How specifically to free the Internet

    In the continuation of the articles “ Snowden shed light on the situation with hacking cryptography. Everything is bad ” and “ The US Government has betrayed the Internet. We need to return it to our own hands ” - what exactly needs to be done to limit the lawlessness of the special services. Yes, Bruce Schneier already gave his recommendations, but he gave them to ordinary people - readers of The Guardian, far from IT; I want to turn to specialists who create and choose Internet technologies.

    But first, let's define our goals. The main task of law enforcement agencies is still to catch killers, drug lords, terrorists and other pedophiles there. The task is necessary and necessary. The whole question is in the methods by which it is solved. So far, these are search methods - the suspect is determined, a warrant is received for him in court, and by this order the cops get access to wiretapping phones, bank statements, e-mails - everything is fine. Yes, this is a limitation of the rights of a suspect whose guilt has not yet been proven, but it is an inevitable evil, otherwise the cops simply will not be able to do their job. There will be nothing wrong if a detective can send a request to a judge electronically from his smartphone, he will sign an electronic warrant for his digital signature, and on the basis of this electronic warrant, the relevant companies will send the necessary information to the cop electronically back to the office smartphone. 21st century after all.
    But alas, it was always easier for cops to work everywhere with the methods of the gendarmes, that is, not to think, but totally forbid and not let go. So, for example, because of one loser demoman who tried to collect a bomb on board an aircraft and received only a burn of his own genitals, it is now impossible to carry liquids on board all over the world. Due to one moron with acid and a couple of idiots with general epaulettes, billions now suffer annually.

    Today, all spheres of life one way or another go to the Internet, and the secret services around the world for some reason decided that they can now access all the information transmitted on the Internet without any warrants or other conventions of the law. But the Internet is a technical thing, and we, creating Internet engineers, can and must stop the special services. Whether we like it or not, but the states will control the trunk lines and the largest IT service providers, eavesdrop and implement bookmarks. But we can and must create such technological conditions in which automatic total surveillance of the state by citizens will be technically impossible. I hope that no one on the planet already believes in the honesty of the thoughts of the leaders of the special services or in the fact that they can limit themselves. Therefore, if we do not manage and do not limit them on our own,
    For specific villains - let them hunt. Let them receive warrants for wiretapping, let them break into computers of villains - these are all piece, manual methods of investigation. But total control without any accountability to society must be made impossible.

    Now about the engineering component, like what.
    The first one. As Bruce Schneier says, encrypt your communications. Encrypt everything. If you make sites, hang them on HTTPS, the certificate now costs no more than a domain. Even if the site is completely unavailable via http, users will still not notice the difference. If you create sites for customers - convince customers to hang them on HTTPS. Explain that via HTTP any student can steal the password for the admin panel just by being there (which is really elementary in WiFi and other peer-to-peer networks with a common transmission medium).
    If you write network software, no matter which - even games and chat rooms - encrypt connections through TLS or SSH there, this is elementary. At the same time, you will get a nice bonus - the ability to identify the user's device by his key, which will greatly facilitate the life of your tech support.
    The point is that DPI, wiretapping of highways and all kinds of SORMs become useless for total surveillance if all the traffic of all users goes encrypted. Even if there are bookmarks in the basic encryption algorithms (openssl, etc.) that allow you to drastically reduce the cost of decryption with the knowledge of certain magic constants, this still will not allow you to decrypt all traffic on the fly. Brute-force specific villains - please. Follow all in a row - you will manage.

    The second is PKCS # 7- based crypto mail. This is already working, but today the implementation and use of this business is mainly done by banks and state. organizations that need a reliable digital signature and that use tricks of multifactor authorization with USB tokens, scratch cards of one-time passwords, etc. This is all too complicated for the average user. He needs to put the keys somewhere in the file directly on the hard drive and figure out how to transfer them to another device. He clicked a button and it did everything itself, as Firefox is synchronizing now.
    And here we need geeks who will write the necessary final software for mere mortals. Browser plugins that allow you to encrypt and decrypt email messages in the web interface in the browser itself, plugins for email clients, etc. Well, of course, we ourselves switch from a regular email to crypto. Create a fashion.
    For geeks, ordinary business users will catch up who actually need a legally significant digital signature (paper originals with stamps have long got everyone), but it should not be as confused as in banking systems. Business users are good at educating their aunts on how to use it.
    And when everyone will switch to crypto-mail, including people far from IT, simply because it is a standard that is everywhere - then ANSbniks will no longer be able to just delve into the archives of the gmail, solving their unknown tasks. Because in those archives there will be messages encrypted from Google itself.

    Well, the third - you need an open Skype replacement. In general, almost every Windows comes with two huge backdoors - the RDP (Remote Desktop) service and Skype. Both allow you to regularly monitor the user's desktop and the user himself through a webcam and microphone. And, apparently, there is no reason to hope that the NSA does not have a secret key to enable tracking on any computer in the world.
    At least you can disable RDP in the control panel or block access from the Internet with a firewall. Neither one nor the other can be done with skype. And absolutely nothing prevents Microsoft from monitoring via Skype what sites you visit and what you read. Just a simple AI, limiting the flow of information to the NSA server.
    Once upon a time, Skype was an easy p2p program on a good crypto scheme, verified by Schneier himself. Today we need the same, but only fully opensource and with open protocols for implementing clients on any vacuum cleaner. This does not seem to be an unsolvable task, does it? Well, of course, this new Skype should become the de facto standard, displacing all other alternatives. This also does not seem to be an unsolvable task, the fashion for one or another IM changes every few years.
    There is, of course, another tab - this is the user's browser. IE, Chrome and its clones monitor users and send information about everything you visit to their developers and special services supervising them. But you don’t even need to develop anything here, just go to Firefox.

    That's all, these three points are enough to solve the task. Encryption of connections, encryption of messages, and encryption of video and telephone conversations makes total surveillance of the population impossible. It is only necessary to give this population new programs that work only in encrypted mode instead of those used today. They will not even notice the difference.

    After all, the Internet is just a means of communication. The right to privacy of correspondence is enshrined in the constitutions of most countries of the world and cannot be limited without a court decision. There is absolutely nothing impossible in guaranteeing the realization of this right at a technical level, and we can do it. You only need to understand the problem and act together.

    Also popular now: