Homeland Insecurity

A top expert says America's approach to protecting itself will only make matters worse. Forget "foolproof" technology—we need systems designed to fail smartly

As the crypto aficionados had envisioned, software companies inserted crypto into their products. On the "Tools" menu in Microsoft Outlook, for example, "encrypt" is an option. And encryption became big business, as part of the infrastructure for e-commerce—it is the little padlock that appears in the corner of Net surfers' browsers when they buy books at Amazon.com, signifying that credit-card numbers are being enciphered. But encryption is rarely used by the citizenry it was supposed to protect and empower. Cryptophiles, Schneier among them, had been so enraptured by the possibilities of uncrackable ciphers that they forgot they were living in a world in which people can't program VCRs. Inescapably, an encrypted message is harder to send than an unencrypted one, if only because of the effort involved in using all the extra software. So few people use encryption software that most companies have stopped selling it to individuals.

The Worm in the Machine

Buffer overflows (sometimes called stack smashing) are the most common form of security vulnerability in the last ten years. They're also the easiest to exploit; more attacks are the result of buffer overflows than any other problem ... Computers store everything, programs and data, in memory. If the computer asks a user for an 8-character password and receives a 200-character password, those extra characters may overwrite some other area in memory. (They're not supposed to—that's the bug.) If it is just the right area of memory, and we overwrite it with just the right characters, we can change a "deny connection" instruction to an "allow access" command or even get our own code executed. The Morris worm is probably the most famous overflow-bug exploit. It exploited a buffer overflow in the UNIX fingerd program. It's supposed to be a benign program, returning the identity of a user to whomever asks. This program accepted as input a variable that is supposed to contain the identity of the user. Unfortunately, the fingerd program never limited the size of the input. Input larger than 512 bytes overflowed the buffer, and Morris wrote a specific large input that allowed his rogue program to [install and run] itself ... Over 6,000 servers crashed as a result; at the time [in 1988] that was about 10 percent of the Internet. Skilled programming can prevent this kind of attack. The program can truncate the password at 8 characters, so those extra 192 characters never get written into memory anywhere ... The problem is that with any piece of modern, large, complex code, there are just too many places where buffer overflows are possible ... It's very difficult to guarantee that there are no overflow problems, even if you take the time to check. The larger and more complex the code is, the more likely the attack. Windows 2000 has somewhere between 35 and 60 million lines of code, and no one outside the programming team has ever seen them. —Bruce Schneier, Secrets and Lies: Digital Security in a Networked World (2000)

Among the few who do use crypto are human-rights activists living under dictatorships. But, just as the FBI feared, terrorists, child pornographers, and the Mafia use it too. Yet crypto has not protected any of them. As an example, Schneier points to the case of Nicodemo Scarfo, who the FBI believed was being groomed to take over a gambling operation in New Jersey. Agents surreptitiously searched his office in 1999 and discovered that he was that rarity, a gangster nerd. On his computer was the long-awaited nightmare for law enforcement: a crucial document scrambled by strong encryption software. Rather than sit by, the FBI installed a "keystroke logger" on Scarfo's machine. The logger recorded the decrypting key—or, more precisely, the passphrase Scarfo used to generate that key—as he typed it in, and gained access to his incriminating files. Scarfo pleaded guilty to charges of running an illegal gambling business on February 28 of this year.

Schneier was not surprised by this demonstration of the impotence of cryptography. Just after the Crypto Wars ended, he had begun writing a follow-up to Applied Cryptography. But this time Schneier, a fluent writer, was blocked—he couldn't make himself extol strong crypto as a security panacea. As Schneier put it in Secrets and Lies, the very different book he eventually did write, he had been portraying cryptography—in his speeches, in his congressional testimony, in Applied Cryptography—as "a kind of magic security dust that [people] could sprinkle over their software and make it secure." It was not. Nothing could be. Humiliatingly, Schneier discovered that, as a friend wrote him, "the world was full of bad security systems designed by people who read Applied Cryptography."

In retrospect he says, "Crypto solved the wrong problem." Ciphers scramble messages and documents, preventing them from being read while, say, they are transmitted on the Internet. But the strongest crypto is gossamer protection if malevolent people have access to the computers on the other end. Encrypting transactions on the Internet, the Purdue computer scientist Eugene Spafford has remarked, "is the equivalent of arranging an armored car to deliver credit-card information from someone living in a cardboard box to someone living on a park bench."

To effectively seize control of Scarfo's computer, FBI agents had to break into his office and physically alter his machine. Such black-bag jobs are ever less necessary, because the rise of networks and the Internet means that computers can be controlled remotely, without their operators' knowledge. Huge computer databases may be useful, but they also become tempting targets for criminals and terrorists. So do home computers, even if they are connected only intermittently to the Web. Hackers look for vulnerable machines, using software that scans thousands of Net connections at once. This vulnerability, Schneier came to think, is the real security issue.

With this realization he closed Counterpane Systems, his five-person crypto-consulting company in Chicago, in 1999. He revamped it and reopened immediately in Silicon Valley with a new name, Counterpane Internet Security, and a new idea—one that relied on old-fashioned methods. Counterpane would still keep data secret. But the lessons of the Crypto Wars had given Schneier a different vision of how to do that—a vision that has considerable relevance for a nation attempting to prevent terrorist crimes.

Presented by

Charles C. Mann, an Atlantic correspondent, has written for the magazine since 1984. He is at work on a book based on his March 2002 Atlantic cover story, "1491".

Join the Discussion

After you comment, click Post. If you’re not already logged in you will be asked to log in or register with Disqus.

Please note that The Atlantic's account system is separate from our commenting system. To log in or register with The Atlantic, use the Sign In button at the top of every page.

blog comments powered by Disqus


Cryotherapy's Dubious Appeal

James Hamblin tries a questionable medical treatment.


Confessions of Moms Around the World

In Europe, mothers get maternity leave, discounted daycare, and flexible working hours.


How Do Trees Know When It's Spring?

The science behind beautiful seasonal blooming

More in Technology

More back issues, Sept 1995 to present.

Just In