CACM: February 2015 What to Do About Our Broken Cyberspace Cyberspace has become an instrument of universal mass surveillance and intrusion threatening everyone’s creativity and freedom of expression. Intelligence services of the most powerful countries gobble up most of the world’s long-distance communications traffic and are able to hack into almost any cellphone, personal computer, and data center to seize information. Preparations are escalating for preemptive cyberwar because a massive attack could instantly shut down almost everything.1 Failure to secure endpoints—cellphones, computers, data centers—and securely encrypt communications end-to-end has turned cyberspace into an active war zone with sporadic attacks. Methods I describe here can, however, reduce the danger of preemptive cyberwar and make mass seizure of the content of citizens’ private information practically infeasible, even for the most technically sophisticated intelligence agencies. Authentication businesses, incorporated in different countries, could publish independent directories of public keys that can then be crossreferenced with other personal and corporate directories. Moreover, hardware that can be verified by independent parties as operating according to formal specifications has been developed that can make mass break-ins using operating system vulnerabilities practically infeasible.2 Security can be further enhanced through interactive biometrics (instead of passwords) for continuous authentication and through interactive incremental revelation of information so large amounts of it cannot be stolen in one go. The result would be strong, publicly evaluated cryptography embedded in independently verified hardware endpoints to produce systems that are dramatically more secure than current ones. FBI Director James Comey has proposed compelling U.S. companies to install backdoors in every cellphone and personal computer, as well as in other network-enabled products and services, so the U.S. government can (with authorization of U.S. courts) hack in undetected. This proposal would actually increase the danger of cyberwar and decrease the competitiveness of almost all U.S. industry due to the emerging Internet of Things, which will soon include almost everything, thus enabling mass surveillance of citizens’ private information. Comey’s proposal has already increased mistrust by foreign governments and citizens alike, with the result that future exports of U.S. companies will have to be certified by corporate officers and verified by independent third parties not to have backdoors available to the U.S. government. Following some inevitable next major terror attack, the U.S. government will likely be granted bulk access to all private information in data centers of U.S. companies. Consequently, creating a more decentralized cyberspace is fundamental to preserving creativity and freedom of expression worldwide. Statistical procedures running in data centers are used to try to find correlations in vast amounts of inconsistent information. An alternative method that can be used on citizens’ cellphones and personal computers has been developed to robustly process inconsistent information2 thereby facilitating new business implementations that are more decentralized—and much more secure. Carl Hewitt, Palo Alto, CA References 1. Harris, S. @War: The Rise of the Military-Internet Complex. Eamon Dolan/Houghton Mifflin Harcourt. Boston, MA, 2014. 2. Hewitt, C. and Woods, J., assisted by Spurr, J., Editors. Inconsistency Robustness. College Publications. London, U.K., 2014.