[Dshield] DHS wants to silence reporting of network outages -- DSHIELD next?

Ed Truitt ed.truitt at etee2k.net
Fri Jun 25 02:51:00 GMT 2004

I decided to just put my remarks inline with Jon's. 

My point:  While I will weigh in on the side of not suppressing 
knowledge, I do think the DHS has a point -- there are times when full 
disclosure is *not* advisable -- for example, when the police withold 
certain information about a crime from the public, as a means of testign 
the veracity of someone who might wish to confess.  No way the DHS is 
going to keep a lid on every aspect of an Internet service outage, as 
there are plenty of folks who test the "state of the Internet".  But, do 
we *really* need to know all the details about why AOL or InterNAP went 
down?  Is not the fact that we had a delay, and were able / not able to 
work around it, enough?  According to the report, the details weren't 
being suppressed -- they were just being routed to those who could make 
best use of the information.  DHS or no DHS, if my ISP has an outage, 
I'll know about it.

Jon R. Kibler wrote:

>What is next in our government's continuing expansion of paranoia? 
A pre-emptive strike against Martian terrorists (the new "red scare")?

>  - Will they next try to silence dshield.org and incidents.org's reporting of port scans because it may give terrorists some idea if their scans are being detected? 
Probably not, though they might wish that the data were not made 
public.  However, similar data is already available from commercial 
sources -- and AQ seems to have enough money they could afford to 
subscribe to the commercial services.  So, I suspect they will ban 
queues to the loo on commercial airlines first... oops, done that.

Of course, if they do try it, then Johannes could always relocate 
dshield.org, and host it on some island in the Bahamas.  In which case, 
Johannes, I want to volunteer for server maintenance duty -- expenses 
paid, of course ;-)

>  - How about suppressing discussions of security problems on BugTraq, DShield, SANS, SecurityFocus, and other forums because it may give terrorists ideas on what exploits work best?
If I recall, some vendors have been pushing a "responsible disclosure" 
model, under the assumption that it would deny information on vulns and 
exploits to the "bad guys".  Same paradigm applies here.  I don't think 
any attempts to suppress such discussion would be effective over the 
long haul, however -- people (including people in Big Influential 
Organizations) need this information to help protect themselves.

>Where will it end? 
The good news:  It probably won't.  The bad news:  it probably won't.

>It really sickens me how our civil liberties are being eroded day by day under the guise of "national security." I would rather be a lot less secure and much more free!
Not just "National" security -- and not just in the USA, either.  The 
"authorities", whereever they may be, are tasked with ensuring security, 
which is best accomplished when they have complete control of the 
situation / environment.  That is why they have certain procedures -- to 
assert the fact that they are in control.  Also, they have a need to *do 
something* -- anything -- and this tends to lead to some pretty funny 
(bizarre) ideas.  We know (or at least some of us suspect) that 
suppressing knowledge won't make the world (whether in meatspace or 
cyberspace) a more secure place, though it will make the authorities 
feel better about themselves.  Despite the best efforts of the "control 
freaks", the WWW is still a pretty free place, speech-wise.

>Maybe we should all have a Fahrenheit 9/11 party?
It should probably be a "Celsius 911" party, to protect Ray Bradbury's 
Intellecutal Property rights.  And, it should consist of everyone 
submitting logs to DShield every 30 minutes, to see if we can bring down 
Johannes' shiny new server.  Remember, he asked for it ;-)

Of course, if we want to do something *constructive* (other than trying 
to DoS dshield.org by submitting lots of logs), maybe we could teach a 
course / hold a seminar in PC Security at our local Continuing Education 
Center, or write an op-ed piece for the local newspaper, or do something 
to get our point of view (in a non-political way might be best) in front 
of the public.  After all, those authorities do tend to listen (some 
more than others) to their constituents.

Ed Truitt
PGP fingerprint:  5368 D25E 468C A250 9833  CCD6 DBAE 9C25 02F9 0AB9

"Note to spammers:  my 'delete' key is connected to YOUR ISP.
 Also, if you send me UCE, I reserve the right to post your spew
on my Web site, with the appropriate color commentary, so that
others may have a good laugh at your expense."

More information about the list mailing list