The Rise of Feudal Computer Security 147
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'"
An anonymous reader provides a contrary opinion:"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities."
let the fools who dont know history suffer (Score:3, Interesting)
These people who fall into the vendor lock in do it on their own free will, what rights does the government have regulating their decisions?
Re:Exaggerated (Score:4, Interesting)
The custumers should be also safeguarded against information companies going bust with their data.
Talk to the construction trades about being "bonded and insured" (before or after talking about unionization, and talking about apprenticeship, of course)
Its a simplification, but if you contract out to a bonded and insured contractor who goes out of business (lawsuit, bankruptcy, death, whatever) the bonding company will pay to get "someone else" to do the work for you at no additional cost. Obviously the risk to the insurer depends on the scale of work and the health of the contractor and length of job... I would imagine the mighty GOOG would pay less for bonding than a dotcom.
Stupid metaphor == poor thinking (Score:4, Interesting)
You're responsible for your own security. You don't pledge allegiance to a vendor, you use their wares until it doesn't satisfy your personal requirements.
This sort of metaphor, while poetic, is counterproductive.
Re:The Big Players are following a Pattern... (Score:2, Interesting)
The Pentagram: Google, Apple, Microsoft, Facebook, and Twitter.
To us (the serfs) it looks like they are in competition, but they are working together to control the entire world. The Pentagram's power and control knows no boundaries, it fears no military. They have centers of operation spread throughout the world, it will not harm them if some are taken out. Look how much change they have been a part of in the world during the last 5 years. Cheap cellphones and Twitter have overthrown governments. The world governments are afraid of the power of the Pentagram. They are making demands on them (such as data collection, warrantless wiretaps), but in the process have realized that the Pentagram is more powerful than each country's government. The Pentagram can shape and mold public opinion by the way they filter the news and control the flow of information. Unlike you, I am not afraid. I look forward to a world where countries become more like cultural districts rather than entities at war.
Have to stay on top, I use all in some capacity. (Score:4, Interesting)
Kind of shitty article though. I thought Bruce was going to talk about how some security researchers won't release their findings to the world, keeping the security holes secret so they're less likely to be patched, esp. those cyber-"security" teams of governments themselves... I run my own servers for my email and services that really matter to me and my family. That, and there's no such thing as a client or server, really... My, logs show that grandma just synched more photos to our private distributed "freenet" cloud. She probably did that by plugging in her camera to her PC -- the sync automatically scans her albums folder.
Oh, I might be pledging alegence to Free Software! Oh no! Why, whatever will I do if Linux becomes a fiefdom? Why, I'll Fork it, or use BSD, both of which run the important shit just fine... Also, my VOIP system connects directly between my family's houses avoiding even using a 3rd party service for in-family calling. I
I thought it was supposed to be increasingly difficult not to pledge alegence to MS, Apple or Google. It's actually getting easier to NOT do so if you ask me and mine. Woops, I'm sorry. Didn't mean to actually prove anyone's article completely wrong. I would say to Bruce that he needs to clarify that it's only getting more difficult for ignorant people who don't care about what he's talking about to avoid...