Your reasoning has been official US policy, because it seems sound. But the last few years of Internet warfare has revealed some problems with favoring offense over defense:

1. 1) The weapons of the Internet are not like tanks and nukes. Deploying weaponized exploits require very little infrastructure. They cost almost nothing to replicate. Almost anyone can do it. When an enemy deploys an Internet attack against you, you can easily (compared to a nuke) figure it out, and then deploy it back at them.
2. 2) For years, our standard doctrine was that an Internet attack was not as significant as a physical attack. But, this is no longer true. We are so dependent on the Internet, that a sustained Internet outage has the potential to do more damage to us than a limited nuclear exchange.

Perhaps the greatest problem with the offensive mindset is that it teaches us almost nothing about how to defend. We know we need to deploy better software, but we don't know:

• * How to value effective security more than features.
• * How to force large IT vendors to favor their customer's interests over short-term profit.
• * How to force powerful Intelligence agencies to relinquish power, now that they are a greater threat to US, than they are to our enemies.

Now this is the feature that screams of interference by a spy agency. If this feature was for Management, then YOU COULD MANAGE IT!

It would be turned off by default. You could turn it off. You could permanently disable it. I have been asking for these capabilities for years. I know I am not the only one. When I talk to other security folks and IT admins, the majority of them want to be able to manage and control the possibility of remote management.

The security industry has learned at lot about attacking authentication systems in the last few years. It turns out, that to an attacker, everything is a digital recording or a digital stream. This means that:

• * Something You Have;
• * Something You Are;
• * Somewhere You Are;
• * and Something You Do;

all can ultimately be transformed into Something You (or a computer) Knows. Therefore, almost every multi-factor authentication system depends on several things that an attacker can discover, and mimic.

The security industry has found that biometerics have a major down side, in that they can't be changed. Once they are discovered by attackers, they are permanently discovered.

For example, the major compromise of the US Office of Personnel Management by the Chinese in 2015 disclosed 5.6 million recorded fingerprints. This included everybody who had a security clearance, and all covert agents in Intelligence and law enforcement. Since biometerics can't be changed, it will take decades before this compromise stops causing harm to the US government. US Covert agents can be identified. Any attempt to use fingerprint biometerics for these people can now be more easily attacked: https://en.wikipedia.org/wiki/...

Every government has aggressively begun to collect biometeric information from every possible source. Shortly afterwards, almost every government database of collected biometerics has been successfully compromised. Biometric information is collated by insurance, law and intelligence agencies. It is sold and resold on the various criminal marketplaces.

Part of this flourishing criminal marketplace in biometeric information includes permanent, unchangeable health and medical information: https://hipaahealthlaw.foxroth...

Also, US courts have ruled that biometeric info has almost no legal protections against collection, resale or forced disclosure.

Therefore, some security professionals now believe that well funded attackers can overcome the biometeric parts of an authentication system with less expense than overcoming a password.

I realized my mistake later. I was babbling on and on about types of RAT (Remote Access Tools) and the rise of the surveillance state. Eventually I stuttered to a stop when I saw the intense look of horror and betrayal on the kids face. You could not have hurt him more by stabbing him in the back with a knife. No amount of glib "Et tu Brute?" was going to make it better. His world had just become a dark, treacherous place. Somebody that he trusted, did not trust him. And, by placing the tracker on him in secret, they demonstrated that they were not worthy of trust.

I still have no idea what I could have said to restore the possibility of love and trust to that kid.

Recently we had a career fair for high school kids. Everybody was there. The kids loved it.

For one of our displays, we displayed the traffic of a wireless network using a network visualization tool: https://www.youtube.com/watch?... When the kids connected to the wifi, they could see their traffic. They loved doing different things and seeing what happened.

Somebody had surreptitiously placed a surveillance tracker on a kid's phone. Every thing he did caused a burst of traffic to a remote IP. When he scrolled a screen there was a burst of traffic to that IP, When he typed a character there was a burst of traffic to that IP.. He was absolutely heartbroken when he realized what was going on. His wonderful toy instantly became a treacherous enemy. His friends all took a step back and stared at him like he had become contagious.

I didn't know how to make it better. The best I could say was: "If he is being monitored by a government, they didn't really care what he was doing." Nobody seemed reassured..

The question presupposes that Big IT is desirable. The real questions are: Have I benefited from the lack of competition and choice? Is the slowness of innovation created by Big IT in my best interest? Have powerful corporations EVER served and protected me and mine?

I don't believe that Big IT serves my needs or interests. It cripples my abilities. It limits my choices. It creates powerful political pressures that wish to enslave me.

I don't need or want Big IT or any other powerful corporation. I would be better off without Apple, Microsoft, Cisco, and Oracle.

It is odd that the Australian government is calling on ISPs to take action against computer malware, when most of the effective actions are in the government's hands. Computer malware is a complex issue. There is no single fix. Instead, we need to systematically value and build up security. Probably, the most important changes that we could implement with our ISPs is to require them to properly handle abuse reports.

• * ISPs need to properly assess, then quickly forward valid abuse reports to the owners of internet connected equipment.
• * Then ISP's need to disconnect misbehaving internet equipment if an abuse report doesn't result in timely mitigation.

This is probably the single biggest change that an ISP could make to help people increase their commitment to effective security.

On the other hand, there is an enormous amount of effective action that could be taken by the Australian government. It includes:

• * NEVER HORDE SECURITY VULNERABILITIES! Enable the timely, accurate disclosure of security vulnerabilities and issues. Even by government intelligence agencies.
• * Protect whistle-blowers and security researchers from reprisal and harassment.
• * Work to crash the global market in vulnerabilities and exploit, by countering it with free, quick, and accurate disclosure.
• * Create an independent, well-funded organization similar to the CDC that creates and publicizes accurate tracking of ALL malware activity. Including government malware. We will never get anywhere until we have meaningful epidemiology with details on effective counters.
• * Change government purchasing standards to favor resistance to malware over convenience and features.

So, to summarize, we agree that if we lose the internet, we are screwed. You feel that we can somehow return to 18th century farming practices and still sustain current population levels.

I pray that we will avoid this situation. The only thing that might take down the internet is a sustained, determined effort by a large group of crazy people. Unfortunately, it sounds like Congressman Sensenbrenner might be an example of such a group.

I don't think it is hyperbole to say the billions will die in an extended (months long) internet outage. Here are a few more depressing facts:

• * Almost all of the world's money is virtual. It exists as trust and electronic records. It's potential is only the potential to create certain types of communication. All these communications depend on the internet. Without the internet, the computers in the banks are simply odd shaped piles of toxic waste. An internet-less credit card only has value as a book mark. There are no financial transactions without the internet. There is only barter.
• * Most of the US cultivated farmland is degraded from 200 years ago. The soils have increased levels of minerals and salts. The soils have decreased levels of organic material. The aquifers are depleted. Most US farmland requires high-tech intervention to maintain productivity.
• Almost all the cultivated farmland west of the Mississippi requires high-tech irrigation to produce crops.
• * There are no meaningful stocks of "heritage" seeds. The US lives off of hybrid seed that is produced in a small number of high-tech farms. Even if the current crops could be used for seed stock, most farmers no longer have the means or knowledge to preserve and treat seed.
• * Farming is HARD, specialized work. It takes decades to get good at it. 18th century farming is even harder and more specialized. It requires knowledge, skills, and culture that only exists in the Amish. The Amish are good, but they aren't going to feed more than a few thousand people.
• There are almost no available animals to support a large return to 18th century farming. Virtually no oxen. very limited stocks of chickens, geese, ducks, pigs, and sheep. There are only a few thousand work-horses.
• 18th century farming requires a lot of specialized support skills that no longer exist. I would be surprised if there are 100 blacksmiths in the US that could support a farming community. I expect I could count the number of coopers that can work at that level of technology on my fingers. And that is only 2 of a couple dozen specialists that would be needed to create a viable farming community.
• Even if somebody could figure out what people need to know to survive, there is no way to communication that information to people without the internet. We don't have the old, low-tech printing presses anymore. If the old printing presses still existed, you couldn't get supplies for them. Even if you could somehow print the information, you couldn't distribute it before most of the people died.
• The population of the world back in 1800 was about 1 billion people. There is a considerable state transition between our current state and that state. It may not be reversible.

So, to summarize, if we lose the internet, first the money disappears, then the food disappears, then the people disappear.

I hope somebody convinces the congressman that the internet is essential to the US economy before he causes too much damage.

Our society requires rapid, successful transportation and communication. We have almost completely transitioned to a Just In Time (JIT) economy. See: https://en.wikipedia.org/wiki/...

Thanks to JIT optimization, there are no large stores of immediately useful resources and goods in the US. All elements of our society depend on tight, reliable links between supply and demand. The stores only have a few days supplies. The stores rely on timely orders and deliveries to maintain stock and reduce overhead. The suppliers of stores only have a few days of supplies. They rely on receiving accurate and timely orders to know where to deliver. Those suppliers then must place timely and accurate orders to keep the next link in the chain moving. This continues all the way to the harvesting and transportation of raw materials. Every step is optimized to reduce overhead and unnecessary stock. Any supplier that fails to optimize is replaced by a more efficient supplier that has optimized. Every step is dependent on quick, accurate communication and transport. When this breaks down, people die.

For example, most of the deaths during the Hurricane Katrina debacle were not caused by the initial flooding. They were caused by the breakdown in transportation and communication.

ALL aspects of the US transportation and communication grids are dependent on the continued functionality of the internet. The phone systems are now interlinked with the internet. The management of the highways and the supermarkets all depend on the internet. The internet supports all orders and deliveries in the US. Without the internet, there is no food in the stores or gas in the gas stations. If the internet goes, the electrical grid quickly follows.

If the internet suffers an extended outage, there would be massive numbers of deaths. During the first few days, there would be thousands of deaths. During the first few weeks there would be millions of deaths. During the first few months, there would be billions of deaths.

On the other hand, the internet is built and maintained by hordes of capable people. We can overcome almost any obstacle. Once the dying starts, we will come up with answers. They will not be pretty, but they should be functional. Hopefully, one of the first acts will be the elimination of anybody who claims that the internet is unnecessary.

The CIA and the NSA leaks teach us several important lessons. They include:

• * The Intelligence communities are much better at creating problems than fixing them. They can easily destroy individuals, communities, governments and trust. They don't create anything of lasting value. Nor do they clean up the messes that they create.
• * Secrecy really REALLY isn't security. Secrecy creates and maintains private agendas. Secrecy creates and fosters waste. Secrecy destroys trust. Secrecy interferes with almost all aspects of security and good governance.
• * A large, complex intelligence organization can't keep secrets. They can't keep secrets from hostile governments. They can't keep secrets from organized crime.
• * Finally, we have learned that cryptanalysis can be surprisingly effective, but a full frontal assault on an encryption algorithm is the hardest way to break a crypto-system. There are many easier ways to break or bypass crypto.

There is a huge gap between crypto theory (https://www.cs.princeton.edu/~felten/encryption_primer.pdf) and expressed and implemented crypto reality. This gap provides many opportunities for anybody who wishes to favor attack over defense.

Traffic Analysis/meta data collection provides cheap, effective attack against virtually all current communication channels. Once you know who, when, where, how, and approximately what they are saying, you usually don't need to break their crypto.

The easiest way to weaken crypto implementation is to simply withdraw support for updates and improvements. Good crypto is hard. Defense is expensive. Without constant support, defenses fail. If you wish to weaken crypto defenses, it is usually sufficient to withhold support for good standards and good processes, and fail to eliminate mistakes.

The next most cost effective ways to weaken crypto implementation is to focus on degrading or hindering:

1. 1) Transparency and disclosure;
2. 2) Purchasing standards;
3. 3) Vetting or approval standards;
4. 4) Programming environments and standards.
5. 5) Crypto standard processes;
6. 6) Crypto implementation projects;
7. 7) And crypto standards;

Good crypto implementations are almost indistinguishable from bad crypto implementations. The market will cheerfully purchase poor crypto if it is available, cheap, and the consequences are not immediate.

If an attacker ever needs to access info that is protected by a robust crypto implementation, it is usually faster and cheaper to subvert it's surrounding environment, people, hardware or software.

Reform of the Intelligence agencies should begin by greatly reducing their budget. Currently, they are huge, bloated, unmanageable monsters. They twist government to their whim. They distort the civilian economy. They cause massive incidental damage. A slim, tightly focused agency can be more carefully controlled and managed. A small, efficient CIA or NSA would achieve almost all of OUR important goals with a tiny fraction of the collateral damage.

For years, IT has used complex password rules to make up for the failings of IT security. Specifically, we have required complex passwords because:

• * IT fails to protect our password hashes. Password hashes require almost as much protection as plain text passwords. They both must be protected from exposure. Password hashes must be continually upgraded to the strongest hashing algorithms. They must be individually salted. Their communication pathways must have the highest level of protection to prevent exposure and pass-the-hash attacks.
• * IT fails to detect and limit password guessing. Short passwords can be quite effective when there are effective limits on password guessing.
• * IT fails to implement multi-factor authentication. We have known that multi-factor authentication was necessary for decades.
• * IT fails to audit itself or transparently track the use of IT resources, including authentication.

None of this is magic. We have known that this is required of IT security since the mainframe days. Defense in depth with different security layers is not just a good idea. It is central to all effective defense planning for thousands of years. However, instead of doing good IT security, we attempted to push the burden and failings of IT onto the users via complex password rules.

Of course, there should be some password rules. They should look more like:

• * You must use some form of password management. It should be secure. It could be a piece of paper that you keep in your wallet. I personally use KeePass.
• * You must use different passwords for every different trust situation.
• * You must have an effective strategy for generating non-guessable passwords. I personally use KeePass's random password generation or the "shocking nonsense" approach to generating password phrases.
• * You must change your password when you have a reason to suspect that they might have been compromised. The recent Cloudbleed issue is a good reason to change many of your passwords. Fortunately, if you have a good password manager, it just takes a couple minutes to change them all.
• * You should change your passwords when there has been a significant change the in trust relationship with the remote party. This can include non-obvious things like when they go public, or when they outsource (or in-source) their IT. A good hint is when they start offering multi-factor or Single Sign On. This means that they have reviewed and updated their entire authentication system. You should change passwords to take immediate advantage of the improved system.

When I worked IT Security for a University, we took extra effort to thank anybody who reported a security issue. Here are some examples:

• * We had an alert clerk notice that "something was off" when 3 people tried to sweet talk their way into a storage area. She flirted with them, while her co-worker called campus security. The cops had the penetration team spread and handcuffed before they could present their "Get Out Of Jail" documentation. Even then, they kept them handcuffed, until the cops called and verified the documentation. It was the first time that the penetration team had EVER had to use their documentation. I personally called and thanked everybody. I also arranged for the clerk to get a 2 pound box of the local Blue Bird Chocolates: http://bluebirdcandy.com/
• * When we started our "Internet Skeptic" awareness campaign: https://it.usu.edu/computer-se... we would send a coupon for a free Aggie Ice Cream Cone: http://aggieicecream.usu.edu/ to the first person to report a new phish.
• * Later, we found that prompt, public thanks worked as well as ice cream. We would promptly analyse every report, and then send out 2 sets of emails. The first would be the thank-you to the reporter. It included: Personalized thanks; A description of the scam; A report of how many others at USU were warned, thanks to their alertness. The second set of email would go out to everybody who had received a copy of the phishing scam. It included: A notification that the prior message was a fraud; Instructions for how to recover, if they had fallen for the fraud; A report of how many others also received the phish; A public acknowledgement of the alert reporter.
• * This spring, we had a "Phishing Tournament" with various awards for reporting fraudulent emails. The grand prize was a tackle box full of goodies.

The small amount we spend on thanks was more than repaid by the savings created by a community of alert, careful internet skeptics.

Well, daaang.

Last night, my computer and Slashdot combined to throw away a 4 hour description on how to maintain anonymity when under omnipresent surveillance. That was frustrating. But, after a night's sleep and some reflection, I think it was for the best. The required skills and commitment are almost superhuman. Today, US citizens can expect little privacy in their purchases, travel, interpersonal communication or internet activity. We need better answers that will help everybody. If we train ourselves to defeat the current generation of surveillance and discovery, we will be faced with even more intrusive measures. We need to change the game in fundamental ways.

The initial problem seems to be that we don't trust each other or government. The cause of that distrust seems to be that we all keep secrets from each other. But, when you look at the cause of the secrets, you find that we have created incentives for secrecy and distrust. In our current laws and culture we benefit from keeping secrets from each other and from the government. Our government benefits from keeping secrets from us. We all have created an economy of discovering and exploiting each other's secrets. Thus, we have created incentives that motivate secrecy, deceit, surveillance, and betrayal. This is not a good way to live.

It seems like we aren't valuing privacy enough. But, I think it is just the opposite. We value privacy enough spend resources to penetrate, subvert, and deny it. The answer isn't to increase the value of anonymity. That will just increase the incentive to destroy privacy. We somehow need to regain privacy and anonymity by devaluing the secrets. We also need to increase the value of trust, while we increase the cost of betrayed trust.

I can see how to accomplish this at the local level. If I am more open, honest and involved with my friends, family and community, then we increase in trust towards each other and know each other's secrets. At that point, our secrets have no value and there is everything to lose and nothing to gain from surveillance, deceit, or betrayal.

I've got no idea how the fix my broken relationship with the highest levels of government.

Local government is small and well behaved. I know them and they know me. We have no meaningful secrets. We have years of mutual support and trust.

I have no problem with telling my next door neighbor, the-city-councilman all the details of my life. We have lived next to each other for almost 4 decades. We have raised each other's children. I know several good policemen and women. I know a good FBI agent. But, somewhere at the top, it all goes sour.

The Feds seem to get great benefit from lying to me, and betraying my trust. I don't know how to make it stop. The CPI (Consumer Price Index) is a bad, blatant lie. I can't imagine why they feel they need to lie about things that are intimate knowledge to every American. It's embarrassing. And the lie damages almost every American. The published employment rates don't pass any kind of simple fact checking. We all nodded along for decades while the Feds inflated the dangers of marijuana. And, now that it is all revealed as an colossal fabrication, they refuse to admit error or correct the damage. All for no obvious reason. The Feds can't admit mistake. The Feds can't correct mistake. And, it appears that they can't tell fact from wild delusion. With that history, I can't stand the idea of giving them more power over me.

And the Feds keep trying to pass their bad habits to my state and local governments.

The actual inflation rate is a rather personal thing. And, it depends on some rather personal questions:

• * Has the price of the stuff that YOU buy gone up or down?
• * Why did you buy that stuff?
• * What do you actually need to buy to survive?
• * What do you need to buy to be content?

In specific, only you can answer these questions. However, there are some common general trends:

• * The measure of inflation published by the US government: http://www.usinflationcalculat... will be different from the measure of inflation that you experience. The pressures to influence the rate of inflation published by the US government are different from the pressures that influence YOUR purchasing. A couple years ago, Forbes had an interesting opinion piece that pointed out some of the pressures on the US government to manipulate the published rate of inflation: http://www.forbes.com/sites/pe...
• * It is very hard to interpret the published US rate of inflation, because they change their methodology ALL THE TIME: http://www.bls.gov/cpi/cpi_met...
• * In general, these changes in methodology tend to minimize the published rate of inflation. Older methods, yield a much higher rate of inflation: http://www.shadowstats.com/alt...
• * If any of the things that YOU buy experience higher rates of inflation, then it's costs will dominate your budget. This is particularly compelling when the item is a non-optional part of your expenses, such as food, housing, clothing, medical, maintenance of income, community interaction, or interaction with family.

To add an insignificant personal data point, every time I have measured the increase in the expense of food, housing, medical or maintenance of income in the last 30 years, my results have traced the US methodology used back in the early '80s instead of current methodology. For the last 35 years, I have held jobs at the same university in the leading edge of IT. Back then, my monthly salary was about $35K. If my salary increases had matched the cost of living according to the methodology used in 1982, my current monthly salary would exceed $250K. The current actual costs of food, housing, medical and maintenance of income would be about the same percentage of my budget NOW as they were then. Instead, my salary has trailed the actual published inflation rate, and my current mandatory costs are crippling me.

I think the most important key to solving the current problems with credit cards is to finally accept that a single approach will not work well for many use cases.

I am looking for something that gives ME (the owner of the account/money) a number of solutions. I need the following:

• * Options to securely manage my underlying account over the internet. I can understand why some options aren't default, but my bank doesn't seem to even know that problems exist. I would like to protect my connections with overbuilt encryption. Or choose to require refused connections unless it is the latest, strongest encryption. Or reject weak ciphers and key sizes. Or require multi-factor authentication. Or require a range of source IP addresses. Or require a single, secure, pre-distributed OS (distributed on a cheap, reliable USB stick.). Currently, they don't allow me to require any of these.
• * I want my bank to enable single, on-time, cheap, secure, online transactions. It is crazy that my bank continues to pretend that it is not connected to the internet. Or that online commerce can only exist by using ancient, insecure, expensive, slow 19th century methods. Online purchasing should be more (not less) secure than "chip and pin", because we have much greater capability to confirm the identity of the participants and the nature of the transaction. It can also be much quicker and cheaper. Having Apple, Google, or Paypal add another non-transparent layer between me, my bank, my vendor and his bank just seems insane.
• * I want my bank to enable ongoing, cheap, secure, ongoing static payments to pay bills. Currently, I don't allow automatic payments of my bills because Comcast (and others) think they should be able to spontaneously increase their charges. I want to set up a "Only this much, this often, to this entity" payment. Then, if somebody want's to charge more, we re-negotiate with full knowledge of the change.
• * Chip and Pin seems to be an acceptable compromise for the current transition to payment via trusted device. I need to figure out what device method I can trust. So far, no help from my bank on that front either.

Is Paypal capable and trusted enough to be used as a bank?