<http://craphound.com/cringely_toorcon_2003.txt>
Robert Cringely's Keynote: I Have Seen the Future and We Are It: The Past, Present and Future of Information Security >From ToorCon 2003, www.toorcon.org San Diego, CA Impressionistic transcript by Cory Doctorow [EMAIL PROTECTED] Sept 27, 2003 -- I built, by hand, the first 25 Apple ][s, worked on the Lisa's GUI. I invented the Trashcan Icon. I had spent the summer of 1979 working for the Fed, debugging 3-Mile Island (I'd been a physicist). Then I wrote a book about it on a 300-baud modem terminal connected to an IBM mainframe using a line-editor. I hit the wrong key one night and trashed 70K words. Hell, Lawrence of Arabia lost a handwritten ms for a 350k-word manuscript. When I went to work on the Lisa, I was determined that deleting a file would be a two-step process. On some systems, the trashcan bulges (defies physics); on others, the lid goes off (defies my mother). In my version, a fly circled the trashcan. The focus groups thought it was fuckin' awesome. But by turning off the fly, the computer could be made to run twice as fast. They fired me. I went back to Apple in 84 and did the last lick of work I'd ever do: designed a global comms system called AppleLink -- chat, boards, etc. Run on a mainframe. Ran for a few years, then decided that it wasn't worth it for Apple. They sold the code to a company called Quantum Data Systems, which changed tis name to AOL, and the rest is history. I wrote AOL 1.0. My mailer let you retract your mail -- you could send mail and then take it back. I'd demo it by sending mail to Sculley that said, "Sculley you idiot" and then retract it. One day, Sculley retracted his mail and they fired me. When I was working on the Three-Mile Island cleanup, we had a lot of leaks to WashPo. The white-belt/white-shoe consultant stopped by my cubicle. The PHB asked the consultant, "Who are we afraid of sneaking in here?" The consultant said, "Why WashPo, of course." Except that the WashPo guys were getting everything by socially engineering us when we drank at the bar down the street. He had no ability to control what employees did in the bar, so he invented a bogeyman in the drop-ceiling. Intel once had a counsel called "Al the Shredder" who would drive a golf-cart up and down the document-retention center aisles. He discovered two boxes on the floor, not filed. He asked "What are these?" No one knew, so he said, "Shred 'em." Turns out these were the documents specifically requested by the IRS. They were left saying to the IRS, "We have any doc you want, except the ones you asked for." To this day, the IRS doesn't believe a word Intel says. Al had access and authority, but he didn't know what he was doing. I was at a company called The Prediction Company in Santa Fe, and they manage $1BB worth of stock-trading for the Swiss UBS bank, earning $1MM/day using computers. I asked, what do you do about data-security? They have firewalls and stuff, but the building used to be a whorehouse (in a sense it still is) [Laughs]. I asked if they'd heard of Tempest? No, they hadn't. Nothing was RF-hardened. The public street is 12' away -- your competitor could park a van there all day long and scrape all your screens and put you out of business. This was just two months ago! We worry about logical security, we forget about physical security. Think about JetBlue: Who wants to be the guy who said, "Oh, sure, by all means, have 1,000,000 customer names!"? I keep a letter on my wall that I got from a student at Uni of Akron, explaining in vast detail what an idiot I am. At the end of the letter, he says, "I eat people like you for lunch." [Ed: huh?] I don't know as much as you know, so I have to look at the big pic from a 30-year perspective. We once had a dream of ubiquitous infosec: perfect secrecy, anonymity, untraceable e-cash -- protect ourselves from censorship, etc. It hasn't worked. I don't know that it can ever work. I was the only reporter at the first DefCon -- and that's what people were talking about then. By contrast, today's news is a cypherpunk nightmare. Information turns out not to be power, after all: Power is power. Joe user doesn't want to encrypt email. Anonymity is overwritten by court-order. The Great Firewall of China keeps a billion people from communicating, from knowing what's going on. In 1997, in Hong Kong, I spoke to the China-Internet people and said, "How do you proxy an entire Internet?" They said, "Well, it might not work, but we'll just throw all our resources at it until it does." E-commerce is credit-card numbers in SSL. Hides nothing from anyone. Except it provides a certain sense of comfort. Our fallback is "The most you'll lose is $50." Information is "protected" by companies who bring lawsuits against people who figure out how to read it. It's wrong to brand figuring out how to decode information as evil. The closest thing to strong security that we are likely to have as a society is Palladium. That's horrible. Pd is MSFT's infosec initiative. MSFT doesn't know about infosec. We've shifted who controls infosec infrastructure and how it's applied. It used to be enormous companies trying to protect other enormous companies and govt. No one cared about us. The enforcers focused on deterrence, hunting down transgressors and beating them up. Now MSFT is entering into the world of protecting us. They want to make an infrastructure that gets not just govt and corps to bay, but people like us, too. We're trying to figure out how to give that kind of thing away for free, they're trying to sell it, so they hate it. Your assets are brain-power; theirs is brain-power and $50BB. BayTSP is a corp that listens on behalf of the FBI. They're making a living at being proxy-cops. What if law-enforcement were perfect? What if no laws were violated? The cops would hate it. Without a criminal, a cop has nothing to do, no career. The system needs to function. We can divide society into groups: individual, family, tribe, nation, world. Each group is trying to defend itself against the other (you're trying to keep your mom from finding out what's under your bed) and to attack the other -- the tribe doesn't care about what's under your bed, cos your mom will be a proxy for its interests. But the tribe is trying to find out what's your mom's secrets and what the nation is trying to take from it. The nation cares about tribes -- criminal elements, subversives, etc. In the pre-electronic world, nations and tribes were concerned with physical security. Individuals and families locked the back door. Then we worried about physical and logical security (i.e. safeguarding microfilm). In the early digital era, we watched the data on an international stage. In the BBS era, it magnified, and some individuals started worrying about their computers getting rooted and their floppies being stolen. Today, it's all logical, there's no physical component to security. We've forgotten the importance of physical security. We think we have it licked. It's hard. A centralized system is like NASDAQ: all the info is stuck in a computer in Connecticut. A decentralized system is like the currency market: the rate is smeared out all over the world. I think decentralized is better. Who do you trust? Used to be we relied on things like photo ID or other auth tokens. Having authed someone, we stopped watching him. IOW, if someone who normally transacted 1MB/day logs into a box and transacts 1TB, we don't notice. There's a company in the UK that scans mail for bad stuff. In five years, they've never had a worm get through, in 5MM customers. We usually rely on signatures to detect worms, but these guys quarantine the worms that come in on the basis of looking anomalous. [Ed: If we're going to profile executables using non-interrogatable algorithms, how will we stop the bad guys from hijacking our systems?] This can stop worms but can turn into Big Brother. Big groups are slow and stupid. Little groups are fast an nimble (but volunteer for suicide attacks). I spoke at a military institution and went stumbling for WiFi and found a honeypot. But I also found four others that they didn't know were there. I take great solace in our lack of security. It's my only hope to hide. Our equal vulnerability helps. I was recently a victim of identity theft. They can have my identity. It's worth more to them. It made me understand our social engineering vulnerability: institutions can't detect social engineering. You can have mail forwarded from any address in America to any other address in America, for any period. I had a postman who delivered my neighbor's mail to me. I wrote on it "Sent to wrong address." And the Postmaster yelled at me for defacing the mail. I told him that I hadn't defaced anything, just reported that he'd fucked up. And he said that that was his right. eof -- ----------------- R. A. Hettinga <mailto: [EMAIL PROTECTED]> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire' --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
