Hacker News new | past | comments | ask | show | jobs | submit login
Restoring Trust in Government and the Internet (schneier.com)
243 points by hatchan on Aug 7, 2013 | hide | past | favorite | 117 comments



The question is then; in a two party system where both offer the blue pill, who the hell do you vote for? Neither Democrats nor Republicans will change this. Due to the way that the political system works, a third party isn't possible. In the UK we have a Conservative/Liberal coalition, where traditionally Liberals were strong privacy advocates, but now turn a blind eye to the massive Orwellian/Huxley-esque society growing like hydra's heads in front of their very eyes. The complaints are muted. The mass media looks the other way. Why?

To me this means:

- the system is broken

- the current political framework (especially in the US) is a fabrication, designed to make you believe that you have a choice, but in reality your vote is meaningless and your choice an empty vassal. The red pill is just a blue pill painted red.

The problem is that the intrusions so far, do not impact the majority in such a way as to hinder their daily quality of life. The change from a private world to a 'all-seeing government' is slow, but it is sustained. At some point we will reach a tipping-point, and then the only option is revolution, because by that point, the system will have enveloped the public fabric of life so tightly, that there will be no way to gently extricate ourselves.

It is your (US) own great thinker and do-er that said:

   “They who can give up essential liberty to obtain a
   little temporary safety deserve neither liberty nor 
   safety.” 
   ― Benjamin Franklin, Memoirs of the life & writings 
     of Benjamin Franklin
The irony is that the 'little temporary safety' may well have been a ruse. Even if Al-Qaeda is a real and present danger to the US at home, I doubt that the scale of that threat is worth the loss of liberty and the billions of dollars spent on funding the 'fight against terror'.


Neither party cares about the issue because the people don't care, and your conclusion is that the system is broken? As far as I can tell, the system is working fine. Polls of the public at large show mixed results, but I bet if you polled actual voters (skewing older) you'd find comfortable support for the status quo. Essentially, the privacy issues don't affect people's quality of life but people worry that terrorism will. Who are you to say that the system is broken because it reflects the priorities of the majority of voters, just because you disagree with those priorities?

If you had to personify the American polity, they'd be my mom, not you or me. She supports aggressive policing to keep drugs illegal (she'd probably vote to make alcohol illegal if that were on the ballot). She's pretty skeptical of Snowden, and would say "what do you have to hide?" but also thinks the government holds up her check deposits because she's got a foreign last name. She might argue with the details, but she supports the Department of Education, the Department of Defense, the CIA, the NSA, etc. She's a little skeptical of unions. She supported Hilary Clinton.

She's a bright woman. She works as an interior designer, but has a masters degree in chemistry from her home country.

My mom votes, in every election. I don't vote regularly, nor (statistically) do other people in my age group, but my mom does. I can't look at her, and at the status quo, and say: "the government does not represent the views of Americans."


I'll go you one further. Obama could give a speech in the Rose Garden this week carefully explaining that NSA requires access to American communications, all of them, in order to defend the country against terrorist attacks, and that while privacy is "important", the expectation of perfect privacy in your cell phone and Internet communications isn't reasonable because it helps terrorist cells without providing much benefit.

I would recoil from such a speech, but the public probably would not.

The American public currently has a weak expectation of privacy in their electronic communications. But they make virtually no meaningful demand for that privacy. Thwarting terror attacks are a much higher priority to them. Want evidence of that? Well, the body-conscious, vain, generally out-of-shape American public routinely submits to electronic strip searches to get onto airplanes. You think they care if someone's screening their calls to catch Abu Shahid?

They would accept that argument. And with that acceptance, the expectations of privacy and the notion of what "reasonable" searches are would be, in short order, redefined --- those rights being explicitly predicated on contemporary mores by the Constitution.

When I look at it from this angle, it becomes apparent that while privacy is inconvenient to the USG, and something they feel they have to work around, it's not something they're intent on eliminating. Despite the rhetoric from the tech punditry, the USG has not stated that it's reasonable for them to surveil US citizens; their defense has instead been that they are not surveilling them. I too think that's a falsehood, but it's truth or falsity is not the only thing that matters about it.


They have stated that it is okay for them to assassinate US citizens abroad though. If people don't recoil from that, I don't think cell-phone snooping is going to have much effect.


> Neither party cares about the issue because the people don't care

And why don't the people care? Corporate-owned media has a huge amount of influence on what people care about. But in the never ending search for ever increasing profits that is built into their structure by law, they, like the major political parties are "just giving people what they want" too by chasing ratings in order to gain larger market share and increase advertising revenue. So both intertwined systems, the political system and the mainstream media, are working fine, right?


> And why don't the people care? Corporate-owned media has a huge amount of influence on what people care about.

Again, I go back to my mom because she's the greatest insight I have into the typical voter. My mom doesn't watch the news. Her opinions are her own. She places a high value on social order, trusts the government, and assumes that the government wouldn't use any information they get from her e-mails to hurt her. And you know what? She's right. They won't. The government pretty much exists to protect middle-aged, upper middle class women like my mom. The status quo in this regard is consistent with her interests. She doesn't need a "corporate-owned media" to make her think that way.


I won't deny many such examples exist, but you can't deny that the MSM is nevertheless an influence on large swaths of Americans. Even those that are not so gullible as to accept what they hear on the news as fact unquestioningly, may be influenced more subtly by the range of opinions presented and how they are portrayed.

So maybe they invite three guests on to discuss a topic like privacy: one a DoD official, one from a conservative think tank and a centrist writer. Suddenly the range of "acceptable" viewpoints is conveniently narrowed and the remainder is implied to be "fringe".

Or maybe they massively inflate the actual threat of things like terrorist attacks (because fear and xenophobia get ratings too) and give it a disproportionate amount of coverage. Now everyone who watches or even flicks by that channel is maybe more likely to talk about it at the water cooler or whatever.

This can affect the broader culture, which can in turn influence people who don't even watch the news on TV*

So how do we get people to place a higher value on, say, their liberties and human rights instead of fear of the spectre of terrorism? Is it possible? Can we get people to understand and care about relevant historical examples?

* Not to imply this is the case with your Mom!


Your points are well-taken, but in a democracy it's a hard argument to make to say: "people don't really think what they think they think because of the media."

> So how do we get people to place a higher value on, say, their liberties and human rights instead of fear of the spectre of terrorism? Is it possible?

I think people do care about their liberties and human rights, but they do so in concrete ways. I think you can get people to care by making it more concrete for people.

People on HN take it for granted that your average voter should be outraged by the FBI being able to look at someone's Facebook posts. But why? To my mom, Facebook is just one of those things that wrong with kids today--posting half-naked pictures of themselves for everyone on the internet to see. You're not going to get instinctual outrage from her on the issue.

With her, you might get some traction on the front that the government might use it to single out people from certain backgrounds. After all, she worries the government holds up her checks because she's got a middle eastern last name. Other others you might get traction on the front the government could use it to single out particular religious beliefs, immigrant communities, etc. Painting with broad brushes, there are ways to take the privacy argument and put it into terms that target Jews, Muslims, Blacks, Hispanics, Mormons, Baptists, etc. But right now it seems like the arguments are couched in the language of young libertarian white techie humanists, and that's just not a major voting demographic...


> Your points are well-taken, but in a democracy it's a hard argument to make to say: "people don't really think what they think they think because of the media."

It's not that hard an argument -- there have been probably hundreds of studies on the influence of media on people's opinions and resulting actions. Why do you think advertising is a nearly half-trillion dollar industry worldwide? It's a significant chunk of GDP in the US and UK, for example, and not without reason: advertising through various media consistently makes a measurable impact on the buying patterns of consumers, and it's not exactly a huge leap to apply this to politics[0].

That point aside, I appreciate the insight, and I think you're on the right track as far as thinking about how to make the issues more concrete to people in a personal way.

The other, perhaps over-broad human nature question is how to get people care about this shit even if it truly only affects "others" - people of other countries, other social classes, other races and other religions. There are middle-aged, upper class voting people, white ones even, who care deeply that their government detains and tortures mulsim men in secret and not-so-secret prisons without trial, who care if activists are targeted for intimidation or treated similarly to terrorists, who can look at history and see that pervasive surveillance without meaningful oversight is always, always abused at some point and who aren't so scared of terrorism that they vote all their own rights away in order to feel safe. That is a much harder battle.

[0] http://adage.com/article/moy-2008/obama-wins-ad-age-s-market...


> see that pervasive surveillance without meaningful oversight is always, always abused at some point

I think that being more specific and using more examples would help a lot here. It's one thing to say "this will be abused" in some sort of abstract way. It's another to point to specific detailed examples of abuse (either here or in other similar societies).

I'll take it as a given at this point that a bunch of my emails and phone calls are sitting on an NSA hard drive somewhere. How is that going to come back to haunt me?

Keep in mind that the guys on the other side of the argument are using this as a specific negative outcome: http://derecjones.com/wp-content/uploads/2011/09/Twin-Towers...

That's your competition.


You are entirely correct. We need visceral examples. Even if they don't affect regular people directly they need to be the kind of thing that people instinctively recoil from. Emotion and vividness trump logical reasoning when it comes to swaying the masses, so we need vivid examples that make an emotional impact in order to win the public debate. I joke with friends that the NSA will be canceled overnight if we can just prove that they have been killing (american) babies.

The best example I've been able to find is the FBI's attempt to blackmail Martin Luther King into silence (actually suicide) by recording what was apparently a sexual peccadillo. It is a very concrete example of how surveillance can damage the fabric of society.

http://studentactivism.net/2012/01/15/the-fbis-attempt-to-bl...

More recently, but much less vivid, is the example of the NSA snooping through Bill Clinton's email. If a former president is considered enough of a threat to record his email then something must be wrong.

http://www.wired.com/threatlevel/2009/06/pinwale/

It is also looking like the NSA->DEA->IRS flow of information might be a useful example simply because nobody like the IRS.

http://www.huffingtonpost.com/2013/08/07/irs-manual-dea-inte...


> Emotion and vividness trump logical reasoning when it comes to swaying the masses

See, you're going in the wrong direction right of the bat. The people that disagree with you aren't stupid. A lot of them are smarter than you are. They just have different values than you do. Speaking down to them will never work.


I don't know what to say to that - you provided a very vivid and emotionally-laden photo as what the "other side" was using to justify their position and now you say that the other side is not using vividness and emotion to make their point? What is your point?


That photo is a reminder if actual real problems, and quite big ones at that. It is not a mere play to emotion over logical reasoning.


Sorry, I've found that arguments based on actual real problems don't resonate. Pointing out that bees kill more people each year in the US than terrorists, that the average american has 150x more chance of being killed by lightning than by a terrorist attack -- these straightforward statistical analyses don't convince because they aren't personal the way that photo is - practically everyone in the country spent weeks looking at versions of that photo. It just isn't the same.


> Sorry, I've found that arguments based on actual real problems don't resonate. Pointing out that bees kill more people each year in the US than terrorists

That's because this is a bad argument. Terrorism is about far more than just the number of fatalities.


Yeah, it is about the emotional reaction that causes self-inflicted wounds far greater than the original attack. Which is why I'm talking about finding arguments that are also emotionally compelling.


The thing is, the details of the 9/11 attacks were known to the government well before and were ignored or discounted. That actually argues the point that SIGINT like that of PRISM and XKEYSCORE is incredibly dangerous if it is seen as a panacea to the problem of human failure. Our signals intelligence is still susceptible to the vagaries of the humans on the receiving end.


So how do we get people to place a higher value on, say, their liberties and human rights instead of fear of the spectre of terrorism?

'rayiner answered your question:

[She] trusts the government, and assumes that the government wouldn't use any information they get from her e-mails to hurt her. And you know what? She's right. They won't.

Most people are not concerned about a theoretical invasion of their privacy, instead they would be very concerned with an invasion that has material consequences. Isn't this simple?


> She places a high value on social order, trusts the government, and assumes that the government wouldn't use any information they get from her e-mails to hurt her. And you know what? She's right. They won't. The government pretty much exists to protect middle-aged, upper middle class women like my mom. The status quo in this regard is consistent with her interests. She doesn't need a "corporate-owned media" to make her think that way.

This is very important and a strong reason why (some) people are OK with that kind of government. They have trust in the system because the system generally does protect their interests over the interests of other people.

But not everyone fits into that class and status. There are whole classes of people whose daily experience is that of gov't at various levels seeking to cause them harm, physically, emotionally, and economically. Political discourse and media representation does not include those people (arguably on purpose) and those people are not the focus of efforts to change how are society is broken and fails to provide prosperity for all its citizens. So long as there are people willing to have comfort and success off of the backs and lives of others, representative democracy has a huge failing point.


Her ability to be empathetic about others that are not like her exists in a social (in large part one-way media) framework that either encourages, or ignores or actively discourages such thoughts. To be passive you have to go with the flow, and in a society that overtly emphasized consideration for all its members, she would too because it would be more work to not care about them. Encouraging extreme passivity is beneficial to making every American a malleable consumer. I think that is our societal pressure.


The government pretty much exists to protect middle-aged, upper middle class women like my mom.

Glad I'm up late reading comments. This is one of the smartest, most astute political commentaries I've ever read.


So long as the majority of people believe they have the means to butter their slice of bread while being entertained by the circus…

"Believe some say the neon signs by the loudspeakers repeating that everything is fine"


I think average Americans do care, especially older ones who have a better understanding of the thinking led to America's founding. That understanding is that those in power always try to get more power, so our system of government was set up to prevent any person or subset from getting too much power, through balance.

The ability to spy on anyone's current and past internet activity and past phone calls is an impressive power.

One could hope it would be used responsibly and not abused, but those with a good understanding of the founding of the country would recognize this as too great a power for any group within the government. Even if it isn't being abused now, the risk it will be in the future is too great.


TBH, I just want a political party whose sole platform is fixing corruption, mandating transparency, and putting fixes in place to make sure we don't get back in this place. Think of it as a temporary political party. For every issue that is not core to these changes, the official stance is to defer those votes until the next election when someone from a different party gets into power.

Basically, the platform would be "We don't care about gun rights, we don't care about religion, pro choice, pro-life, etc. For every one of these debates we will shelve or delay every bill so the status quo is maintained. None of these typical party issues will be considered at all. This is the everything political stays the same platform. The only thing we will address is the revolving door, regulatory capture, transparency, etc."

One thing I would love happen with respect to transparency is to have every single penny the government pays paid from a common purse that is searchable by any citizen and everything goes back to one individual who is accountable. Every single project that money is never disbursed to any organization to then manage the finances. Instead they get a set of cryptographic keys that allow them to make payments from the government account to every single supplier. Every single person spending a tax dollar can have their entire spending history reviewed. No secrecy anywhere. For every single entity you pay, you would have to declare whether you know personally (i.e. outside of work socially) any officer, owner or individual with a vested interest in that organization. All that is disclosed by penalty of perjury. If you lie some citizen will find out. That's the kind of government we need.


That's essentially what Lessig has been arguing for.


> "who the hell do you vote for?"

Primary challengers who uphold the other values you personally share, but also share our values on the subject of privacy, the 4th amendment, reigning in the expanding police/surveillance state, etc.


And not just at the national level. A lot of the organization of both parties involves state-level politicians.


The question is then; in a two party system where both offer the blue pill, who the hell do you vote for?

Greens or libertarians, which I have been doing for a long time. Real change starts at the ballot box.


The problem with "Real change starts at X" statements is that they necessarily handwave around the circularity of the problems we face.

We can't get better policies until we elect better parties, but we can't elect better parties until we address campaign finance and fix the electoral system, but we can't address campaign finance and fix the electoral system until we elect better parties willing to pass better policies. And the merry-go-round goes on and on.


>We can't get better policies until we elect better parties, but we can't elect better parties until we address campaign finance and fix the electoral system, but we can't address campaign finance and fix the electoral system until we elect better parties willing to pass better policies. And the merry-go-round goes on and on.

So you have to pick one and fix it. It's an engineering problem.

So for example, you have to fix campaign finance. The people in Washington aren't going to fix campaign finance in Washington because the system that exists is the one that got them elected. Ditto for the people in Sacramento, Albany, etc. But wait, you can have Sacramento and Albany fund the federal campaigns of Senators running in California and New York (and so on). State Senators don't get money from K Street, they get money from an entirely different set of lobbyists, so you can get the bills through by taking advantage of the regional weakness of the specific opponents. And then do it the other way around and have the federal government pass a national campaign finance bill for state-level offices.

That is obviously not a trivial undertaking, but we can't jut say "damn it, we're stuck in a cycle" and throw up our hands or it'll never get fixed.


I don't mean to suggest there's nothing people can do. However, it's facile and unhelpful to suggest that this is a simple engineering problem. The reason campaign finance is hard to fix is that the people who have the power to fix it are the very same people who benefit the most from the current system, i.e. the people who are most effective at securing the financing of wealthy benefactors.

That's a human problem, not an engineering problem. It can still be solved, but it won't be solved with an engineering approach.


Indeed, bootstrapping is a tricky problem, and in more fields than just computers and tech. But bootstrapping is not an impossible problem to solve. Machinists and toolmakers first build crude tools, which in turn allow them to build better tools than they could with just their bare hands and wit. A hacker trying to write a self-hosting compiler in a high level language first starts with another compiler or another language to build the first iteration of his compiler. The Linux kernel can use an initramfs to set up a userspace and run the tools needed to...set up userspace.

So bootstrapping is not an impossible problem to solve. What makes politics different that an improvement in politics can't be bootstrapped?


See Bush vs. Gore in 2000.

How many millions of voters thought the Democrats were so conservative they went green? After the dust settles suddenly Obama has a chance to compete with the rich old white guys.

Change only comes from outside pressure. I'm proud to vote against the status quo.


Which is great and I would even good as far to say 'noble', but in a political system like the United States, your vote is wasted, because your vote is not proportionally represented in the House of Representatives. It means you face an ever-challenging battle against almost impossible odds in order to get your green or libertarian candidate into the House of Representatives.


your vote is wasted

I beg to differ: if enough people vote for candidates who don't affiliate with the Republicans or Democrats, we'll see real change. Every vote counts. Hell, if Republicans and Democrats start seeing 10% of the votes going to greens or libertarians, they'll pay real close attention.


But in asking people to vote libertarian, you're asking people to suffer mightily in the short term for a thin possibility of gain in the very long term.

Because you're saying, "Don't vote for the lesser of two evils; vote for this other candidate who can't get elected, just to send a message."

And then the more evil candidate gets elected, because the better people vote libertarian.

And then it's not even clear if there will _be_ a long term.


>>I beg to differ: if enough people vote for candidates who don't affiliate with the Republicans or Democrats, we'll see real change.

But that's the thing: this will never happen. The current establishment is so firmly entrenched, with so many rich and powerful groups vested in it, that it will find a way to sabotage any upstart.

If you genuinely believe that a third party coming to power in the US is simply a matter of it getting enough votes, I don't know what to tell you. I guess I'm envious: I lost that kind of hope a long time ago.


Get the votes and see what happens before you claim that it wouldn't matter even if you got the votes.

The greens and libertarians are way off the mainstream on a whole host of issues. Can I vote in favor of privacy without also kicking abortion and civil rights and all those things back to the states, who made a mess of them? Can I vote for privacy without also voting for unions? Neither the greens nor the libertarians offer a credible alternative.

People broadly believe in a strong central government. People broadly believe in social security and Medicare and the department of education. People broadly want a strong defense and a powerful military. Get on board with all those things and then see if people are receptive to your views on individual liberties and privacy.


Some of the LP-ish people recognized this dilution to be a problem, and started the Free State Project. Which is a migration to a state (they chose New Hampshire) in order to aggregate enough people to form a solid voting bloc.


Here in germany the system is a bit more complicated but there's also candidates that get selected by a majority vote and it used to be that people said "if you're giving your vote to the greens, the vote is wasted." That used to be true since nobody wanted to waste his vote - until enough people did so. Now there's three strong parties contesting.

Even if the greens/liberals/whatever don't get elected, showing that there is a growing support for their positions sends a message. It's better than not voting or supporting the lesser of two evils.


At least you have some degree of proportionality in your voting system though. It's something people have been campaigning for for decades in the UK and it hasn't happened. I fear it might never happen.


Why would the goal be fair representation in a broken, unfair system?

I swear everyone thinks third-party voters have somehow never heard the words "your vote is wasted". I vote green because I've grown very cynical and I've heard it all a million times.

The goal is to register as a lost vote to the established parties. If enough votes are lost they will change message and platform. The other direct goal is to give visibility and direct confrontation to the unfair system.


But the two big parties collude to prevent smaller parties from keeping, so that we don't have that choice. Many states have laws that make it prohibitively difficult for third parties to get on the ballot at all. In states where it doesn't look so bad, there are frequent challenges to the ballots, such that significant financial resources are necessary to defend oneself.

For example:

Gary Johnson won a nine-week legal war for the right to appear on Pennsylvania's ballot. His Libertarians had put in more than enough signatures, more than 20,601, to keep Johnson on. (Major-party candidates only need 2,000 signatures.) His opponents were, mostly, Republicans. And those Republicans managed to clear one other candidate off the list [1]

[1] http://www.slate.com/blogs/weigel/2012/10/22/third_party_can...


real change starts with the destruction of a massive unelected bureaucracy that has long outgrown its vestigial democratic organs


Don't vote. Spend time with your family, effect change locally, do something that makes a difference. I'm spreading peaceful parenting, the NAP, and philosophy. This is where real change will happen. Involving yourself in quasi-religious political rituals, getting caught up in a politician's silver-tongued promises and the destructive divisiveness of political ideologies is exactly what the oligarchy feeds off.


Noam Chomsky has written about this for decades. The purpose of the entire "political framework" is for "Manufacturing Consent".


It's the cost of being a global superpower together with open borders.

If you seriously want to reduce surveillance at least one of these must be changed, but probably both. However both are politically impossible to change for any party.

The democrats and republicans act and sound the same because of issues of national security. If the US where to go into isolation mode it could drastically reduce it's threat level against it. However of course isolation would lead to other problems (similar to the one prior to WW2)

However I believe that these changes will not come as a change of policy from either party, rather through a huge crisis and a downfall of the US political system.

The UK has a similar problem as a regional power.

Edit: Added extra paragraph.


And a later and lesser thinker said (according to article):

"Trust but verify" - Ronald Reagan


I've never trusted the government or the internet. I trust my family and friends.

"...the three aims of the tyrant. These are, (1) the humiliation of his subjects; he knows that a mean-spirited man will not conspire against anybody; (2) the creation of mistrust among them; for a tyrant is not overthrown until men begin to have confidence in one another; and this is the reason why tyrants are at war with the good; they are under the idea that their power is endangered by them, not only because they would not be ruled despotically but also because they are loyal to one another, and to other men, and do not inform against one another or against other men; (3) the tyrant desires that his subjects shall be incapable of action, for no one attempts what is impossible, and they will not attempt to overthrow a tyranny, if they are powerless. Under these three heads the whole policy of a tyrant may be summed up, and to one or other of them all his ideas may be referred: (1) he sows distrust among his subjects; (2) he takes away their power; (3) he humbles them."

Politics By Aristotle

http://classics.mit.edu/Aristotle/politics.5.five.html


"…and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations…"

In my view, the current government abuses and corruption are most apparent in the surveillance state but extend well into its other functions: industry regulation, social welfare programs, military-industrial spending, national security, judicial system, public education, etc.

We need to recall that our government exists to "secure [the] rights" that people have regardless of the existence of government. We should not trust government, as a general rule.

People all across the political spectrum must evaluate their expectations of government through the lens of the NSA revelations, since I believe they indicate the depth and breadth of the corruption of the entire system.


> We should not trust government, as a general rule.

100% agreement. Just as a personal operating default, I also tend to distrust people that tell me I should put more trust in government. Trust belongs in society and business, not in politicians and bureaucrats.

BTW, I sent you some btc once upon a time. I love your site/service.


Much appreciated :-)


I only "trust" distrust. Mutual suspicion of belligerents (adversaries) to keep each other in check. Balance of powers.

I was a very engaged election integrity activist. The reason elections in the USA worked as well as they did for as long as they did is because no one trusted the system, each other, etc. Hence the Australian ballot system of voting. If all the players agree to the count, then I as Joe Citizen have greater confidence (vs trust) in the results.

The moment anyone mentions "trust", I assume there's a scam of some sort, either by default or by design.

PS- I sometimes trust family.


Bruce Schneier may be the wrong blogger for you to follow, then. He talks about trust all the time. To quote his recent book:

> [T]oday, I passed several strangers on the street without any of them attacking me. I bought food from a grocery store, not at all concerned that it might be unfit for human consumption. I locked my front door, but didn't spare a moment's worry at how easy it would be for someone to smash my window in. Even people driving cars, large murderous instruments that could crush me like a bug, didn't scare me.

>Most amazingly, this worked without much overt security. I don't carry a gun for self-defense, nor do I wear body armor. I don't use a home burglar alarm. I don't test my food for poison. I don't even engage in conspicuous displays of physical prowess to intimidate other people I encounter.

>It's what we call “trust.” Actually, it's what we call “civilization.”

His point is that we need trust. You can't actually watch for every possible betrayal. Trust in fear of retribution will suffice, but there needs to be some trust, or there can be no complex civilization.


re Civilization, I'm in the Robert Wright "Non-zero" camp, where progress is made when non zero sum alternatives are found to win/lose (zero sum) situations.

As for Schneier, he's great, have a few of his books, read his blog. The distinction he doesn't make is between governance and civility. Or perhaps its a spectrum. If someone else has power over me, or delegated to them thru me (eg elections), I'm always going to be very skeptical.

To the best of my knowledge, no one has found a better answer to the conundrum of governance than balance of powers (mutual distrust).


"There are all kinds of devices invented for the protection and preservation of countries: defensive barriers, forts, trenches, and the like…But prudent minds have as a natural gift one safeguard which is the common possession of all, and this applies especially to the dealings of democracies.

What is this safeguard? Skepticism.

This you must preserve. This you must retain. If you can keep this, you need fear no harm."

Demosthenes, 4th century BC


It's interesting to compare the framing of this column with Schneier's commentary on the revelations of NSA surveillance in 2005:

http://www.schneier.com/blog/archives/2005/12/nsa_and_bushs_...

It's full of "Bush did X", "Bush wanted Y". Now he says the NSA has "gone rogue". Huh.

If Schneier is as unhappy with today's programs as he was with 2005's, then perhaps he should communicate a bit more clearly that today's occupant of the Oval Office could end any of them with a phone call.


Absolutely - but I see this a lot happening with other news outlets as well.

They heavily try to de-personalize issues like NSA or the IRS and attribute it to systemic failures and attribute the blame towards bureaucratic functions or something like "the current administration".

At the same time they seem to fully recognizing that attacks need to be personal in order to stick - as they demonstrated back at the time with the criticism of the Bush administration.


Back then, Republicans supported the programs overwhelmingly. Now, it's Democrats. I think distancing the objections from partisan-ly charged individuals might be the better tack, in terms of actually rallying support, even if it is "unfair."


I don't think its as simple as "ending it with a phone call". Billion dollar programs don't ever get killed that easy.


It is literally that simple. If Bush ordered this surveillance started, Obama can order it stopped. The NSA works for him. If they don't do as he asks he can start firing people until they do.

Obviously Schneier understood this when he wrote his 2005 column.


Yes. The Obama fiasco has been a huge disappointment. I'm interested in ideas about what could have been done differently -- Obama talked a very good game during his candidacy about issues of this sort. The really big indicator he was being dishonest was the post-election flip-flop over unwarranted wiretaps.

Only picking candidates that have a track record of opposition to programs like this would be good, but such candidates are in very short supply. (Feingold is about the only one that comes to mind.)


>post-election

Pre-election. He flip-flopped about the wiretaps prior to his election, after winning the primaries.


I think it has gone beyond that - if Obama stood up and said "I've made that phone call, Gen. Alexander is turning off PRISM as we speak" would anyone believe it?

Its verifiability that counts.


Well, he could very easily create an independent committee with input from EFF and such organisations (they should be able to find some technically competent people with TS clearances they trust) to go in and review the systems.


You mean the same process of "putting arms beyond reach" that Western governments insist terrorist organisations use, usually before talks begin?

Could be, as long as we also look at Truth and Reconciliation committees too ...

Wow. They have really lost trust of a pretty significant section of society.


> an independent committee with input from EFF and such organisations (they should be able to find some technically competent people with TS clearances they trust)

I see no particular reason to trust these people more than Obama.


If Congress had chartered, ordered, or knowingly funded the NSA's domestic spying, it would be a lot harder. But as things are, I'm inclined to agree with you.


I think you have the gist of it. The cliche is that it's easier to great a government program than to kill it.

Further, there have been numerous prior attempts to rein in people like Poindexter and Hayden. The champions of the surveillance state have been remarkably tenacious.


>If Schneier is as unhappy with today's programs as he was with 2005's, then perhaps he should communicate a bit more clearly that today's occupant of the Oval Office could end any of them with a phone call.

I want to believe this is true.


We should be able to trust the government to do things like run courts, build roads, and deliver clean water.

We should never trust the government when it comes to standing armies, criminal prosecutions, intelligence gathering, and expansion of its own power.


> We should be able to trust the government to do things like run courts

> We should never trust the government when it comes to criminal prosecutions

And now I'm confused again. Do all cases simply become civil cases? Murder is now OK again?


> Do all cases simply become civil cases? Murder is now OK again?

Section 11 of the Canadian Criminal Code says exactly that [1], and I have personally exploited that loophole multiple times. Even more frightening, I have personally seen lawyers (and pro se litigants) in the United States settle criminal cases (including 25 years in the state pen) using a set-off [2]. Vince Neil of Motley Crue avoided a prison sentence for vehicular manslaughter by doing exactly that [3].

TL;DR - In Canada and the United States (if not NZ, AU, UK as well), it is possible to settle murder charges by paying a fine.

[1] http://laws-lois.justice.gc.ca/eng/acts/C-46/page-5.html#doc...

[2] http://openjurist.org/636/f2d/714/magno-v-united-states

[3] http://www.opposingviews.com/i/vince-neil-served-20-days-for...


I said the government shouldn't be trusted. That's the point of the adversarial system.


The same adversarial system that would be used for Snowden, and was used for Swartz, Ellsberg, Drake, and even DJB?

Admittedly that's kind of a strawman as you're not claiming here anything to do with those one way or another. But many who don't trust the government to put people on trial do point to cases exactly like those.

On the other hand if you're simply saying that we shouldn't trust government to prosecute cases, operate surveillance without oversight, etc. just because they're the government I would agree with you 100%.

But on the other hand by the definition I wouldn't even trust the government to deliver clean water or build roads without oversight. As an example of where even the latter could go wrong I'll point to a book that HN pointed out to me, "Fatal Purity" about the French Revolution... one of the many examples of then-current corruption by the nobles was of road-building. The specific example was of a new provincial road that was argued necessary for the people to build despite there being an existing road... it was built right up to a nobleman's estate and then the rest was canceled, leaving the lord with a gratis road built straight to his property.

Or for a modern example, the famed "Bridge to Nowhere".

So there is no part of government which is inherently trustworthy and worthy of operating without oversight. But once you've established good oversight (such as you'd definitely want over criminal prosecutors!), that leaves the possibility of other government-provided functions open again.

There may certainly still be reasons that government should not perform those functions, but it wouldn't be about the impossibility of providing oversight.


Interesting username to post a sentiment like that--and no idea why you're getting downvoted. :(


Probably because of the user name entirely.


very true, government suppose to service us just like an excellent butler. when butler starts snoop around and do more harm than good , then it is the time to get rid of said butler and find a new one. for example I would think it would be dispeakable if my security guard and/or butler would be reading emails just to "service" me better.

Governments do benefit from some visceral punishments from time to time. But not all societies have the will and strength to stand up to the government and put them in their place.


Most assistants actually do this, because it's critical to their job.


Personally I reserve trust for people, and I have standards and expectations for non-people. I'm sure General Alexander, DNI Clapper, and Michael Hayden are good people that would make excellent neighbors (if I were so inclined I would likely consider them personal friends) -- but in their official duties they are intractable foes.

I would apply the same term "intractable foe" to every other person acting in their professional responsibility too: everybody has a mortgage to pay and mouths to feed. It's perfectly natural to have a strong sense of self-preservation, and by the same token many cannot have the convenience of a maintaining a clean conscience. Yes it's a cop-out and yes people like that are what's wrong with this country, but it's reality.

Not all of us are willing to sacrifice our lives for an ideological cause.


Do you buy food from a supermarket? Do you test it for salmonella and ecoli using your own bio-lab?

Do you fly on commercial (or governmental) airlines? Do you personally preflight the plane?

Even if you trust every member of these organizations, that isn't enough. It's them acting as organizations that allows them to achieve safety. If you don't trust organizations, you basically can't function in society.


Which organizations do you trust?


The common pattern in the responses of most organizations is "word play".

Skype -

    Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, 
    because the government was already able to eavesdrop on users.
Google and Facebook-

    Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the 
    smart way for the NSA to get all the data is through sniffers. 
Apple-

    Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database.

I am surprised that such large organizations are using "word play" to put a veil on their activities. Are they not aware that they would be found out in this Internet age? Personally, I think this would make an interesting social science study.


Unfortunately they probably can get away with technicalities. As long as it sounds reassuring to the vast majority of people who were only engaged enough with this issue to read a couple of headlines.


The phrase, "truthful, but evasive of bottom facts" comes to mind. Read it in some throwaway "how to succeed in business" book from the 1960s.


A lot of people in tech want to complain about innovation. Why are there so many Farmville apps and nobody seems to be solving important problems?

Well here you are, the biggest and most important problem in modern society today, the fact that our governments are recording most everything that we're doing. And they will use these recordings as they see fit in the future. You couldn't ask for a bigger or more important problem to solve.


The embarrassment of helping advertising dollars find a home instead of doing anything real is in my opinion why a lot of HN-ers are always solemnly intoning that this is no place for politics - because they can't face a world outside of their bubble. For us to have the luxury to prosper inside our post-consumerist javascript (and ARC)-based gift economy, we periodically have to do some maintenance work, like figuring out how to stop our country from becoming any more of a tyranny than it already is.


It's solvable, too. If they are interested in having credibility, Internet services can implement secure communications and storage. They may have to charge for it because they will forego some ad revenue.

So what to make of the fact that nobody who has loudly declared they are all for customers' privacy has actually done anything about it?


Don't forget mesh networking. Seems like mesh with a combination of trusted anonymous P2P would be very difficult to tap into.

There's lots of nerd fun here for those interested. And there's a big need. A shame more folks aren't stepping up to the plate.

Just to whet the appetite, how much of the internet do you actually participate in, versus just consume? Most server stats show a 40-1 or even 200-1 ratio of readers to commenters. And how much unique material is really out there, anyway? I'd bet a couple hundred MBs of text represents the vast majority of internet content most consumers passively consume each day.

So why all of this client-server, point-to-point nonsense? For most consumption content, do some kind of BT for common content distribution, then use some other solution if a consumer wants to send information the other way.

I understand many will yell "But that violates the TOS!" but screw 'em. If whenever I get on the internet all my information is being stored against my will, I have no obligation to abide by any subsequent agreement.


Bittorrent is so last decade! We need a replacement that is truly anonymous. An not just file sharing, but also browsing, email and search.

Problem is, suppose TOR is fixed and we are anonymous on its network, we still need to NEVER log in with an account we used over clear net. We have to give up our "friend" lists on FB and followers on Twitter, our karma on reddit, all that could tie us back to a known identity. We can never email a friend on his clear net email account. We are reduced to an anonymous identity talking with anonymous others. It's like 4chan in a way.

So, there, we can have anonymity if we give up our old identities and everyone we connected with in the past. And that's assuming we can trust TOR. Sad/

A deeper problem is that we need to treat our computers and phones as hostile. They can push updates with backdoors any time they want, to everyone or to selected few. Apple, MS and Google hold the update keys of most devices in the world. We need a secure OS. Maybe it's Linux, if we can be sure it does not carry hidden backdoors implanted by the state(s).

And even then, we need to trust the hardware. The disk, the networking card, all components could spy on us. Maybe they too have backdoors.


No snark, this is a chance for the libertarians to be vindicated in a big way. Let's see if the geniuses of the software/IT world can design and build a world-wide infrastructure that replaces the DARPA internet, without government help? It would put paid to a lot of tropes propagated in the last 20 years about the decreasing importance of the state, the evil of the state (which is in clear evidence here). Are we capable of allocating capital and human resources at the scale required? Facebook has a billion users, so the network effects should be easy to harness, no? Or does it only work for capturing ad dollars and spying on activists? I am sincerely asking - if there is to be any hope, we have to advance past the internet as it is technically constituted, while preserving the huge social gains it has brought.

edit - maybe I should clarify - anonymity is not possible now, and it is at odds with the values of the police state and, unfortunately, the ad-driven media economy. I am agreeing that anonymity is important, and asserting that to reclaim it, we will have to come up with some revolutionary social constructs on a scale of the space program, that exclude the possibility of government involvement.


I think we're going to have to minimize our traffic over established links for such a system to work. Three types of media come to mind --

1) Open-air (e.g. radio but possibly IR, optical, etc.) 2) Electric lines 3) Water pipes or other forms of conductive media 4) Couriers

So far, so good. The trickier problem is how to get people to adopt the new system while keeping out the snoopers or other bad guys.


Thank you, thank you!

While I wouldn't consider myself one of the people to be doing something as despicably useless as writing farmville or designing PPC ads (I guess others might beg to differ), your observation is very good.

Here is a real problem, and if you don't think it's affecting you personally, you're deceiving yourself.


I agree that easy, broadly-accessible secure communication is an important problem to solve, but it does not address the (arguably larger) problem of eroded social trust. A low-trust society just doesn't work very well, and no amount of technical mitigation is going to compensate for that.


I agree, but I think the trust that is required is trust in transactions, whether electronic, commercial, or otherwise, not particularly trust in people or institutions.

To take the current NSA issue, if I take the time to vote for a Congress guy, in return I'm expecting somebody to represent my area in Washington. He doesn't have to agree with me, just represent me. If, in fact, he doesn't know what's going on, or is so captured by the political system that he's unable to make independent decisions, I've lost faith in that transaction.

I never may have liked the guy, or ever agreed with him, or trusted him farther than I could throw him, but we had a deal as a society where I did something and he was supposed to do something. If those societal transactions are not to be trusted, the wheels come off the wagon.

Same kind of discussion applies for electronic transactions, say using SMTP to move email around.


From the article:

"Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name."

We should pay attention to the last sentence especially. Look at how your elected representatives voted on, for example, the Amash amendment[1]. If your representative voted against the amendment, let them know that you are not going to vote for them in the next election, and follow through. If they voted for the amendment, send them a letter thanking them for standing up for their citizens' civil rights, and encourage them to continue.

[1] http://americablog.com/2013/07/amash-conyers-anti-nsa-amendm...


NSA? It seems as if as a whole the Executive branch has. From ignoring laws, selectively enforcing them, or even delaying when they take effect, the Executive branch seems hell bent on ignoring Congress and the Courts. Congress doesn't get a free pass either, but for any Executive branch persons to lie either directly or by omission should not be acceptable.

I guess we should have realized the day we got Czars


Why on earth would you want people to trust the government?

That's what got us into this mess.


You can't verify everything and everyone you're dealing with on a daily basis. You need to trust someone. If you're not trusting your government you need to trust the people watching the government. Or the people watching the people watching the government. Or... It's turtles all the way down from there. The government acts as a large trust provider in a lot of daily interactions. Police authority derives from the government. Passports and ID-cards derive their validity from trust in the government...

So it would be nice if in general we could trust the government and to be able to trust the government we need them to be open and transparent about what they do in our name - and held accountable if they fuck up in our name.


Chain of trust? Maybe the USG is an organization that's too large to put your trust in.


> I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do.

I think the point of the article is that even he, a security professional with years of experience, does not know the extent of the government collection -> consequently, the government has a long way to go to restore people's trust as well as their ability to trust.

He brings up a valid point that it's very difficult, if not impossible to know who to trust, you just have to trust them "on a matter of faith" and hope you picked right. The damage to trust isn't only damaging trust in the government.


There is indeed no other way than to trust the governmnet, but the tools and means to verify should be there too, and they aren't. We should not accept to be forced into blindly and naively trust the government in a claimed democracy.


You are blaming the victim a bit here. There are bad actors that have done bad things. They are who got us into this mess.


It's not that every member of the government is bad, it's that trusting all of them is a bad idea.


If your service provider isn't a target for NSA snooping, it's a target for foreign state actor and criminal hacking.

The first step to healing this situation is the radically reduce the need for trust.


Welcome to the press briefing today. Our first agenda item is to discuss where the drones will attack...

Schneier must not mean that when he talks about coming clean.

Anyone who has been betrayed by a friend or lover can regain trust in that person somehow, but that's not the same as regaining trust in a group of people. I don't trust large groups, and how does a whole group (or government) start down the path of regaining trust anyway? I agree with Mr. Schneier, but balancing power seems closer to the solution than what he said about the government starting down a path, coming clean and other things that individuals do better than groups.


I have an easier time trusting large groups over individual people, because groups can display trend behavior whereas individuals are always going to have eccentricities that can't be mitigated by aggregation.


So call tmobile or verizon they are thankful for your call after all.


That's an awesome non-sequitur and I hope you use it at parties.


Okay I will, if conversation permits. What are the chances? Probably low.

I'm thinking the premise is that tmobile and verizon care about your call and the conclusion is that you should call them. That conclusion doesn't follow the premise because you may not care that they care, but I presupposed you did because you were talking about trusting groups. When a tmobile support person thanks me for my call I do not trust that they are truly thankful.


Under this model, you should be calling every single person in the world and telling them how much you care. Because they're individuals.


In addition to the transparency, oversight, and accountability that Schneier proposes, there also needs to be some ability for the population to reasonably assess risk. A lot this stuff is driven by fear. And the government does use that to its advantage to push things through that might otherwise be objectionable. If the population of our country is scared to death of possible terrorist attacks (as it seems to be), then I don't see how that same population will vote/protest to restrict the government as long as it claims to be protecting them from imminent disaster.


Schneier pointed out the 'trust and verify' mechanism, i.e. the need to have accountability on Government policy and actions. That is a basic instrument to ascertain legality of government actions. However, if we talk about improving the level of 'trust' in institutions, that is a whole different level. We can't possibly stop there. Gaining and maintaining 'trust' means a lot more than simply acting in a legal way and takes more then just verification. I consider a basic need for establishing trust also the analysis of their motivation behind certain choices. Government officials are not just 'citizens', and their agencies are not private companies. While the private citizens and companies can do whatever they want which is not considered illegal, public officials and agencies are governed by a different concept: they have a specific mandate/scope and can only perform in that narrow path. They should not exploit policy wording to perform questionable actions; especially if such policies are classified and only a restricted number of people has the ability to review and assess them. If the government wants to conquer back some form of trust by the public opinion, not only it should improve transparency, but should also steer from this farce of hiding their real intentions behind legalese and wordplay contained in all the latest security related policies.


> Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything.

I have this uneasy feeling that they will fight this as long as they can. I'm not sure true transparency will ever happen, without drastic measures.

Their strategy will probably be:

1) Wait for the end of the revelations

2) Assess the level of public outrage

3) Make the cheapest concessions possible (a bit like Ms Merkel recently canceling the old "spying pact" that was never used)


People should NOT trust either governments or corporations, ever. Otherwise it maximizes corruption due to little or no oversight.


"Restoring Trust in Government and the Internet"

Interesting title, Bruce.

Is this your first `walking in on little kitten feet', getting your tippy-toe wet, capitulating inverted ClapperSpeak, or `Shark Jump' or `Breaking Bad'? Too much recent popularity, and now that you're a street celebrity doyen, you don't want to stampede the restless herd?

You entitle this as a CNN 6 O'clock News headline, sanitized and pleasantly amilorating our bellowing constant surveillance disgruntlement into a Family Hour's "Group hug everyone, let's sing Kumbaya, and `Restore Trust'."

Please, not you too Bruce. Not now.




Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: