Fighting Stupidity and Malice in the Wild, Wild Web

I do I want to get us all hyped up and prepared for a phenomenal a fantastic guest speaker straight from the wild west of the United States with roots in California Texas and Colorado we're going to welcome on this stage the amazing the incredible Wendy another everybody yeah Wendy I really really can't thank you enough for being here on this stage with me let's take a good a nice photo right there yeah that's the camera look at her look at her look at you Wendy how about that hat y'all huh yeah and that's one percent genuine authentic Texas white hat and a pink hat how about that y'all all right are you ready for Wendy to take us into the wild web to look at fighting stupidity and Malice in the wild wild web are you ready yeah all right Wendy are you ready I'm I think I'm ready okay let's have the slides up here's your clicker here's your monitor the stage is yours I'll be right over there in case anybody needs some wrangling so you all stay nice okay Brandy it's you thank you thank you hello thank you everybody and I want to thank Karen ahoti my sister from Fort Kick-Ass thank you very much for having me I want to thank the the b-sides team all 50 volunteers I'll thank you individually when I get out of here thank you thank you thank you thank you and uh also I want to thank Sunil Yu and Mike Kaiser for letting letting me have the insides of their very smart brain now I'm going to tell you that I I'm kind of nervous this is kind of intimidating because here I am in the Cyber capital of the world at the b-sides where all the smart people come together it's kind of scary so I had to come up with something so what I figured out was I was just gonna make [ __ ] up so that's what I'm gonna do makes it up here live because that's what we do every day right in in cyber security we look at something and go wow that just happened okay now what do we do so we are making [ __ ] up as fast as we can and that's what this talk is going to be about so when they asked me to come and speak they said the theme was the Wild Wild web and my first thought was you know okay wow should we tame the Wild Wild web or should we try to leave it Wild and I was kind of in a coveted Feud I got covered for the first time last month so I was just lying there going okay tame it leave it wild and then these thoughts started coming so that's what I'm going to share with you today I will tell you right now that I do not have the answers I have only questions and sometimes they're pretty good questions sometimes they're not but I'm going to depend on you to help me figure this out now why am I giving this talk well first of all I grew up in Texas I live in Colorado now so that kind of helps me be the right person to be on the stage but even more importantly I learned to program I got into Tech right here in Tel Aviv at Tel Aviv University in 1975. yeah so I was here in in uh we were Lim kharashim and my father was at the astronomy Department here at Tel Aviv University and I told him one day I said Dad I'm bored don't ever do that don't tell your parents you're bored so he threw a basic manual at me and said here I want you to write a program to make the Bell on the teletype ring does anybody even know what a teletype is you probably yes you do thank you thank you um yeah this it looked kind of like this not exactly this is not me but this is where I learned a program and it set the course for my entire life so I feel like I'm coming back coming back home full circle this is what the arpanet looked like at the time in 1975 very small Network and at that time there were a lot of assumptions that were made about the design of the in of the arpanet and how it should be operated and one of the things that they decided on was in order to make it as available as possible to withstand a nuclear a nuclear explosion or anything like that that kind of disruption all of the emphasis was on availability and so in order to get it up and running they did what they had to do so some of the the ideas the assumptions that they made were like this quote from my friend Mike O'Brien who used to write blogs as Mr protocol back in the day he was running some of the early BBN networking um what they all said was be strict in what you send but generous in what you accept so in other words accept anything in terms of network traffic but be but be correct in what you send now accept anything from anybody would anybody say this today no absolutely not but this was the open version of what we thought went back when it was a really really small Network so times have changed back then it was a very small Network everybody who ran the networking stuff knew what they were doing it was a very small community you could trust everyone you could call somebody up at another site and say hey we got to troubleshoot this and it was fine there was really there was really only one kind of political agenda and I'm sorry about that but the U.S kind of said it there wasn't any spam that didn't come around until the mid 80s I remember the very first spam it was a U.S green Card spam we were already really ticked off about it this was on Usenet and there was no cyber crime so it was a much much simpler time and today we know that's not going to work anymore because we have to deal with stupidity and Malice malice meaning people doing bad things on purpose and a lot of people since Tech has become democratized anybody can stand up a server anywhere and do anything and it can easily break a bunch of other things I remember when I actually uh broke about 18 servers on the arpanet who that were using send mail because I put unbalanced parentheses in my name variable on my email and it just went and broke a whole bunch of stuff that is still happening now I'm not not for me but you know I'm trying to behave now but anybody can do this now and there are all sorts of geopolitical agendas managing and setting policy for different parts of the internet um you know let's think of what happened this last weekend with Russia with the the coup that could have been an email was that short um and of course everybody's abusing common functionality for different things for conflict bullying piling on for getting attention making money stealing money and just basically [ __ ] around and finding out sorry about my my Texan accent here um saying saying these bad words but remember the Morris worm we called him rtfm Robert Tappan [ __ ] Morris when that worm got out so we have to deal with a whole bunch of other things now now the interesting thing that I've noticed over the decades is that from an operational point of view we have been starting with centralized infrastructure and then sweeping to distributed remember when everything was a Mainframe everything was centralized and then we brought things into a distributed ERA with distributed computing client server uh networked disks things like that then we would start centralizing things again and we would find that the problem there's an upside and a downside to each of these swings when it's centralized it's more manageable but at the same time it's less available because it's a single point of failure you can take something out you want to see why do you want to see my face why my pretty eyes ma'am that was great did you hear that go say that to somebody else that you like pretty eyes ma'am I appreciate that um so yeah but if it's decentralized it's less manageable but on the on the upside you're going for availability so we've been swinging up and down up and down all of these years and there are effects on the governance too so how you me how you how you manage these things if you are centralized your risk as a user of the centralized service goes up because a centralized entity is thinking about their risk they're not thinking about your risk on the other hand if it's decentralized you can manage your own risk because you have your own instance your own server whatever on the downside or on the upside rather with centralized you only have one place to go if you want to complain about something if you need something if you're having a conflict and you need somebody to to resolve it for you if it's centralized that's easier if it's decentralized you have to negotiate with a lot of other people you have to either try to get consensus which by the way is what's wrong with blockchain but we won't even go there blockchain is fine until you need to resolve a disagreement and then you know you consensus is really hard if you if you believe consensus is easy get five of your friends and try to decide where to go eat tonight you're never going to figure that out um so negotiations go up when it's decentralized and this is so I'm thinking about all these swings as I'm thinking about do we tame the Wild Wild web do we try to keep it wild how do we govern it and you may be thinking right now why why am I hearing about this why you know I'm just a hacker I don't care about this policy stuff but the thing is you whatever we make up together whatever we decide whatever you go out and advocate for is what we're going to have to live with so that's why I'm talking with you about it so I ended up thinking is there a middle ground and you know of course to quote you know here's your first Meme here we go why not both can we find something in the middle between centralized and decentralized that would be a good working model for governance for the internet we have today not what we want it to be oh there are two more shots can can I have these no I'm kidding I already had my I already had my shot backstage but um why not both because anytime we get a binary situation especially in Tech I always want to I always want to bust it I want to smash the binary I want to think about there's got to be a different a third way so who knows what f word I'm going to say next anybody guess somebody's playing with my screen here we go Federation can we Federate can we find a way to do this now the definition of Federated I had to go pull something from a dictionary because that's what you do when you give a keynote you got to give definitions um a Federated body formed by a number of nations States societies unions each retaining control of its own Internal Affairs and if you think about how we're operating the internet today and where the tension points are where different countries want to do different things with their part of the internet this is where we are today something like the Confederation in Switzerland confederacio helvetica did you know that that's what CH stands for for Switzerland it's a confederation so that's government how do we do this in Tech in Tech we kind of treat it as okay you're going to set up something for me and you're going to hand it to me and I'm just going to accept it like when you log into another site with your Facebook login they're basically saying to Facebook okay send me your user we're just going to accept them if you say they're okay that's fine with us does that ever really work does that kind of work it kind of works and it kind of doesn't work Federation is usually talked about in the context of identity so let me give you an example of why Federation is not binary you can't just say yeah I'll take whatever you give me um again because stupidity and Malice but also other reasons so when I was CSO of the Texas Education Agency in Texas state government we had about 1300 school districts I don't know how many school districts you have here in Israel but it's probably fewer than that we had 1300 and we had to allow people from each district to log into our applications and access student data that we were responsible for so we said okay for every superintendent every head of every District if you say this person works for you you can set up an account and we'll say okay but we're not just going to let them start having access to anything we still have to check for different reasons so if District B wants to get access to an application in a particular role that has access to particular data we would still have to approve it because legally we were required to vet any access to that data because we were responsible for protecting student data of something like 9 million Texas students and they might also do it on behalf of a different organization maybe on behalf of their own District where the superintendent said yes they work for me or on behalf of another District where they had a legal agreement that said that people in this District could do things on behalf of the original district and we'd have to check that too do you have an mou that says that this person can do this on behalf of a different District so we had to check all of those things so this explains why Federation is almost never completely binary it's never completely on where you will just take anything there are parts that you're going to reserve for yourself and that's where this comes in now does this sound familiar to you to anybody I bet you you don't know what I'm going to say next this is the exciting part because I don't know what I'm going to say next either no here we go zero trust does this surprise you at all that that this is like zero trust most people think of oh I don't trust you at all you know you you can't get access until you jump through all these hoops and everything that's one way of thinking about it but the other way of thinking about it is do whatever you want with your own endpoint with your own phone but if you want to access our resources you have to meet our security requirements and we're going to check you know upon login we're going to check with every session to make sure you're still meeting our requirements but the rest of the time we don't care that's a little bit more like Federation like we're gonna we're gonna check the things that we care about as stewards of these particular resources and the rest of the time you bring what you want so it's kind of like being at the airport which is where I'm going tonight if you want to get on the plane you have to meet the requirements they don't know what I've well they probably do know what I've done this this kind of public isn't it but you know they don't know what I've done here in Israel but what matters is whether I meet the requirements that they have at the point of entry onto the plane and they have the right at any time to say nope you're not you're not doing this so there are two aspects of this that I want you to think about there's the issue of risk what do you have at stake if something goes wrong in anything that has to do with security and then recourse who do you have recourse to where do you go to complain or to get a conflict resolved and those are the two issues that we're going to think about here's another example besides identity here's the fediverse I know Karen just mentioned Mastodon and things like that I don't know if people here are using it I'm on Mastodon here's my username my username is Wendy nathur and infosec.exchanges the server that I am that I'm registered with but all of these different servers share content and the important thing is that it doesn't really matter which instance I'm on if you're on a different instance and you want to follow me you can so you will see all of the things that I post in my feed it's like if you took Twitter and just kind of blew it up you know into little fiefdoms and everything and everybody agreed for the most part that they were going to share content and spread it around so there are some servers that serve up imagery that serve up video that serve up all sorts of things so here's the deal there are when you have that kind of decentralization when you have that kind of federation you can have interactions that can affect everybody else here's a post from somebody who described how two admins of two servers had a disagreement they de-federated which means they broke all of their connections and then they made up and they re-federated but in the meantime they broke all their follows for all of the users of those two servers since they were disconnected and they may not even have known because this was kind of fast they may not even have known why their followers and their follows disappeared so this sort of thing can happen and it's an example of shared risk in that everybody can be affected by this but very complex recourse you'd have to know exactly who defederated from whom where it broke you'd have to go to them and say come on guys can you make up now you know you just broke everything so this is this is kind of a tricky part in Federation that we have to think about another one a big a big conflict right now is whether to allow Facebook to Federate with the fediverse there are a lot of people who say no we don't want those janky algorithms we don't you know we don't trust Facebook we don't want we think they're going to try to take over and there are others that say no you know we can always block them later so here's the discussion about whether they should let whether the fediverse should let Facebook Federate with them and how they can protect the users of the fediverse from the things that they don't want to get from Facebook and so this this gentleman here Eric came out with a really long thread I can't post it here but if you want to read about it you can some really good examples of how you could come up with a governing model that would protect you and your shared risk against you know something that you may want to allow for certain reasons but want to but you know you want to restrict other things so here are the things that we do security too it's not just identity it's not just content it's not just social media all of these different things potentially are areas that you can make Federated decisions or Federated policies about like I'm going to take care of this part you're responsible for this part I get to make these rules if I don't like this I get to disconnect from you if we don't like this we get to throw you out um any of these could potentially be governed by a type of Federation so this is what I'm thinking about now and I'd like you to help think with me which of these things insecurity could be common or centralized or should be and what should be retained by the members by the Federated ones who are responsible for their own parts of the internet which part should we centralize and what what should we not so here are a few ideas and I'm just kind of doing these as categories not being very specific but areas of asymmetric risk where I stand more to lose than you do I think I should keep the control that helps me mitigate that risk because I have more risk than you do when I talk to Bankers one of the things that they're concerned about with third parties is that yes you can offer US service credits if we do something wrong but the bankers say they don't have as much skin in the game as we do so therefore you know we don't care if they give us service credits that doesn't help us so that area should probably be retained any area of legal responsibility like I talked about in state government where we're required by law to protect something we cannot give that responsibility away we can't give it to a third party so we have to retain it exception management if I don't like something that you're doing and I want an exception to how you're doing it that I'm going to have to manage that exception myself and areas of asymmetric cost where I put a lot more money into some part of the infrastructure than you do I think I should have more control over it now I can see problems with these things already you probably can too but this is where it gets fun what should be centralized on the other hand areas of shared risk so where it's going to mess things up for all of us if if somebody breaks something or areas where we need reliable recourse if we're going to have conflicts and we need someone to adjudicate someone