Getting Medieval on Infosec: A Response to Schneier

Posted on November 30, 2012 - 11:17 by imeister

Earlier this week, Bruce Schneier shared some insightful thoughts about ‘feudal’ computer security. He believes that Internet giants like Google, Apple, Microsoft, and Amazon are “becoming our feudal lords, and we are becoming their vassals. … [I]t’s becoming increasingly difficult to not pledge allegiance to at least one of them.” I have no doubt he’s right about that — now more than ever, it should be clear to everyone that even the savviest technical consumer can’t come close to matching the level of reliability and ubiquity the ‘lords’ offer. But I take some issue with the contrast he lays out to frame his argument:

Traditional computer security centered around users. Users had to
purchase and install anti-virus software and firewalls, ensure
their operating system and network were configured properly,
update their software, and generally manage their own security. …
Now, we users must trust the security of these hardware
manufacturers, software vendors, and cloud providers.

In my view, the feudal model of computer security is an artifact of the architecture of the modern computer itself. The feudal language Schneier uses to describe security — that it “depended on overlapping, complex, hierarchical relationships” and “a series of rights and privileges” — is strikingly similar to the language of the memory stack, process threading, and user permissions. The “rights” granted by a directory service to individual users are feudal rights (conditional and revocable by the superior power), not ‘natural’ rights in the post-Enlightenment sense of the word. The superuser is king in his castle, no matter how small.

Schneier’s description of users purchasing firewalls and antivirus software and managing their own security is no Golden Age of security — if anything, it was the Dark Age. Each endpoint on the network, like a freeholder peasant in post-Roman Europe, was largely unaware of the other endpoints nearby, was required to be largely self-sufficient, and generally was required to spend an excessive amount of time preparing defenses that would frequently fail. That a system of complex, overlapping rights and duties between those with more power (viz., technical expertise that can be deployed against malicious actors) and those with less emerged from this state is unsurprising, if not inevitable.

Of course, for all of the structural reasons I’ve just mentioned, I believe that absent a serious change in the architecture of the endpoints of the Internet, the feudal model is the ‘natural’ arrangement of the computer security landscape. In fact, the oligopolistic competition among the remaining half-dozen or so Internet giants (feudal duchies) to provide features to their vassals is apt to reinforce the trend.

As Schneier so rightly points out, the “ad-hoc and one-sided” feudal system we see emerging is susceptible to error, the more so because of the universalizing aspirations of each of the major contenders — if our data is stolen, our devices hacked, our accounts hijacked, the destruction wrought can be total. (Just ask Mat Honan.) It took the Black Death to weaken the European feudal system sufficiently to shift the balance of power away from the powerful to the powerless, and I expect something very similar will be required for Internet users as a whole to force a renegotiation of the terms of their serfdom.

All this is to underscore the importance of users insisting that all of the giants do a better, more transparent job with the security of our data, and to make it as easy and intelligible as possible to keep our devices secure (without, of course, unduly constricting our rights in the devices themselves). That means providing regular security updates and unbundling them (to the extent practicable) from feature changes. Moreover, the single largest factor in turning medieval serfs into comparatively empowered Renaissance freemen was securing the right of mobility. We must insist on open, permissive standards that allow us serfs to vote with our feet when our personal data is lost or mishandled, and effective regulation that ensures our lords fulfill their obligations. (Google’s Data Liberation Front is a start.)

We can build a securer, more trustworthy Internet environment that discards the excesses of digital feudalism. There are important differences between historical and digital feudalism: our corporate lords have employees that are themselves serfs, and the lion’s share of the giants make their home inside an evolved Western democracy with a reasonably well-developed sense of the importance of safety and freedom. I hope we never have to face a Black Death-like mass iOS infection — some root-capable exploit like the libtiff vulnerability in early versions of iOS, or a Gmail data breach! — but absent a systemic rethinking of the nature of computer security and the acceptable behaviors of lord and vassal, I believe that’s where we’re headed.

Add new comment

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.