Home / Blogs

Weaponizing the Internet Using the “End-to-end Principle” Myth

At the outset of the Internet Engineering Task Force (IETF) 100th meeting, a decidedly non-technical initial “Guide for human rights protocol considerations” was just published. Although the IETF has always remained true to its DARPA origins as a tool for developing disruptive new technical ideas, it launches into bizarre territory when dealing with non-technical matters. The rather self-referential draft Guide asserts research containing 19 different proposed “guidelines” based on work of a small group of people over the past two years known as the Human Rights Protocol Considerations Research Group (HRPC). The preponderance of the work and postings were those of the chair, and 2/3 of all the posts were from only five people. Whatever one might think about the initiative, it is a well-intentioned attempt by activists in several human rights arenas to articulate their interests and needs based on their conceptualisation of “the internet.”

At the outset of the guidelines is a clause dubbed “connectivity” that consists of an implementation of the internet “end-to-end principle.” Connectivity is explained as

the end-to-end principle [which] [Saltzer] holds that ‘the intelligence is end to end rather than hidden in the network’ [RFC1958]. The end-to-end principle is important for the robustness of the network and innovation. Such robustness of the network is crucial to enabling human rights like freedom of expression. [Amusingly, the first citation is not freely available and requires $15 to view]

There are several ironies here. The Saltzer article was written in 1984 shortly after DARPA had adopted TCP and IP for use on its own highly controlled packet networks. RFC1958 was written in 1996 shortly after the DARPA Internet became widely used for NREN (National Research and Educational Network) purposes and still largely controlled by U.S. government agencies for deployments in the U.S. and its international scientific research partners. Already, the DARPA Director who had originally authorized DARPA internet development in the 1970, had become significantly concerned about it becoming part of a public infrastructure and weaponized. The concern was turned into action as CRISP (Consortium for Research on Information Security and Policy) at Stanford University. The CRISP team described in considerable detail how the DARPA internet in a global public environment was certain to be used to orchestrate all manner of network-based attacks by State and non-State actors on public infrastructures, end-users, and trust systems.

Twenty years later, it is incredulous that decades-old technical papers prepared for closed or tightly managed U.S. government networks are being cited as global public connectivity mantras for human right purposes—after the predicted profoundly adverse CRISP exploits have been massively manifested. Never mind that the notion is also founded on a kind of chaotic utopian dream where running code somehow provides for unfettered communication and information capabilities for every human and object on the planet rather than business, legal, and economic systems.

To the extent that global internetworking capabilities have actually come into existence, it has occurred first and foremost by commercial mobile providers and vendors using their own internet protocols, combined with the telecommunication, commercial internet, and cable providers and vendors worldwide.

The “end-to-end principle” which has never really existed except as some kind of alt-truth political slogan, is plainly a recipe for disaster on multiple levels. It is disastrous because the complexities and vulnerabilities of our networking infrastructure today results in a highly asymmetric threat environment. Those possessing the massive resources and incentives to pursue those threats and “innovate,” will always far exceed the ability of individual end-users to protect themselves—whether it is the Federal Security Service of the Russian Federation or a neo-Nazi organization bringing about regime change in the West, or criminal organizations engaging in widespread cybercrime, or an ISIS trolling for recruits, or a malicious hacker dispersing malware.

To the credit of the Guide authors, they do recognize that “Middleboxes ... serve many legitimate purpose.” However, what the human rights activists get wrong is that there is no end-to-end free ride. There are shared ownerships, service and regulatory obligations, and other fundamentally important requirements along all the transport facilities and cloud data centres that comprise the entire end-to-end path. It is also the “node intelligence” in those paths that is going to protect end-users from attacks and exploitations—and that is a human right as well.

So, if the activists really want to help end-users, they need to support the widespread industry efforts today across multiple bodies with solutions to manage the challenges. Simply promulgating myths about end-to-end connectivity simply furthers internet weaponization that defeats their own altruistic human rights objectives.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By Anthony Rutkowski, Principal, Netmagic Associates LLC

The author is a leader in many international cybersecurity bodies developing global standards and legal norms over many years.

Visit Page

Filed Under

Comments

Is it not also a human right Scott Cadzow  –  Nov 13, 2017 8:16 AM

Is it not also a human right to be protected by authorities from malicious content?

hinges on definition and context Anthony Rutkowski  –  Nov 13, 2017 12:23 PM

Malware code content is easy. Protecting consumers from fraud is easy. Other content is less so. Turning abstruse societal norms into technical admonitions seems inherently perilous, as is the converse.

Not suggesting a technical solution is the way forward Scott Cadzow  –  Nov 13, 2017 2:35 PM

we cannot rely on technology to correct society's faults. The end-to-end model without any oversight is problematic in a flawed society (which we live in) and a model in which unfettered access is given to everything is similarly problematic in a society with flawed governance (which we also live in). We can't enshrine society's mores in technology as the technologists end up writing those mores. If we accept it's a flawed world then maybe we can work on what my co-worker calls the socio-technical environment will begin to shine and we work as a social and technically enabled society.

Ignorance The Famous Brett Watson  –  Nov 13, 2017 8:17 AM

The “end-to-end principle” which has never really existed except as some kind of alt-truth political slogan, is plainly a recipe for disaster on multiple levels.

Good grief. You are snubbing Saltzer, Reed, and Clark’s End-to-End Arguments in System Design? I’m speechless. At least, I’m pretty sure there’s nothing I could add which falls within this site’s code of conduct, and anyone who is already familiar with the paper has probably reached the same conclusion I have.

-1000 respect points for you, Luddite.

actually, an apostate Anthony Rutkowski  –  Nov 13, 2017 11:50 AM

No snub. Just noting the context of the papers and counsel at turning them into legal or religious mantras for all time.

An equal and opposite ideologue, more like. The Famous Brett Watson  –  Nov 13, 2017 4:06 PM

If you want to explain how those you criticise have failed to properly apply the lessons of Saltzer, then by all means do so. Goodness knows the "end-to-end principle" gets parroted inappropriately often enough. What you've given us here, however, is nothing but cheap, negative rhetoric, including jabs at the age of the paper. If that was "no snub", your snubs must be really something. I'm not buying it. This is just soap-boxing for your particular ideology.

Relevant to the DARPA ARNET in early 1980s Anthony Rutkowski  –  Nov 13, 2017 4:59 PM

Ref. END-TO-END ARGUMENTS IN SYSTEM DESIGN. As the paper notes, it was prepared in the 1980s to deal with designs of distributed systems - especially the ARPANET which had just begun using TCP/IP at the time pursuant to the 23 Mar 1982 SECDEF memorandum on DOD Policy on Standardization of Host-to-Host Protocols for Data Communication Networks. Ironically, the paper makes an argument for ARPANET security and trusted key management. The paper's conclusion was sage for the day.

It is fashionable these days to talk about "layered" communication protocols, but without clearly defined criteria for assigning functions to layers. Such layerings are desirable to enhance modularity. End-to-end arguments may be viewed as part of a set of rational principles for organizing such layered systems. We hope that our discussion will help to add substance to arguments about the "proper" layering.
Feel free to perform an exorcism. Also, reference comments of Cadzow, above.

>Feel free to perform an exorcism. OK:"The Charles Christopher  –  Nov 13, 2017 6:17 PM

>Feel free to perform an exorcism. OK: "The function in question can completely and correctly be implemented only with the knowledge and help of the application standing at the end points of the communication system." And since that function is known as the third party, which had no contractual or ethical need to describe my "function" before purchasing their service, that service provider is incapable of including it into their system as part of the offered service. That was in fact the intention of the relationship from the beginning. Or put more simply, when I pay my gas tax paid for road maintenance there was no need or requirement for me to state the vehicle I was driving at the gas pump, or more specifically the brand and model of tire which I use to "interface" with that "service". The "service provider" provided as generic as service as possible for the anticipated needs. As the customer needs change so to does the service, example being increasing traffic on gravel roads then requiring that road to be paved. Back to cause and effect, the device provider changes based on my needs not theirs. The service provider may attempt to anticipate my needs and offer alternatives (for example public transit), but so long as I have free will choice not to choose their offering they will never be able to precisely duplicate what I want into their system. Its the implied "ownership" of the endpoint interface and endpoint user that is the issue. And if control is taken of that piece then there is no other word than "enslaved" to describe that relationship. Or to be more politically correct, innovation denies moving the "function" from the endpoints, unless the desire is an end to innovation.

Great suggestion for ARPANET in 1982 Anthony Rutkowski  –  Nov 13, 2017 6:48 PM

Today the proposition is rather problematic and subject to many constraints and caveats. The FSB loves those kinds of innovation opportunities today. :-) It is clear from searches of patents, R&D;, standards activities, or any other metric, that one of the most significant network innovation sectors today is the design and innovation middleboxes - especially virtually as a cloud service.

There is money in enslaving others. Always Charles Christopher  –  Nov 13, 2017 7:27 PM

There is money in enslaving others. Always has been, always will be. So long as I can maneuver you into paying for my instantiation or your desired function, I win as you lose some more of your money to me ... One way or another. But that is not an issue of right and wrong, moral, values, or ethics, that is a game of predator and prey. Predation is what it is, and I will respond by fighting back as well as making changes that can't easily be responded to. The real question then becomes, is that way we each want to waste our lives doing? Like a registrar auctioning off a registrants domain name? I saw that coming long ago. So I became a registrar ... The law of unintended consequences, and wasted lives ......

Weaponization? Will Russell  –  Nov 13, 2017 11:14 AM

How does the end-to-end principle weaponize the Internet exactly?

It is disastrous because the complexities and vulnerabilities of our networking infrastructure today results in a highly asymmetric threat environment.

I fail to see how putting a MITM into a protocol results in fewer vulnerabilities.
This appears to be yet another baseless attack on end-to-end encryption.

patient Anthony Rutkowski  –  Nov 13, 2017 12:03 PM

See https://www.ietf.org/mail-archive/web/patient/current/maillist.html at

See also Mr. Google (middlebox + security)
or Google Scholar (middlebox + security)
or Google Patents (middlebox + security)

>Never mind that the notion is also Charles Christopher  –  Nov 13, 2017 3:35 PM

>Never mind that the notion is also founded on a kind of chaotic utopian dream where
>running code somehow provides for unfettered communication and information
>capabilities for every human and object on the planet

If we have the right to walk out into a field by ourselves, and have a private conversation with each other while we are not carrying any electronic devices, then we have the right to talk using unbreakable encryption sitting in our homes. A private conversation does not become public just because electronics carried it between us. The right to privacy has always existed or it has not, and certainly if it has existed then manifestation of electronics on the surface of the earth did not change the fabric of existence to remove that right to privacy. And there is an example that rights/truth are independent of time and the opinions of man, they are of something else. We reject that at our peril, and the peril of our children, grandchildren, and beyond.

>rather than business, legal, and economic systems.

That is all there is?

So I have no right to send a private message to my girl telling her every detail of my desire to make love to her on a secluded beach, and keep that message private between us?

>To the extent that global internetworking capabilities have actually come into existence,
>it has occurred first and foremost by commercial mobile providers and vendors using
>their own internet protocols, combined with the telecommunication, commercial internet,
>and cable providers and vendors worldwide.

Do these companies serve the customers who paid their bills which then allowed those companies to develop that infrastructure?

Or do those paying customers serve, and are enslaved to, those companies?

Your statement seems to have cause and effect backwards. Your comments remind me of this pernicious modern idea of “Collective Moral Responsibility”.

When I took ethics class in university this is what I was taught:

Morals and values are defined by an individual, Ethics are defined by a group (aka “collective”).

By definition, government can never define morals. There always has been, and always will be, evil in the world. The key here is that I NEVER allow evil people to define good people, doing that is an act of sorcery. Sadly it is a trap too many are falling into today because government power comes from fear. To government, fear is a powerful tool used to pay for salary raises and retirement benefits. It feeds the monster. Therefor using evil to define society has great financial benefit for those holding offices able to make these decrees, regulations, and man’s laws.

The reason the US founders protected minority views was this very reason, to acknowledge that two wolves and a sheep don’t get to vote on what is for dinner. To those who continue to think the US is a “democracy” and that democracy is so great, please recite the US pledge of allegiance. No where in the pledge is the word “democracy”, but there is another word ….. And that word refers to the opposite of collectivism, it refers to the group NOT defining the individual and how critical that is to the preservation of truth, rights, and freedom.

“Within the next generation I believe that the world’s rulers will discover that infant conditioning and narcohypnosis are more efficient, as instruments of government, than clubs and prisons, and that the lust for power can be just as completely satisfied by suggesting people into loving their servitude as by flogging and kicking them into obedience.”
- Aldus Huxley to George Orwell, October 1949

“The power to control language offers far better prizes than taking away people’s provinces or lands or grinding them down in exploitation. The empires of the future are the empires of the mind”.
- Winston Churchill, UK Prime Minister 1940 to 1945, said at Harvard University on Monday 6 September 1943

Always be on guard regarding the redefining and twisting of words and meanings ....

"In the end, they wanted security more Charles Christopher  –  Nov 13, 2017 4:23 PM

"In the end, they wanted security more than they wanted freedom." - Edward Gibbon (1737 - 1794) English Historian and Author of The History of the Decline and Fall of the Roman Empire "The secret of Happiness is Freedom, and the secret of Freedom, Courage." - Thucydides (460 BC - 395 BC), Greek Historian 2500 years of history. "Nothing new, under the sun." - Solomon

Anthony,Lets try a view from 30,000 feet, Charles Christopher  –  Nov 13, 2017 6:46 PM

Anthony,

Lets try a view from 30,000 feet, lets return for a moment to the post that originally caused us to email each other directly:

http://www.circleid.com/posts/20170326_a_case_to_further_dns_registrar_industry_self_regulation/

So here we have a domain name registrar that took the very position you are now arguing for, but were against in the link above. That being “the network” taking ownership of “the end point function” (aka domain name). That did not work out very well did it?

Or should I say it worked out great for “the network” as the registrar received registration and renewal fees and then a successful auction fee. But for the “end point”, the original registrant, things did not work out so well.

What frustrates me most here is not these discussions related to the internet, its that such discussions are happening throughout most of society and culture. That it not what we are responsible for handing future generations. Enslaving ourselves to others.

So be careful what you wish for.

Your Friend,

Charles


Sam Lowry: Excuse me, Dawson, can you put me through to Mr. Helpmann’s office?

Dawson: I’m afraid I can’t sir. You have to go through the proper channels.

Sam Lowry: And you can’t tell me what the proper channels are, because that’s classified information?

Dawson: I’m glad to see the Ministry’s continuing its tradition of recruiting the brightest and best, sir.

Sam Lowry: Thank you, Dawson.

http://www.zerohedge.com/news/2017-12-03/german-government-drafts-orwellian-nightmare-plan-spy-all-d Charles Christopher  –  Dec 4, 2017 3:15 PM

http://www.zerohedge.com/news/2017-12-03/german-government-drafts-orwellian-nightmare-plan-spy-all-digital-devices

“Thomas de Maizière, Germany’s interior minister, wants to create secret backdoor access to computers, phones and even Volkswagens - a plan that critics are slamming as an “Orwellian nightmare”. Maiziere plans to argue in favor of what he’s calling “the legal duty for third parties to allow for secret surveillance” during an interior ministry conference in Leipzig next week. De Maizière’s proposal would “dramatically extend” the state’s powers to spy on its citizens, according to the RedaktionsNetzwerk Deutschland (RND) report.”

“If signed into law, de Maiziere’s proposal would allow German security services to spy on any device connected to the internet. Tech companies would be compelled to provide the state with backdoor access to most digital consumer devices, including private tablets, computers and even televisions and cars.”

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

DNS

Sponsored byDNIB.com

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign