Friday, April 07, 2006

More Trust Models: To Trust Telecos and Governments.

As discussed in the article "AT&T Forwarding All Internet Traffic to NSA?," the EFF alleges that AT&T has been forwarding that traffic which passes over their lines to the NSA. In keeping with my recent obsession with trust models, I shall raise an important question: to what degree should one's telecommunications provider and one's government be trusted? The most obvious answer seems to be to not trust either at all.

Dealing with each in turn, let us consider the role of a teleco in a trust model. A teleco sells a very specific service: to connect you to the Internet. Nowhere in this is the guarantee that they have the human decency to keep the data which you trust to their networks reasonably secure or private. Though some telecos may give you this decency, there is no compelling reason to assume that they will prevent unauthorized access to your data. Rather, the very people you least desire to have access to your data will seek to integrate themselves with a teleco, just as a pedophile might find access to their victims through a position in a police organization (as seen in the recent Department of Homeland Security child sex scandal). Thus, in one of those many ironies which permeate throughout information security, a teleco should be distrusted by default. How do you deal, then, with securing your data over what is, fundamentally, an untrusted network? For that, cryptography again comes to the rescue. A trust model which assumes a base distrust of the network itself will promote the use of end-to-end encryption. Oh, would that this were the case in practice.

Moving on to trusting a government, let us reflect upon words of wisdom from the Federalist Papers, No. 51, written by Alexander Hamilton:

But what is government itself, but the greatest of all reflections on human nature? If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself. A dependence on the people is, no doubt, the primary control on the government; but experience has taught mankind the necessity of auxiliary precautions.

A careful examinations of these words reminds us that at its most fundamental, a government is a response to imperfections in the human condition. Unfortunately, however, that response is in itself forged from the same flawed humanity. At a practical level, we are again reminded of a very basic axiom of trust:

The positions most requiring of trustworthiness are sought out by those most apt to abuse that trust.

Put differently, the positions that we create to deal with issues of trust and crime are the most desirable to those intent on violating that trust. As I have already mentioned, a position in a police organization is highly desirable for a criminal, so is not a position in lawmaking most desirable for a lawbreaker? How, then, can we ever trust our own government to be responsible with our data? We cannot if we wish to have any expectation of security. Government can secure us from each other, but it can never secure us from itself.

It is thus seen that the recent allegations by the EFF represent yet another failure to apply sane trust models to every aspect of our lives. Instead of harboring a base distrust of our communications providers and our governments, we explicitly place large amounts of trust in them. Though this by no more excuses the alleged crimes than leaving an expensive car unlocked excuses its subsequent theft, we should likewise not be at all surprised that, when we are so naive as to trust our governments and telecos, our trust will be violated in the most profound sense.

technorati tags: , , ,

No comments: