Cory-Doctorow-640 — Cory Doctorow – image: Alex Schoenfeldt Photography (CC BY-SA 2.0)

Author and technology activist Cory Doctorow has slammed the policies of the National Security Agency (NSA) and bodies like it, saying they’ve deliberately undermined online security without consideration of the long-term impact this will have.

“Weakening the security of the entire Internet to catch a few suicide bombers is so unbelievably bone-headedly short-sighted and depraved in its indifference to the security of Internet users that I think to call it criminal is not too strong,” he tells TechCentral.

Doctorow is in Johannesburg this week to attend the Internet Service Providers’ Association’s annual iWeek conference.

The origins of this predicament, according to Doctorow, can be seen in the battles fought over copyright in recent decades as media has moved from analogue storage and distribution to digital.

“What we saw with the copyright wars was an effort to solve a social problem or a business problem with technology mandates,” he says. “The thinking went that people are using computers to infringe copyright, so we can solve this problem by making it so that computers can’t infringe copyright.

“The problem is, that’s a nonsense. A computer is a copying machine … there is no mechanism by which a computer can manipulate data without copying it. And so, saying we’re going to have a computer that only copies in ways that are licit and not illicit was a dead letter to begin with.”

Doctorow says this became a problem because it resulted in people being prevented from, for example, making products that could override the region codes of DVDs.

Although it hasn’t been particularly effective in stopping copyright infringement — everything is available online — it has created a “second-order problem”, which Doctorow considers “much more serious”. Because no one wants “anti-copying software” on their computer, and will remove it if possible, “this anti-copying errand becomes an errand to hide software from users of computers”.

The result is manufacturers have to hide some feature of a computer from the user. “Even if you trust the manufacturer not to do anything bad to you with a facility that hides what your computer is doing from you, if someone who’s not trustworthy can figure out how to avail themselves of that facility … then you make it that much harder for users to be safe in their own computers.”

This is particularly worrying because of the growing prevalence of computers in daily life, Doctorow argues.

“There’s limited understanding that your car is a computer … your house is a computer … that a Boeing 747 is a flying Sun Solaris workstation in a fancy aluminium case connected to some badly secured Scada controllers.

“And so when we create mandates that say computers should be designed so that the person who has root [access] on them doesn’t know what they’re doing, then we create a kind of attractive nuisance that invites everyone who wants to do something bad to someone using a computer to avail themselves of this facility.”

Doctorow says this ties into the NSA because it had a problem to solve — the desire to spy on people — and the solution it went for was “weakening the security of computers”.

“They would effectively break a computer so that if you asked the computer ‘are you in a secure state?’ it would say ‘yes’, even though the correct answer was ‘no’.”

The result is government bodies that coerce or “inveigle” companies to “deliberately weaken” their security while also sabotaging standards bodies so that they would “create bad randomisers that would function as back doors more broadly”.

Doctorow says some standards bodies have even reopened discussions on standards that were previously deemed finalised because the NSA has compromised them. Compromised standards mean some products may have back doors inadvertently, making them vulnerable.