Government and industry have betrayed the internet, and us. By subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract.
The companies that build and manage our internet infrastructure,
the companies that create and sell us our hardware and software, or the companies that host our data: we can no longer trust them to be ethical internet stewards.
This is not the internet the world needs, or the internet its creators envisioned. We need to take it back. And by we, I mean the engineering community.
Yes, this is primarily a political problem, a policy matter that requires political intervention.
But this is also an engineering problem, and there are several things engineers can - and should - do.
One, we should expose. If you do not have a security clearance, and if you have not received a National Security Letter, you are not bound by federal confidentiality requirements or a gag order.
If you have been contacted by the NSA to subvert a product or protocol, you need to come forward with your story. Your employer obligations don’t cover illegal or unethical activity. If you work with classified data and are truly brave, expose what you know. We need whistleblowers.
Two, we can design. We need to figure out how to re-engineer the internet to prevent this kind of wholesale spying. We need new techniques to prevent communications intermediaries from leaking private information.
We can make surveillance expensive again. In particular, we need open protocols, open implementations, open systems – these will be harder for the NSA to subvert.
The internet Engineering Task Force, the group that defines the standards that make the internet run, has a meeting planned for early November in Vancouver.
This group needs to dedicate its next meeting to this task. This is an emergency, and demands an emergency response.