we transmitted this data, although almost all of them have already lost this trust. And, it seems, any trust that will continue to be shown should never be unconditional. So why bother with this trust at all?
It seems that if we could start everything from scratch, then the basic principle of building our communication means should be not trust, but impossibility of trust.
It's a little cynical, but it is necessary. If trust is present in any part of the system, they will be used. If there is at least one place in a long chain of servers, routers, cables, interpreters, loggers, drivers, protocols, interfaces and displays, in which you are not 100% controlling your data, then they are already compromised, and such a system will not work properly .
')
The trick is to treat any information transmitted as a potential act of terrorism. The NSA, for example, does just that. For them, this is an excuse, but for us it should be a leitmotif. If you start from this, then you can build a system that will work. If you develop a system based on this, you will be told that you are developing a tool for traitors, scoundrels and criminals. And yes, that’s what you’ll be doing.
And great. If it is not illegal, then it is not safe enough. If the government does not blame it, it is not reliable enough. Tools suitable for traitors are the only things that are suitable for protecting our privacy today.
Let's be honest: these tools will be used for evil, both petty and monstrous: for selling child pornography, for selling drugs, for planning murders, for planning terrorist attacks. You will be told that you are arming the enemy. Yes it is. But these tools are not necessary and sufficient to commit crimes. Any kitchen knife is sharp enough to cut a person close to you; any hammer hard enough to smash heads; any car moves at a speed sufficient to shoot down pedestrians. They must be such as to fulfill their purpose, and with regard to information, everything is exactly the same.
Understand, we are not only talking about chats on Facebook or searching Google. What may seem too serious to protect personal mail may not be entirely enough to coordinate the guerrilla operations across borders. Many people don’t care about their privacy at all when it comes to a single e-mail address leaked from Facebook or Gmail account metadata. They may come to this later, or they may not, but there must be someone who achieves that by this moment the very concept of private life still exists.
If your algorithm does not allow the pedophile to irreversibly spoil your hard drive and avoid punishment, it will not help people who are under ideological pressure to keep prohibited books. If your instant messenger application does not allow you to safely plan a terrorist attack at the World Championships, then it will not help the activist talk about human rights violations. If your map does not allow poachers to catch rhinos without attracting the attention of environmental organizations, it will not be able to be used by national minorities to avoid “cleansing”. The power of the tool determines the very possibility of these things, and this is a very, very old question about the purpose for which this tool will be used. And the answer, as usual, will be "for those and for others."
And how can we undoubtedly do such magical things? In fact, there are only two mandatory requirements, if we assume (in most cases, in vain; at least at first) that users use them correctly.
They must completely ignore the law. There is no point in following it - even governments do not. Inquiries from the police, lawsuits and any legal methods should be absolutely useless without the desire of the user. But contempt of the law is not enough, if the user is not inviolable for him.
Therefore, such systems should not be centralized. PaaS are well suited, and will be suitable, for editing photos and rating restaurants, but not for personal communication or any confidential information. Even services like Spideroak put following the laws above the needs of users and decrypt the data if such a request arrives. Independent placement on your own or rented (or virtual) equipment is the only way to be sure that your data is secure.
Put a web-based NAS into every home and see how many existing institutions are crumbling. With affordable Internet, end-to-end encryption and p2p, our communication tools will no longer be dependent on anything but the most basic infrastructure - and even this dependence can be overcome with time. The choice of really working protocols, plugging holes in them and extending compatibility will take time, but this must be done. As with Bittorent, Pandora’s box won't close anymore. Bittorent took 10 years to enter the lives of ordinary people, but given the speed with which services and agencies are found to distribute personal data to the right and left at the first request, it can take much less time for people to make friends with the cryptographer within. Make the installation of such a system as easy as installing a client for social networks and you start something that will not stop so easily.
The government and the forces that we trusted proved to be unworthy of this trust, unreliable (if not moreover). Respect for their interests should no longer be our concern, and further decentralization of the Internet should be the next step. Creating something that will serve the interests of the private life (and / or security) of a person, and not the interests of those who want to impose themselves on people, should be the top priority in creating software and platforms for the coming years.
Those who are above will not like it, because freedom is the freedom to do both good and evil; and they, as judges, are horrified that they will not know what you are doing. We are tired of the fact that they know everything about us, tired of their attempts to learn. We have technology in our hands. We can declare our independence. We have done this before.
Source: https://habr.com/ru/post/185916/
All Articles