The Rise of Feudal Computer Security 147
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'"
An anonymous reader provides a contrary opinion:"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."
Re:let the fools who dont know history suffer (Score:2, Insightful)
Exaggerated (Score:3, Insightful)
I find the comparison a bit exaggerated, but I agree with the conclusions. We need legislation to cover the relation between social agents and information keepers. For example, any company should allow for any customer to migrate all her data to another service, without the information loosing its original structure. The custumers should be also safeguarded against information companies going bust with their data. Etc.
Re:let the fools who dont know history suffer (Score:5, Insightful)
Where should regulation be focused? (Score:5, Insightful)
I have chosen to avoid any trust in or allegiance to Google, Apple, Facebook, or Microsoft. I have to trust my hardware, but I can switch that easily enough. I chose to trust Debian, but could easily enough switch that too. Everybody is free to make these decisions. I can use end-to-end encryption to hide my data from anyone else.
I am at the mercy of my ISP. If they fail to route properly I have no recourse and no alternative faster than 56k dial-up. Network neutrality and fairness from recipients of government-granted monopolies is where the regulation is required.
Nah, let's just standardize on them (Score:4, Insightful)
Like MS' Open Office XML (An I$O standard with patents)
Like the MP4 codec (An I$O standard with patents)
Etc.
That way the government can demand that all their products they buy follow the ISO standards and nobody is force to use it /s
Re:let the fools who dont know history suffer (Score:5, Insightful)
The government is a collective implementation of society. It has the rights that the whole of society gives it to look out for the common good. Rather than having to have individual people make their own mistakes or get individually conned, the government is an institution granted the rights to protect *your* rights.
It isn't the government regulating your decision; it's the government providing an environment in which as many options as possible are safe for you to choose from, so that you can specialize in something else and still be protected without having to worry about being swindled or conned out of giving up your own rights that have already been recognized by the collective society.
You can certainly argue that it's an idealistic framework that often doesn't meet such a mark in practice, and you can argue that the government can wind up doing its own share of swindling, but it's wrong to implicitly suggest that the government needs "rights" to be valid about doing what it does.
Re:What a load of crap! (Score:5, Insightful)
In fact anyone capable to run his own infrastructure already had most of this services more than 10 years ago.
Webmail, file storage accessible from anywhere, files synchronization between computers thru Internet, remote encrypted backups... all of this is quite trivial to setup and can be tailored to your needs in such a way that you won't even think of going back to "generic" services.
Don't get me wrong, all this "cloud" thing has been great to bring to the masses what we nerds always had. But I have yet to see one of this services successfully replacing what I already provide to myself with just an Internet connection, a router, a NAS, and tiny server.
Re:let the fools who dont know history suffer (Score:3, Insightful)
The government is ALREADY involved in literally everything. Better ot realize that and shape it to our own ends, rather then pretend it doesnt exist.
In what way is that better than advocating for a limited government?
Re:Say what you want. (Score:5, Insightful)
The problem is if you don't like any of their agreements, you just can't use technology. Yes we have a right to choose which product we want to use, but we are not offered the ability to use anything without handing over some fundamental right in the long run. The only option is to become a Luddite and live in a cave. There is no Gypsy option yet for technology and associated cloud services.
Oh please, you can do pretty much everything if you either a) host it yourself or b) rent some space in a co-lo. I don't store my things "in the cloud", I store them on my HDDs with backups just like I did before the cloud and social media became the new hype. You don't have to blog on Facebook, you can easily get a free blog on your own terms. If you don't like Spotify then iTunes and Amazon didn't go anywhere. And if there's no free alternative to iEverywhere or gEverywhere it's because nobody's bothered to build it on top of Linux and Android - last I checked the source code to both was free and so was the SDKs so free free to start, rather than whine about it.
Most people just don't want to manage their own computers, least not in the sense you and I mean. They're perfectly happy with an Apple or Google "appliance" that runs 100000+ apps. Why point fingers at the corporations when 99% handed over control voluntarily? It's like saying democracy needs regulation because 99% make stupid decisions. You can't regulate people into caring about the things you care about, because you'd have to be blind and deaf to not have noticed the wailing every time Facebook changes their privacy policy. Yet people keep using it. Same way there's nothing preventing people from installing Linux, but 99% don't do it anyway. Most people simply don't care if their computer comes as a big binary blob.
Re:let the fools who dont know history suffer (Score:0, Insightful)
Government is never the solution. Government is always the problem.
The problem is government has been out of control for almost a century, so no one alive has been exposed to true freedom and a true free market economy. If you don't like your vendor you can switch. If you don't like your government and try to do something about it, they will lock you in a cage, torture you, or kill you.