Sunday, June 24, 2018

Sanger's "The Perfect Weapons" [CITATION NEEDED]

Book Link.

Everyone is very excited about the "revelation" than in order to do their APT1 paper, Mandiant (according to Sanger) hacked back. But that's not the only stunner in the book. He also points to a WMD-level cyber capability leveraged against both Iran and Russia by the United States. There are a ton of unsubstantiated claims in the book, and the conclusion is a call for "Cyber Arms Control" which feels unsupported and unspecified. But Sanger has clearly drunk deeply of the Microsoft Kool-Aid.

But to the point of the (alleged) hack-back: We should have long ago developed a public policy for this, since everyone agrees it is happening, but we seem unable to do so even in the broadest strokes. I think part of the problem is that we are always asking ourselves what we want the cyber norms to be, instead of what they actually are. I'm not sure why. It seems like an obvious place to start.

WMD theory has a pretty heavy emphasis on countervalue attacks....
This is the only mention of Kaspersky in the book - a noted absence...

This is...a threat of a WMD via Cyber.

Is this new?

This is a chilling projection.

This is not good reporting right here.

Sheesh.

Hahahahah. DO THEY?



Cypherpunks: The Vast Conflict



I've been carefully reading Richard Danzig's latest post, Technology Roulette: Managing Loss of Control as Many Militaries Pursue Technological Superiority. I want to put this piece in context - first of all, Richard Danzig is one of the best policy writers, and one of the deepest American policy thinkers currently active. Secondarily, this paper is a product of a deeply conservative government reaction to the ascendant Cypherpunk movement and is in that sense, leading the wrong direction.

Ok, that sounds melodramatic. Let me sum up the paper thusly:
  • New branches of science introduce upheaval and each comes, as a party gift, with a new weapon of mass destruction and general revolution in how war works. 
  • We used to get one a century or so, which was possible to adapt to, like a volcano that erupted every so often
    • We built treaties and political theory and tried not to kill everyone on the planet using the magic of advanced diplomacy
  • Now we are getting many new apocalyptic threats at a time
    • AI
    • 3d-Printing
    • Drones
    • Cyber War
    • Gene editing techniques
    • Nanotechnology
  • Rate of new world-changing tech is INCREASING OVER TIME.
    • Our ability to create new international political structures to adapt to new threats appears moribund


Most legal policy experts look askance on the "libertarian" views of the computer science community they have been thrust into contact with as if a Japanese commuter on the rush hour train. But the computer science world is less big L Libertarian than philosophically Cypherpunkian, tied to the simple belief that the advance of Technology is at its sum, always net positive for human liberty. Where society conflicts with the new technologies available to humanity, society should change instead of trying to restrict the march of technology.

Hence, where government experts are scared of disintermediation, as evidenced by a paranoia over Facebook's electoral reach, the computer world sees instead that newspapers were themselves centralized control over the human mind, and worthy of being discarded to the dustbin of history.

Where the FBI sees a coming crisis in the "Going Dark" saga, they find exactly no fertile ground in the technology sector, as if the field they would plant their ideas in was first salted, and then sent into space on one of Elon's rockets.

The US Government and various NGOs were both surprised and shocked at the unanimity and lack of deference of the technological community with regards to the Wassenaar cyber controls or the additional cryptographic controls the FBI wants. This resistance is not from a "Libertarian" political stance, but a from the deep current of cypherpunkism in the community.

These days, not only do Cypherpunks "write code", to quote Tim May's old maxim, but they also "have data". The pushback around Project Maven can be described on a traditional political platter, but also on a tribal "US vs THEM" map projection.

Examine the conversation around autonomous weapons. Of course, an autonomous and armed flying drone swarm can be set to kill anyone in a particular building. This is at least as geographically discriminatory as a bomb. Talks to restrict this technology even at the highest principal level so far restrict only an empty set of current and future solutions.

Part of this is the smaller market power of governments in general for advanced technology. A selfie drone is essentially 99.999% the same as a militarized drone, and this trend is now true for everything from the silicon on up, and some parts of the US Govt have started to realize their sudden weakness.

As Danzig's paper points out, the platitude that having a "human in the loop" to control automated systems is going to work is clearly false. Likewise, he argues that our addiction to classification hamstrings us when it comes to understanding systemic risk.

 The natural tendency within the national security establishment is to minimize the visibility of these issues and to avoid engagement with potentially disruptive outside actors. But this leaves technology initiatives with such a narrow a base of support that they are vulnerable to overreaction when accidents or revelations occur. The intelligence agencies should have learned this lesson when they had only weak public support in the face of backlash when their cyber documents and tools were hacked.
But his solution is anything but. We're in a race, and there's no way to get out of it based around the idea of slowing down technological development.

Monday, June 18, 2018

Policy Bugclass: False inequivalencies

I'm going to leave it up to your imagination why this picture perfectly encapsulates every moment someone suggests two random cyber things are different that are actually the same.


We try to maintain a list of policy-world "bugclasses" when in the cyber domain. 
  1. Assuming Data or Execution is bound to a physical location
  2. Assuming code has a built-in "Intent"
  3. Building policy/law in legal language instead of in Code (i.e. policy that does not work at wire-speed is often irrelevant)
  4. False inequivalences
In this article I want to talk a little bit about False Inequivalences, since they are probably the most prevalent type of bugclass that you run into, and you see them everywhere - in export control, in national security law, in policy in general.

For example, export control law (5a1j) likes to try to draw distinctions between the ability to store and the ability to search, or (4d4) the ability to run a command, and the ability to gather and exfiltrate information. In national security policy papers you'll often see a weird distinction between the ability to gather information and the ability to destroy information. Another, more subtle error is a sort of desire to have "networks" which are distinct. Technologists look upon the domain name system as a weak abstraction, but for some reason policy experts have decided that there are strict and discernible boundaries to networks that are worth porting various International Law conventions over to.

This bugclass is a real danger, as explaining why two things are "provably equivalent in any real practical sense" annoys lawyers whose entire lifespan has been spent splitting the hairs in language, and think that as a tool, hairsplitting can produce consistent and useful global policy. 

More specifically, we need to find a way to revise a lot of our legal code to accept this reality: Title 10 and Title 50 need to merge. Foreign and domestic surveillance practices need to merge. The list goes on and on...


Tuesday, June 5, 2018

Security, Moore's Law, and Cheap Complexity

https://www.err.ee/836236/video-google-0-projekti-tarkvarainseneri-ettekanne-cyconil

To paraphrase Thomas Dullien's CyCon talk:
  • We add 3 ARM computers per year per person on Earth right now. 
  • The only somewhat secure programs we know of focus entirely on containing complexity
  • Software is a mechanism to create a simplified machine from a complex CPU - exploits are mechanisms to unlock this complexity
  • We write software for computers that don't exist yet because we design hardware and software at the same time.
  • We've gotten significantly better at security in the past 15 years, but we've been outpaced by the exponential increase in complexity
  • Every device is now a "Network of Computers" - intra-device lateral movement is very interesting
  • It's much cheaper to use something complicated to emulate something simple than vice versa, in the age of general purpose cheap CPUs. This generates massive economies of scale, but at a cost...insecurity.
  • The economics of chip manufacturing means CPU and Memory providers are driven to sell the hardware they can get away with selling - some percentage of the transistors in a chip are bad, and the chip maker is strongly motivated to ship the least reliable CPU that the customer cannot detect
    • When there's only a few hundred atoms in a transitor, only three or four more makes a big difference
  • Until Rowhammer the link between hardware reliability and security was not clear to Electrical Engineers.
  • You cannot write real world secure programs that operate on hardware you cannot trust
  • Computers are deterministic at the abstract sense, but they are really only deterministic MOST of the time. Engineers work really hard to make it so you can ignore the physics of a chip. But it's still happening.
    • Determinism has to be fought for in computers, and is not a given.
  • The impossibility of inspectability in the digital sphere
    • Everything has firmware, none of which we can really have any assurance of
    • Average laptop has ~40 CPUs all with different firmware
    • Local attackers can use physics to induce transient faults, which bypasses crypto verification, which then means nobody can get you out
  • If control of a device has ever been disputed, it can never be ascertained if it is back in control. This is counter our standard intuition for how objects work.
  • The same forces that drive IT's success drive IT's insecurity.
  • Halvar loves SECCOMP_STRICT sandbox and wants to make it useful, but of course, making it useful will probably break it
  • Computers will look very different from today's architectures in fifteen years - more different than they did fifteen years ago. Engineers are now focused on designing parallel machines, since Moore's law is over for single-cores. 
  • All the insane complexity we can pump into computation systems is essentially in your pocket. 
  • It's still early days in computers. How good was humanity at building bridges seventy years after we started?