Wednesday, July 23, 2008

Zittrain's "The Future of the Internet" -- how to save the Internet from the Internet - Boing Boing:

The DRM wars have shown us that motivated attackers can always break code-signing trusted hardware platforms, given enough motivation. Tethered appliances are designed to allow remote parties to enforce policy on them without the knowledge or consent of their owners -- they're designed to treat their owners as attackers. So while it's possible to torque a PC into attacking its owner with spyware, it's even more possible with tethered appliances, because once you figure out how to slip inside, the whole device is designed, from the ground up, to stop the user from interfering with the "authorities" who have the keys.

Take CALEA, the law that forces phone-switch manufacturers to build in back-doors that allow cops to snoop on voice-traffic without physically accessing the switch. It's pretty implausible that the "police override" built into phone switches has never leaked outside of the police force. After all, the police leak all kinds of "confidential" information (ask a private eye, off the record, how easy it is to get a cop to look up a license plate number). All it would take is one leak to organized crime and the bad guys would have the same off-site phone-monitoring capability as the folks in blue.

I think that Zittrain takes the security claims of appliance vendors at face value, and that this really undermines the argument. Appliances are neither generative nor secure, and it's likely that appliances will be broken in more interesting ways by more creeps as they increase in value as targets. The backlash against PCs will be quickly met with another backlash against everything else, and no one is going to be able to opt out of the system altogether.