Whither Privacy
At the time the U.S. wiretap laws were
passed, real-time access to transactional information of who was talking
to whom and when was not easy to acquire. Modern switching technology introduced in the 1980s changed that, and
police hungrily pursued the investigative possibilities. Because transactional
data—phone number, time of call—are
analogous to the information on the
outside of a letter, access requires only
a subpoena, which is much easier to obtain than a wiretap warrant. Whom you
talk to and when may be less intimate
than the transcripts of your conversations but can reveal a great deal about
you. When your spouse calls you from
the office in the late afternoon, do you
frequently respond by calling a certain
number? Perhaps when you learn your
spouse is working late, you let someone
else know you are free.
In a cellphone world people are constantly at their telephones. Not only do
they make more calls, but they also reveal more information: times and numbers are joined by location in the transactional record. In an Internet world,
each connection to a Web site is a transaction. Even though a query string is not
transactional data, the sites visited after
the search engine frequently make the
character of the query clear.
Curiously, the greatest threat to privacy may not be snooping on people
but snooping on things. We are moving
from a world with a billion people connected to the Internet to one in which
10 or 100 times that many devices will
be connected as well. These range from
the much-discussed smart refrigerator that knows when it is time to order
more milk to RFID (radio-frequency
identification) tags in products that enable the tracking of where the goods are
located before, and perhaps after, retail
sale. Particularly in aggregation, the information reported by these devices will
blanket the world with a network whose
gaze is difficult to evade. The future of
privacy will depend on a combination of
legal and technical measures by which
device-to-device communications are
protected.
Whither security
It is not just privacy that is at risk under
the new regime, it is security as well.
National security is much broader than
simply enabling intelligence and law-enforcement investigations. Although
undertaken in the name of national
security, building wiretapping into our
telecommunications system may be a
greater threat to that security than the
spies and terrorists against whom it is
aimed.
First and foremost, information security means protecting public and private computing and communications
systems against attacks from both inside and outside. It was the need for
that type of protection that caused the
European Union in 1999 and the U.S.
government in 2000 to relax their export controls on strong cryptography,
a change that bolstered the security of
Internet communications.
A network may be designed to provide security to its individual users
against everything except authorized
intrusions by the network itself, a plausible goal for a Department of Defense
(DoD) network. Such a model requires
centralization of authority that is possible for DoD, and might have been
possible for the Internet in 1985—
when it was a U.S. project—but is not
feasible now.
The Internet has become essential
to modern life. Business and personal
communications—and even critical
infrastructure—rely upon the network
to function. Yet the combination of attacks on the network and on network
hosts means that we are increasingly
reliant upon an unreliable network.
A number of efforts are under way
to improve this, from the use of Secure
Sockets Layer (SSL) to protect Internet
commerce, to the deployment of Internet Protocol security (IPsec) to protect
any IP communication, to the implementation of Domain Name System Security Extensions (DNSSEC) to protect
the domain-name system. Research is
occurring in both Europe and the U.S.
on secure Internet protocols and such
plans as expounded in the recently released White House Cyberspace Policy
Review.
The unauthorized use of wiretapping facilities in the Greek Vodaphone
system shows one level at which surveillance facilities can be misappropriated. NSA’s activities under the Bush
administration show another. FBI expansion of its wiretapping authority
beyond what was originally envisioned
in CALEA shows a third.
Building wiretapping capabilities
into communications infrastructures
creates serious new risks. The complexity that wiretapping introduces led
the Internet Engineering Task Force
(IETF) to conclude that it should not
“consider requirements for wiretapping as part of the process for creating and maintaining IETF standards”
(RFC 2804).
The surveillance we are attempting
to build may increase security in some
ways, but it also creates serious risks in
a network infrastructure that supports
all of society. Given the importance of
the Internet to society—and given the
importance the network has in communications between people and their
friends, governments and their citizens, businesses and their customers,
and in all of society—communications
security is critical, and that should take
precedence in the debate over communications security versus communications surveillance.
Related articles
on queue.acm.org
Document and Media Exploitation
Simson Garfinkel
http://queue.acm.org/detail.cfm?id=1331294
VoIP Security: Not an Afterthought
Douglas C. Sicker and Tom Lookabaugh
http://queue.acm.org/detail.cfm?id=1028898
A Conversation with Donald Peterson
http://queue.acm.org/detail.cfm?id=1028901
Whitfield Diffie is a visiting professor in the information
Security group at royal holloway, University of London.
for nearly two decades Diffie worked at Sun Microsystems
Laboratories, where as Chief Security officer he was the
chief exponent of Sun’s security vision and responsible
for developing Sun’s strategy to achieve that vision. he
is best known for his discovery of the concept of public
key cryptography and has spent many years of his career
working on the public policy aspects of cryptography. he
and Susan Landau are joint authors of the book Privacy
on the Line (Mit Press), which examines the politics of
wiretapping and encryption.
Susan Landau is a Distinguished engineer at Sun
Microsystems Laboratories, where she works on security,
cryptography, and policy, including surveillance and
digital-rights management issues. She serves on the
nSf CiSe advisory Committee, the Commission on
Cyber Security for the 44th Presidency, the editorial
board of IEEE Security and Privacy, and as a Viewpoint
section board member for Communications of the ACM;
she previously served for six years as a member of
the national institute of Standards and technology’s
information Security and Privacy advisory board. Landau
is the recipient of the 2008 Women of Vision Social
impact award, a aaaS fellow, and an aCM Distinguished
engineer.
