Robert Cringely's Keynote:

I Have Seen the Future and We Are It: The Past, Present and
Future of Information Security

From ToorCon 2003, www.toorcon.org

San Diego, CA

Impressionistic transcript by Cory Doctorow

doctorow@craphound.com

Sept 27, 2003

--

I built, by hand, the first 25 Apple ][s, worked on the Lisa's
GUI. I invented the Trashcan Icon.

I had spent the summer of 1979 working for the Fed, debugging
3-Mile Island (I'd been a physicist). Then I wrote a book about
it on a 300-baud modem terminal connected to an IBM mainframe
using a line-editor. I hit the wrong key one night and trashed
70K words. Hell, Lawrence of Arabia lost a handwritten ms for a
350k-word manuscript.

When I went to work on the Lisa, I was determined that deleting a
file would be a two-step process. On some systems, the trashcan
bulges (defies physics); on others, the lid goes off (defies my
mother). In my version, a fly circled the trashcan. The focus
groups thought it was fuckin' awesome. But by turning off the
fly, the computer could be made to run twice as fast. They fired
me.

I went back to Apple in 84 and did the last lick of work I'd ever
do: designed a global comms system called AppleLink -- chat,
boards, etc. Run on a mainframe. Ran for a few years, then
decided that it wasn't worth it for Apple. They sold the code to
a company called Quantum Data Systems, which changed tis name to
AOL, and the rest is history. I wrote AOL 1.0.

My mailer let you retract your mail -- you could send mail and
then take it back. I'd demo it by sending mail to Sculley that
said, "Sculley you idiot" and then retract it. One day, Sculley
retracted his mail and they fired me.

When I was working on the Three-Mile Island cleanup, we had a lot
of leaks to WashPo. The white-belt/white-shoe consultant stopped
by my cubicle. The PHB asked the consultant, "Who are we afraid
of sneaking in here?" The consultant said, "Why WashPo, of
course." Except that the WashPo guys were getting everything by
socially engineering us when we drank at the bar down the street.
He had no ability to control what employees did in the bar, so he
invented a bogeyman in the drop-ceiling.

Intel once had a counsel called "Al the Shredder" who would drive
a golf-cart up and down the document-retention center aisles. He
discovered two boxes on the floor, not filed. He asked "What are
these?" No one knew, so he said, "Shred 'em." Turns out these
were the documents specifically requested by the IRS. They were
left saying to the IRS, "We have any doc you want, except the
ones you asked for." To this day, the IRS doesn't believe a word
Intel says.

Al had access and authority, but he didn't know what he was
doing.

I was at a company called The Prediction Company in Santa Fe, and
they manage $1BB worth of stock-trading for the Swiss UBS bank,
earning $1MM/day using computers.

I asked, what do you do about data-security? They have firewalls
and stuff, but the building used to be a whorehouse (in a sense
it still is) [Laughs]. I asked if they'd heard of Tempest? No,
they hadn't. Nothing was RF-hardened. The public street is 12'
away -- your competitor could park a van there all day long and
scrape all your screens and put you out of business. This was
just two months ago!

We worry about logical security, we forget about physical
security.

Think about JetBlue: Who wants to be the guy who said, "Oh, sure,
by all means, have 1,000,000 customer names!"?

I keep a letter on my wall that I got from a student at Uni of
Akron, explaining in vast detail what an idiot I am. At the end
of the letter, he says, "I eat people like you for lunch."

[Ed: huh?]

I don't know as much as you know, so I have to look at the big
pic from a 30-year perspective.

We once had a dream of ubiquitous infosec: perfect secrecy,
anonymity, untraceable e-cash -- protect ourselves from
censorship, etc. It hasn't worked. I don't know that it can ever
work. I was the only reporter at the first DefCon -- and that's
what people were talking about then.

By contrast, today's news is a cypherpunk nightmare. Information
turns out not to be power, after all: Power is power. Joe user
doesn't want to encrypt email. Anonymity is overwritten by
court-order. The Great Firewall of China keeps a billion people
from communicating, from knowing what's going on. In 1997, in
Hong Kong, I spoke to the China-Internet people and said, "How do
you proxy an entire Internet?" They said, "Well, it might not
work, but we'll just throw all our resources at it until it
does."

E-commerce is credit-card numbers in SSL. Hides nothing from
anyone. Except it provides a certain sense of comfort. Our
fallback is "The most you'll lose is $50." Information is
"protected" by companies who bring lawsuits against people who
figure out how to read it.

It's wrong to brand figuring out how to decode information as
evil.

The closest thing to strong security that we are likely to have
as a society is Palladium.

That's horrible.

Pd is MSFT's infosec initiative. MSFT doesn't know about infosec.

We've shifted who controls infosec infrastructure and how it's
applied. It used to be enormous companies trying to protect other
enormous companies and govt. No one cared about us. The enforcers
focused on deterrence, hunting down transgressors and beating
them up.

Now MSFT is entering into the world of protecting us. They want
to make an infrastructure that gets not just govt and corps to
bay, but people like us, too.

We're trying to figure out how to give that kind of thing away
for free, they're trying to sell it, so they hate it.

Your assets are brain-power; theirs is brain-power and $50BB.

BayTSP is a corp that listens on behalf of the FBI. They're
making a living at being proxy-cops.

What if law-enforcement were perfect? What if no laws were
violated? The cops would hate it. Without a criminal, a cop has
nothing to do, no career. The system needs to function.

We can divide society into groups: individual, family, tribe,
nation, world. Each group is trying to defend itself against the
other (you're trying to keep your mom from finding out what's
under your bed) and to attack the other -- the tribe doesn't care
about what's under your bed, cos your mom will be a proxy for its
interests. But the tribe is trying to find out what's your mom's
secrets and what the nation is trying to take from it. The nation
cares about tribes -- criminal elements, subversives, etc.

In the pre-electronic world, nations and tribes were concerned
with physical security. Individuals and families locked the back
door. Then we worried about physical and logical security (i.e.
safeguarding microfilm). In the early digital era, we watched the
data on an international stage. In the BBS era, it magnified, and
some individuals started worrying about their computers getting
rooted and their floppies being stolen.

Today, it's all logical, there's no physical component to
security. We've forgotten the importance of physical security. We
think we have it licked. It's hard.

A centralized system is like NASDAQ: all the info is stuck in a
computer in Connecticut. A decentralized system is like the
currency market: the rate is smeared out all over the world.

I think decentralized is better.

Who do you trust? Used to be we relied on things like photo ID or
other auth tokens. Having authed someone, we stopped watching
him. IOW, if someone who normally transacted 1MB/day logs into a
box and transacts 1TB, we don't notice.

There's a company in the UK that scans mail for bad stuff. In
five years, they've never had a worm get through, in 5MM
customers. We usually rely on signatures to detect worms, but
these guys quarantine the worms that come in on the basis of
looking anomalous.

[Ed: If we're going to profile executables using
non-interrogatable algorithms, how will we stop the bad guys from
hijacking our systems?]

This can stop worms but can turn into Big Brother.

Big groups are slow and stupid. Little groups are fast an nimble
(but volunteer for suicide attacks).

I spoke at a military institution and went stumbling for WiFi and
found a honeypot. But I also found four others that they didn't
know were there.

I take great solace in our lack of security. It's my only hope to
hide. Our equal vulnerability helps. I was recently a victim of
identity theft. They can have my identity. It's worth more to
them. It made me understand our social engineering vulnerability:
institutions can't detect social engineering. You can have mail
forwarded from any address in America to any other address in
America, for any period.

I had a postman who delivered my neighbor's mail to me. I wrote
on it "Sent to wrong address." And the Postmaster yelled at me
for defacing the mail. I told him that I hadn't defaced anything,
just reported that he'd fucked up. And he said that that was his
right.


eof