December 07, 2008

All your firewalls belong to us (the government)

PipesKen MacLeod writes about the future (of IT security) in All Your Firewall Are Belong to Us. Plenty of interesting points, largely based on a sketched scenario where we see a big lurch to the left, towards New Deal-style infrastructure projects.

However, one claim looks pretty problematic:

Now the problem of IT security will not go away, but the very nature of the problem changes if the education system has to adapt to preparing people for manufacture instead of McJobs (or finance), and if there are big technology-heavy projects to soak up the script kiddies and hackers and spammers and scammers into doing something more productive and useful and indeed profitable.

Did organized crime disappear due to the New Deal? From what I can see, it thrived during the Depression despite having lost the cash from Prohibition (it simply moved into new areas). The main factors blunting it was eventually successful anti-corruption and racketeering campaigns. Similarly non-organized crime was rife.

It seems to be very optimistic to assume that once schools start to promote "real engineering" and Big Green starts hiring the con-men, spammers, hackers and script kiddies will decide to straighten up and become good little cubicle workers. Identity theft is apparently linked to meth abuse; should we assume the drivers for this kind of behavior are easily affected by a change in emphasis on infrastructure?

In fact, MacLeod doesn't seem to have taken his scenario seriously enough. In a world where governments top-down outlaw bad things like trans-fats, why don't they mandate IT security? It seems to be entirely logical: an information society focused on building its way out of a crisis and avoiding foreign and internal threats would be stupid if it did not do anything about the vulnerabilities in its IT infrastructure.

But macro-managed IT security is probably the last thing many current IT security companies would like, since much of the market consists of selling to individual companies and consumers. Macro IT security could end up as mandated central systems on the ISP level, giving lots of money to a few companies, as well as fixed standards for what security needs to be on a computer for it to access the net - bad news for competition and innovation, even if the overall security becomes better.

And macro-managed security is likely to make surveillance much, much easier and harder to avoid.

MacLeod notes that

"lots and lots of things will go horribly wrong, fortunes unimaginable today will be squandered on gigantic schemes that never pay off, and conflicts and contradictions will build up"
To me that sounds like a very good reason to demand transparency and accountability in any big, government-funded projects. Especially if the spammers, con-men, hackers and script kiddies actually do join the projects.

Posted by Anders3 at December 7, 2008 06:31 PM