At the time the U.S. wiretap laws were passed, real-time access to transactional information of who was talking to whom and when was not easy to acquire. Modern switching technology introduced in the 1980s changed that, and police hungrily pursued the investigative possibilities. Because transactional data—phone number, time of call—are analogous to the information on the outside of a letter, access requires only a subpoena, which is much easier to obtain than a wiretap warrant. Whom you talk to and when may be less intimate than the transcripts of your conversations but can reveal a great deal about you. When your spouse calls you from the office in the late afternoon, do you frequently respond by calling a certain number? Perhaps when you learn your spouse is working late, you let someone else know you are free.
In a cellphone world people are constantly at their telephones. Not only do they make more calls, but they also reveal more information: times and numbers are joined by location in the transactional record. In an Internet world, each connection to a Web site is a transaction. Even though a query string is not transactional data, the sites visited after the search engine frequently make the character of the query clear.
Curiously, the greatest threat to privacy may not be snooping on people but snooping on things. We are moving from a world with a billion people connected to the Internet to one in which 10 or 100 times that many devices will be connected as well. These range from the much-discussed smart refrigerator that knows when it is time to order more milk to RFID (radio-frequency identification) tags in products that enable the tracking of where the goods are located before, and perhaps after, retail sale. Particularly in aggregation, the information reported by these devices will blanket the world with a network whose gaze is difficult to evade. The future of privacy will depend on a combination of legal and technical measures by which device-to-device communications are protected.
It is not just privacy that is at risk under the new regime, it is security as well. National security is much broader than
simply enabling intelligence and law-enforcement investigations. Although undertaken in the name of national security, building wiretapping into our telecommunications system may be a greater threat to that security than the spies and terrorists against whom it is aimed.
First and foremost, information security means protecting public and private computing and communications systems against attacks from both inside and outside. It was the need for that type of protection that caused the European Union in 1999 and the U.S. government in 2000 to relax their export controls on strong cryptography, a change that bolstered the security of Internet communications.
A network may be designed to provide security to its individual users against everything except authorized intrusions by the network itself, a plausible goal for a Department of Defense (DoD) network. Such a model requires centralization of authority that is possible for DoD, and might have been possible for the Internet in 1985— when it was a U.S. project—but is not feasible now.
The Internet has become essential to modern life. Business and personal communications—and even critical infrastructure—rely upon the network to function. Yet the combination of attacks on the network and on network hosts means that we are increasingly reliant upon an unreliable network.
A number of efforts are under way to improve this, from the use of Secure Sockets Layer (SSL) to protect Internet commerce, to the deployment of Internet Protocol security (IPsec) to protect any IP communication, to the implementation of Domain Name System Security Extensions (DNSSEC) to protect the domain-name system. Research is occurring in both Europe and the U.S. on secure Internet protocols and such plans as expounded in the recently released White House Cyberspace Policy Review.
The unauthorized use of wiretapping facilities in the Greek Vodaphone system shows one level at which surveillance facilities can be misappropriated. NSA’s activities under the Bush administration show another. FBI expansion of its wiretapping authority beyond what was originally envisioned
in CALEA shows a third.
Building wiretapping capabilities into communications infrastructures creates serious new risks. The complexity that wiretapping introduces led the Internet Engineering Task Force (IETF) to conclude that it should not “consider requirements for wiretapping as part of the process for creating and maintaining IETF standards” (RFC 2804).
The surveillance we are attempting to build may increase security in some ways, but it also creates serious risks in a network infrastructure that supports all of society. Given the importance of the Internet to society—and given the importance the network has in communications between people and their friends, governments and their citizens, businesses and their customers, and in all of society—communications security is critical, and that should take precedence in the debate over communications security versus communications surveillance.
Related articles on queue.acm.org
Document and Media Exploitation
Simson Garfinkel
http://queue.acm.org/detail.cfm?id=1331294
VoIP Security: Not an Afterthought
Douglas C. Sicker and Tom Lookabaugh
http://queue.acm.org/detail.cfm?id=1028898
A Conversation with Donald Peterson
http://queue.acm.org/detail.cfm?id=1028901
Whitfield Diffie is a visiting professor in the information Security group at royal holloway, University of London. for nearly two decades Diffie worked at Sun Microsystems Laboratories, where as Chief Security officer he was the chief exponent of Sun’s security vision and responsible for developing Sun’s strategy to achieve that vision. he is best known for his discovery of the concept of public key cryptography and has spent many years of his career working on the public policy aspects of cryptography. he and Susan Landau are joint authors of the book Privacy on the Line (Mit Press), which examines the politics of wiretapping and encryption.
Susan Landau is a Distinguished engineer at Sun Microsystems Laboratories, where she works on security, cryptography, and policy, including surveillance and digital-rights management issues. She serves on the nSf CiSe advisory Committee, the Commission on Cyber Security for the 44th Presidency, the editorial board of IEEE Security and Privacy, and as a Viewpoint section board member for Communications of the ACM; she previously served for six years as a member of the national institute of Standards and technology’s information Security and Privacy advisory board. Landau is the recipient of the 2008 Women of Vision Social impact award, a aaaS fellow, and an aCM Distinguished engineer.
References:
http://queue.acm.org/detail.cfm?id=1331294
Archives