Lectures

The NSA’s technology for Internet surveillance and attack is remarkably mundane, a combination of network intrusion detection, big-data analytics, and packet-injection based exploitation. But the result is impressive: “Capture All, Identify All, Attack by Name”. Far from being “Nobody But Us”, off the shelf software and some modest programming can provide anyone with these capabilities assuming they can arrange a suitable network vantage point, ranging from a ~$150 installation at a Foggy Bottom Starbucks to cluster-taps on 10-gigabit links.

As a proof of concept demonstration, I’ve constructed an “NSA inna Box” demo, a <$1000, ~100 Mbps class Internet wiretap, running NSA-style full-content capture, NSA-derived "metadata" extraction, a basic web interface for searching, and packet-injection based targeting. This demo required roughly 45 hours to create. (Although due to Hurricane Joaquin, my demo hardware is at home, but demo interface will be presented in software on my laptop).

In this talk, Clark looks at a number of ways to define security, and propose two approaches to map out the landscape of the cyber-security problems we face today. This exercise, which is often omitted in discussions of cyber-security, is in fact a necessary first step if we are to make overall progress in improving our security posture.

The original Internet design combined technical, organizational, and cultural characteristics that decentralized power along diverse dimensions. Decentralized institutional, technical, and market power maximized freedom to operate and innovate at the expense of control. Market developments and the politics of security have introduced new points of control. Mobile and cloud computing, connected devices, fiber transition, big data, surveillance, and behavioral marketing introduce new control points and dimensions of power into the Internet as a social-cultural-economic platform. These all have affordances that could centralize or decentralize various kinds of power; and which of these affordances will be salient for life in networked society is up for grabs. The actors and battles are different than they were in the first decade and a half of the public Internet, and unlike in the Internet's first generation, companies and governments are well aware of the significance of technical and institutional design choices and are jostling to acquire power over, and appropriate value from, networked activity. If we are to preserve the democratic and creative promise of the Internet, we must continuously diagnose control points as they emerge and devise mechanisms of recreating diversity of constraint and degrees of freedom in the network to work around these forms of reconcentrated power.

Headlines like "Spectrum auction nets $44.9 billion" demonstrate that radio spectrum is a valuable resource, but you might ask - why is this thing that no one can see and few can comprehend, worth so much? Not surprisingly, it has to do with the huge demand for a scarce resource - the set of useful […]