Wednesday, October 12, 2011

Online Spying Is Perilous and Unnecessary

By Evgeny Morozov
September/October 2011
Courtesy Of "The Boston Review"

Susan Landau,
Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
The MIT Press, $29.95 (cloth)

Luis González / Flickr.com / Una cierta mirada
Back in the day, when bad guys used telephones, the FBI and other law enforcement agencies would listen in with wiretaps. As long as phone companies cooperated—and they had to, by law—it was a relatively straightforward process. The Internet, however, separated providers of communications services—Skype, Facebook, Gmail—from those running the underlying infrastructure. Thus, even if the FBI obtains a suspect’s traffic data from their Internet service provider (ISP)—Comcast, Verizon, etc.—it may be difficult to make sense of it, especially if the suspect has been using encrypted services. This loophole has not been lost on child pornographers, drug traffickers, terrorists, and others who prize secret communications.
To catch up with the new technologies of malfeasance, FBI director Robert Mueller traveled to Silicon Valley last November to persuade technology companies to build “backdoors” into their products. If Mueller’s wish were granted, the FBI would gain undetected real-time access to suspects’ Skype calls, Facebook chats, and other online communications—and in “clear text,” the industry lingo for unencrypted data. Backdoors, in other words, would make the Internet—and especially its burgeoning social media sector—“wiretappable.”
The FBI’s plans have left civil libertarians and privacy advocates worried. The backdoors, they say, would make surveillance too easy and might result in over-collection of personal data. Companies in Silicon Valley are worried, too. Complying with demands for backdoors, they say, is costly, thus burdensome for startups, thus a limit on innovation.
Thoughtful proponents of backdoors acknowledge these concerns, but argue that security may trump the value of privacy and innovation. Strong bipartisan congressional support for renewing the surveillance-enabling Patriot Act suggests those proponents might have powerful allies.
But do backdoors actually boost security? Susan Landau, formerly an engineer with Sun Microsystems, thinks not. In her new book, Surveillance or Security?, she argues that Mueller’s plan actually would create greater insecurity. While she agrees that law enforcement agents may have a legitimate need to listen to some electronic communications, she believe backdoors are the wrong strategy, and law enforcement should instead explore opportunities for surveillance afforded by cell phones and social networking.
But in the end, the issue may be moot: backdoors and sophisticated new surveillance tools may both be unnecessary for the purposes of acquiring information. By routinely giving away a huge amount of personal data, everyday Internet users might already have become law enforcement’s greatest ally.


• • •


Before the Internet, wiretappers had a few options with obvious tradeoffs. They could bug the phone itself, tinker with a phone junction box, or work through the telephone company’s central office. The first two options normally require breaking into a suspect’s private space and therefore involve more risks, as the suspect can easily notice the invasion. The third option is harder for a suspect to detect, but usually demands active cooperation from phone companies.
Innovations such as call forwarding and caller ID—as well as the spread of fiber-optic cables, wireless connections, and computer-controlled telephone exchanges—presented eavesdroppers with new challenges. With call forwarding, for example, suspects can evade wiretaps by redirecting calls to an untapped number. By the mid-1980s federal agencies had good reasons to worry that technological advances were outstripping their ability to conduct investigations.
These concerns led to the passage of the Communications Assistance for Law Enforcement Act (CALEA) in 1994. CALEA requires that telecommunications carriers and equipment manufacturers assist federal agencies by building remote surveillance capabilities into their devices, infrastructure, and services—i.e., making them wiretappable. But Congress, realizing that this could strangle innovation in the nascent online sector, exempted providers of “information services.” The exemption, however, was too general, never spelling out how to deal with hybrid services such as Voice over Internet Protocol, or VoIP, of which Skype is a notable example. VoIP is functionally similar to telephony because it enables distant parties to talk to each other. But VoIP services rely on Internet infrastructure and may be considered a kind of information service.
Even if the war on terrorism ends, the surveillance infrastructure it spawned is likely to remain in place for decades.
In 2005, more than a decade after Congress passed CALEA, the Federal Communications Commission (FCC) finally cleared up this confusion. According to the FCC, CALEA obligations extend to providers of what it called “interconnected VoIP services.” By this, the agency means services that allow users to receive or terminate calls over the regular phone network. This exempts services such as Skype, at least when used to arrange Internet-based calls between computer users. (Skype’s other services—SkypeIn and SkypeOut—do not seem to fall under this exemption; there is some ambiguity as to whether they are already wiretappable.) The FCC’s decision didn’t satisfy everyone. Senator Patrick Leahy, CALEA’s primary sponsor, complained that “any extension of CALEA—a law written for the telephone system in 1994—to the Internet in 2005 would be inconsistent with congressional intent.” The FCC ruling was challenged unsuccessfully in court.
Law enforcement agencies are unhappy with the continuing exemptions for Skype-like services and other online communications that never fell under CALEA in the first place. According to Christopher Soghoian, an expert on information security and government surveillance, law enforcement agencies are seeking three powers currently outside CALEA. First, they want authority to intercept communications exchanged on Twitter, Facebook, and other services in real time as well as to intercept a suspect’s futuresearches, emails, or chats, as opposed to requesting them retroactively, as it does now. Second, they want to wiretap audio and video chats that are offered as auxiliary services by social networks or game platforms, such as Microsoft’s XBox 360, which allows gamers to chat with each other while playing online. Finally, they’d like to keep tabs on users who are running Virtual Private Networks (VPNs) to hide their traffic or login remotely to closed networks, a common practice in business, academia, and government. It remains to be seen whether the FBI and other federal agencies will pursue this ambitious agenda by strong-arming technology companies, pressuring Congress to expand CALEA, or both.


• • •


The FBI’s focus on backdoors is misguided: there is no reasonable way to force backdoors upon all online communications providers. Once Skype has a backdoor, users can just pick another service, from Second Life, to FourSquare, to Chatroulette. As long as Silicon Valley keeps producing new start-ups, some will provide secure peer-to-peer connections—unless all online services are required to have backdoors. But that could have a devastating effect on innovation. And before Skype was acquired by Microsoft, the company was incorporated outside the United States, which meant that the FBI had little leverage over it (another potential FBI target—Research in Motion, the company behind BlackBerry—is Canadian). And while the FBI might be able to extract compliance from big players that can’t risk their business interests in the United States—Congress or the courts could back the FBI’s authority by threatening to ban noncompliant foreign companies from operating in the United States—plenty of shady online services based in Eastern Europe or Central Asia would defy any marching orders from Washington.
The long-term implications of backdoors are at best murky. Even if the war on terrorism ends, the surveillance infrastructure designed to fight it is likely to remain in place for decades. Backdoor-friendly communications standards would ensure that the FBI and NSA—which also wants to take advantage of online surveillance opportunities—remain as powerful as they are now.
These agencies are currently advocating solutions that will help to address their short-term problems, but at a cost to their own long-term success. Law enforcement is enthusiastic about “deep packet inspection,” which enables ISPs to examine user traffic for viruses, malware, or hints of piracy. But if everybody’s traffic is scrutinized, users will adjust by turning to anonymity-enhancing tools such as Tor. This will make it harder for the FBI to engage in legitimate investigative practices without having to use advanced surveillance tools or demand access to backdoors.
These are powerful concerns in part because they apply even if only law enforcement uses increased electronic-surveillance powers and does so in accord with the law. However, inSurveillance or Security? Landau argues convincingly that we should be concerned about the abuse of backdoors. In Greece in 2004–2005, more than a hundred mobile phones belonging to senior officials—including the prime minister and the mayor of Athens—were secretly wiretapped by an unknown party for almost six months. This was possible because Vodaphone Greece used Ericsson switches that enable law enforcement to wiretap users remotely by means of a backdoor. Other vulnerabilities in Vodaphone’s setup were then exploited to initiate and conceal the unauthorized access.
With or without backdoors for online spying, serious investigative work has never been easier.
The risks of backdoor abuse are not limited to mobile phones. Bruce Schneier, a prominent security expert, believes that the 2010 attacks on Google that forced the company to exit China exploited an internal intercept system that Google built for the needs of U.S. law enforcement. Speaking at a 2010 security conference, Tom Cross, a researcher at IBM, showed how easy it is to abuse backdoors in Cisco’s routers—backdoors built according to the demands of law enforcement agencies. And we must worry about the ethics of law enforcement, too. Given how Rupert Murdoch’s hacks manipulated the bigwigs at Scotland Yard, is it really a good idea to make online wiretapping easier?


• • •


In addition to being open to exploitation and potentially impossible to implement, backdoors may well be unnecessary. Even without backdoors, serious investigative work has never been easier.
The proliferation of easily accessible online databases that provide hundreds of reference points about a given individual makes tracking and surveillance much more straightforward. Friends and contacts—previously hard to find—are now often self-disclosed on social networking sites. The hints—especially about location—provided by our mobile phones further simplify investigative work. Credit card companies, too, are rich sources of previously unavailable information. Landau quotes a criminal investigator who claims that phone records provide the same information as 30 days of covering a suspect with a five-person surveillance team. Now imagine analyzing this data against a suspect’s tweets, pokes, and self-disclosed location. With so much personal data floating around, it’s no surprise that law-enforcement agencies manage to do their work without wiretapping.
Landau also shows that without tinkering with Internet infrastructure or the popular services that run on it, law enforcement agencies can already obtain much of the information they would get through backdoors. Recent events in the Middle East offer cases in point. In early March angry Egyptian crowds stormed into the buildings of the country’s secret police in a last-minute attempt to preserve documents that were about to be destroyed by departed President Hosni Mubarak’s cronies. There, amid shredded files, activists found transcripts of their own emails and Skype calls. The activists, some of whom were trained in Internet security by U.S.-funded NGOs, had believed Skype’s encryption was unbreakable.
Another batch of seized files—mostly Egyptian government contracts with Western technology firms—shed light on how such information could have been gathered. The Egyptian police had purchased FinSpy, software developed by Gamma group, a U.K.-based company that specializes in building communications-intercept technology for government agencies. Subsequent research by The Wall Street Journal revealed that many other companies—in Britain, Italy, Switzerland, Germany, and the United States—have developed similar tools. Milan-based Hacking Team sells software that “reads” the audio stream directly from a computer’s memory, thus bypassing Skype’s encryption. Narus, an American firm now owned by Boeing, supplied advanced deep packet– inspection technology to Mubarak. In a 2007 press release, Narus even boasts that its technology is able to intercept email sent via Gawab Mail, a popular service in Egypt. Lest we assume that only authoritarians are interested in such tools, Narus also caters to the NSA’s information needs. The company built equipment that powered a San Francisco AT&T facility used to intercept and analyze the Internet-based communications of millions of Americans.
The revelations from Egypt rob the FBI and NSA of the argument that sophisticated Internet services need to be redesigned in order to be wiretapped: Skype conversations can be invaded without modifying the existing infrastructure. If Mubarak’s security services could find their way around Skype, is it too much to expect comparable competence from the FBI and NSA?
U.S. intelligence and law enforcement are already busy developing and implementing tools similar to the ones used in Egypt and may possess far more advanced technology. Computer and Internet Protocol Address Verifier (CIPAV) is one little-known tool that the FBI uses to collect information. Like spyware, it monitors activities on a target computer without revealing its presence. In the past the FBI has also deployed keystroke loggers to learn suspects’ usernames, passwords, and encryption passphrases. Given the NSA’s relationships with companies such as Narus, it is reasonable to expect that other new surveillance technologies are on the way.
The most advanced surveillance tools collect far more information than could normally be gathered through backdoors. Some of them also enable on-the-fly “semantic analysis,” which attempts to place the intercepted content in a meaningful context by showing where communications come from, how contacts relate to each other, and who the contacts have communicated with in the past. Many advanced technologies are harder and riskier to operate than a hypothetical backdoor, but Landau believes that such costs are worth the payoffs to law enforcement. As a bonus, these techniques don’t create widely exploitable holes in Internet security, as backdoors do. In recent congressional testimony, Landau recommended that the FBI allocate more money to research and development. The agency could then stay abreast of innovations in the field and adjust its tools accordingly. She wants a more entrepreneurial FBI, not a lazier one that relies on backdoors.
Internet companies collect and analyze as much information as possible, and the state need only ask them for it.
Even the privacy-conscious Electronic Frontier Foundation believes that, under certain conditions, some combination of spyware, keystroke logging, and traffic analysis might be a better solution than backdoors. Thus, EFF Staff Attorney Jennifer Lynch writes:
If the FBI obtains a probable cause-based court order before installing tools like CIPAV, complies with the minimization requirements in federal wiretapping law by limiting the time and scope of surveillance, and removes the device once surveillance concludes, the use of these types of targeted tools for Internet surveillance would be a much more narrowly tailored solution to the FBI’s purported problems than the proposal to undermine every Internet user’s privacy and security by expanding CALEA.
Such suggestions make a lot of sense in theory; who, after all, wouldn’t want the FBI to use more effective surveillance tools that would protect privacy without compromising security? But the growing use of such tools boosts Washington’s already sprawling cyber-industrial-military complex. How do we make sure the entrepreneurial FBI models itself on Steve Jobs, not J. Edgar Hoover?
We also need to consider the spillover of such tools into countries where they are likely to be abused by authoritarian governments. There are few barriers that prevent Western producers of keystroke loggers or spyware from exporting their technologies to Syria, Saudi Arabia, or China. High demand for their products in the West ensures low costs and constant innovation. The sophistication of Egypt’s security apparatus is directly proportional to the sophistication of methods pursued by the NSA and FBI. The failure to recognize these spillovers—a failure that underpins much of Hillary Clinton’s “Internet freedom” agenda, which focuses on empowering bloggers, not restraining U.S. technology firms—guarantees that dictators have easy access to Western surveillance tools. Unfortunately this may be one of those cases where U.S.-led efforts to promote Internet freedom abroad are doomed regardless of what the government chooses to do domestically. An FBI and NSA push for backdoors would affect global standards and eventually make it easier for every government to tap Internet services. But the alternative—abandoning backdoors and instead pouring tax money into novel tools—will also strengthen the security apparatus of foreign governments, including authoritarian ones.
Landau is right that backdoors do not deliver on security, but security, privacy, and innovation are not the only criteria by which to judge the suitability of wiretapping solutions. Foreign-policy interests—a desire not to empower enemies and autocratic regimes—should shape this agenda as well. But most policymakers in Washington don’t incorporate global concerns into highly technical domestic debates about seemingly obscure issues of surveillance law.


• • •


Backdoors and new tools each have downsides, then. But the FBI and NSA may still be in luck, because their interests often coincide with those of advertisers—the real drivers of the Internet’s future. What these agencies can’t do with backdoors and new spying methods they may be able to achieve by piggybacking on the success of advertisers in changing how we think about sharing our personal data—and, more generally, our views on privacy and encryption.
The FBI’s real concerns are not about getting access to stored communications—they know how to do that—but rather about being able to intercept real-time, encrypted communications that may never be stored at all. The FBI would have a much easier job if more Internet companies shared Google’s expansionist attitude toward customers’ data: collect and analyze everything for it may prove useful at some point.
Thus far Skype has not gone in Google’s direction. Skype’s business model is not really optimized for the age of big data and smart, highly contextualized advertising. So Skype is sitting on a potential gold mine of user data, but the company does not profit from it at all. For Skype and other VoIP services to maximize business potential, they would need to have the ability to “listen” to one’s calls—the way Google “reads” one’s emails—and figure out a way to serve ads based on the content of the conversation. Those ads can be text-based and silently follow users elsewhere on the Web. In a less creative scenario, exposure to ads could be converted into free minutes for calling landlines.
Now that Skype is owned by Microsoft, expansionism looks more plausible: for some time now, Microsoft has been developing technology to generate contextual ads based on voice input; it presented one such system in 2008. Applying those technologies to Skype will require some re-engineering of how the service works, as well as some creative lawyering, but it’s not completely unrealistic. Google’s program of scanning our emails and showing ads based on keywords in them also seemed crazy at first—the British technology magazine The Register called Gmail “spook heaven”—but quickly became the norm. And maybe a third-party service—also owned by Microsoft?—can do the trick without having to re-engineer anything: how many of us would happily install spyware that would study everything we say into the microphone and, in return, provide coupons, discounts, and free VoIP minutes?
As Skype’s subscription and pay-as-you-go models demonstrate, there are other, perhaps less lucrative, revenue streams, and the need for absolute secrecy may still attract plenty of corporate clients. (Research in Motion’s fight with governments worldwide is notable here because, like Skype, it claims to have no means to decrypt its corporate clients’ communications.) But in the realm of consumer services, it is unlikely that secure communications have a bright future: for lots of users, coupons and free minutes are more exciting than privacy. If one can make money simply by showing users ads generated from their own content—email, video, voice mail, photographs—why bother with risky and possibly less profitable options? Google is making lots of money selling advertising derived from user content, and its example is contagious. Facebook is infected. One of Facebook’s new features allows users to tag brands in their photos. Perhaps they will eventually be tagged automatically, with users compensated. The FBI is not blind to these trends; this may explain why it seems to be changing tactics and, instead of demanding new laws to make backdoors mandatory, is also trying to convince companies to modify their services and make them data-sensitive. Such alterations would help the FBI and the industry: win-win. The dangers of such an unholy alliance between the highly customized advertising excesses of modern capitalism and the data-gathering excesses of the modern surveillance state are obvious: Internet companies are licensed to collect and analyze as much information as possible precisely because the state may one day ask them for it.
Given how much private companies know about us, it is naïve to expect that the FBIs and NSAs of the world would be content to acquire new tools and develop better investigative techniques while leaving that trove of data unmined. There are already companies collecting the information that law enforcement agencies want: they need only reach out and take it while leaving those companies to continue aggregating and analyzing information, secure in the knowledge that users never read the terms of service. Landau is right about the many deficits of the backdoor solution, and policymakers, too, are discovering them. Law enforcement agencies don’t need backdoors. All they need is a little corporate deference. Users, ultimately, hold the information that governments prize, and as long as we get our trifling discounts and conveniences in exchange, we may be delighted to part with it.

No comments:

Post a Comment