Your kitchen is alive with vermin! Who is to blame? The cruel forces of nature? Or, might it be you – the fellow who scattered delicious crumbs everywhere; spilled honey a thousand times without picking up a mop once; and kept a mountain of old newspapers around for rodents to chew into nest liner? Your friends come over for tea, and turn out to be less-than-pleased to meet the roaches floating therein. Feel free to explain that your home is a year-round restaurant for vermin because you live under a curse. Blame the pests, blame the devil – anybody but yourself.
Now perhaps your kitchen is cleaner than an operating room. Yet the above applies to you just the same, unless you are reading these words in a museum, on a resurrected Lisp Machine. Or on a lowly Soviet BK-0010 microcomputer, wired to the Net through some eldritch wizardry. Or some other rara avis which gives the operator a useful window into the real-time doings of the CPU.
Every once in a while, journalists, activists, and political busybodies of all stripes descend into a self-pitying whining orgy about the electronic escapades of spy agencies. Those dirty crooks, we are told, have the audacity to break codes, spread malware, and – as luck would have it – sabotage security products, open1 and closed-source alike.
The kind of shenanigans we’ve been hearing about lately2 aren’t the least bit new. Crypto AG supplied the entire planet with diddled cipher machines for decades – and continues to do brisk business! Microsoft’s crock of shit masquerading as an operating system was ham-handedly back-doored in the ’90s.3 People whose money, freedom, or even lives appear to depend on keeping snoops and snitches at bay continue to run Windows. If they don’t care, why should anyone else? Nations openly hostile to the United States eagerly run their defense industry (and, by some accounts, even weapons systems) on Microsoft’s turdware. They purchase silicon designed by American engineers, route their packets – often without bothering with crypto of any kind whatsoever – over American networks. They almost literally beg to be pwned. They demand, plead, wheedle: “Please, please intercept our email and telephone conversations! Please supply us with Trojaned operating systems and network hardware! Please sabotage our nuclear fuel refineries!” These words are not spoken out loud, but they are certainly heard – by the “walls that have ears.” And dollars speak louder than words in any case. They speak very loudly indeed.
The naïveté of bean-counters and bureaucrats may be excusable; that of seasoned academics and engineers isn’t. Mr. Torvalds eagerly hitched the security of the Linux kernel to Intel’s Trojaned wagon. And now the fun which can be had with diddled random number generators is finally getting some press, but the underlying idiocy of the Unix architecture (and all other conceptual foundations underlying today’s computing systems) – to no great surprise on my part – isn’t. And won’t. Educated persons who read Ken Thompson’s “Reflections on Trusting Trust” throw up their hands in stoic resignation, as if they were confronted with some grim and immutable law of nature. But where is the law of physics which tells us that any computation must be broken up into millions of human-unintelligible instructions before a machine can execute it? Not only is it possible to build a CPU which understands a high-level programming language directly, but such devices were in fact created – many years ago – and certainly could be produced again, if some great prince wished it. It is also eminently possible to build a computer which can be halted by pressing a switch, and made to reveal – in a manner comprehensible to an educated operator – exactly what it is doing and why it is doing it. Can you buy such a computer at your local electronics store? Of course not. The Market, that implacable Baal, Has Spoken! – it demands idiot boxes. And idiot boxes are what it will get.
We are told that spies are reading SSL-encrypted messages at their leisure. We are also told that saboteurs have infiltrated international standards committees for the purpose of weakening crypto systems. This gives you indigestion? Don’t rely on security systems designed by committees! PKI is – and has always been – a sham. A cheap sham, at that. Consider the fact that Bitcoin, for all of its faults, gets by perfectly well without anything resembling PKI. Loudmouth activists, who put up such a ferocious fight against outright key escrow in the ’90s, ended up buying the very same wine in a different bottle with SSL and every other PKI-based faux-security system currently in use – where you are stuck with relying on a handful of con artists not to cough up the master keys to whomever they please.
Let’s go back to your kitchen. It is squeaky-clean, you say, because nowhere in your house do you make use of Microsoft’s miserable imitation of an operating system. Guess what, the mounds of garbage are still there, stinking brazenly; the mice leap, they play without fear, because virtually all of your cryptographic needs are serviced by some variant of OpenSSL. What a monstrous turd of a library! Have you read and understood it – any of it? Do you personally know a single living soul who has done so? Dare to contemplate the very idea of plowing through these megabytes of gnarly crapola. But let’s examine the reason for the bulk. The idiot ‘C Machines,’ and the few operating systems commonly used therein, are, one could almost say, criminally negligent in failing to provide any real support for most of the basic building blocks of modern computing: from bignum arithmetic to garbage collection. Authors of libraries like OpenSSL are to be applauded for their feat of creating something useful on top of this obscene Babel. But the result is always and inevitably a pile of garbage – comprehensible4 by no one, with plenty of hidey-holes for creepy crawlers of every species. Get the conceptual foundations right, and the vermin scurry away.
I for one am greatly surprised to see respectable men of science like Bruce Schneier calling for lawsuits and parliamentary hearings to rein in the snoops. The very notion of limiting the authority of a secret police agency via laws and regulations is laughable. Quis custodiet ipsos custodes? Who is going to bring down the law upon these fellows? You? Your neighbor? Mr. Schneier? The Pope? The Grand Inquisitor? 5
On top of it all, I fail to grasp the public’s anger at our cloak-and-dagger friends. It is much like hating the Public Executioner for chopping heads. It’s what he’s paid for! If you don’t care to be separated from your head, take some measures. Said measures could be political (bow in eternal fealty to your beloved Führer) or technological6. The one measure which is guaranteed not to work is whining.
Civilized society traditionally privileged certain professions – medicine, law, the priesthood – in return for certain obligations. A priest takes an oath not betray the seal of confession, and in return he is trusted with the most damning secrets. The doctor swears not to harm his patient, even when the latter has committed terrible crimes. The lawyer tries to defend miscreants he knows to be guilty. One clever soul suggested applying this doctrine to yet a fourth profession, creating a kind of “programmer priest.”
Perhaps one day there will indeed be someone you can trust to pronounce – truthfully and competently – that a crypto-system is strong, that a protocol has not been diddled, that your computer serves only a single master. But don’t hold your breath; today’s digital shaman will not help you; he is on the king’s payroll, and will speak the words he was ordered to speak by his liege-lord. And no seal of confession seals his lips. So if you want security, you will have to achieve it on your own: by using systems which you actually understand. All the way down to the silicon. These do not presently exist, but could be made to exist.
Bringing the comprehensible computer into existence is no easy task – but it is surely a considerably-easier (and ultimately more rewarding) task than trying to persuade the headsman to put down his ax and leave your head on its shoulders merely from the kindness of his heart (or because a piece of parchment, written long ago, proclaims that your head ought to stay attached.) Clean up the kitchen – banish the vermin. While you still can. Or learn to live with the squeaks, the ruined food, the dung.
- How does one sabotage the security of an open-source product? Let the good doctor S. Craver teach you exactly how. ↩
- Mr. S could very easily turn out to be a skilled and courageous disinformation agent, all of whose “leaks” were lovingly scripted by a handful of talented fellows in grey suits – who are now laughing all the way to the bank. If I ran a national intelligence agency, and the latter did not possess an effective pill against modern crypto, I would certainly order just this kind of ‘PR’ campaign – to undermine public confidence in popular security tools. But for the purposes of this discussion, let’s stipulate that the leaked documents are genuine. ↩
- But it probably isn’t today, at least not in the usual sense – unless you consider “Windows Update” to be a remote back-door (which it most certainly is!) “Accidental” bugs, of which there is a seemingly-inexhaustible supply, make for just as effective – and, more importantly, deniable back-doors. ↩
- The notion that a useful and modern computing system understandable to an educated user cannot be built is a deliberate lie promoted by crapware vendors. Don’t take my word for it; ask Charles H. Moore – of FORTH fame – who will be happy to show you a working counter-example. Don’t listen to me, listen to Moore’s working VLSI CAD systems that fit in 500 lines. A useful and complete computing system doesn’t have to be a shanty town of kludge upon kludge. It can in fact consist of a small number of “moving parts,” each with a perfectly-clear purpose – like a Kalashnikov. ↩
- If we possessed the secret of time travel, I would dearly love to watch these poor misguided souls try to sue the KGB. Or perhaps call upon the Politburo to send an inquisitor against it. ↩
- Let me know when they start gassing people for using one time pads. A $50 hard disk can hold a year’s worth of one-time pad for telephone conversations. If the King’s men really want to listen to your table talk, let them do it the old-fashioned way. ↩
Edit: I am not the only one who noticed that OpenSSL is a turd.