Schneier on Security
A blog covering security and security technology.
« Friday Squid Blogging: Spicy Squid on a Stick |
| Too Many Security Warnings Results in Complacency »
August 3, 2009
Building in Surveillance
China is the world's most successful Internet censor. While the Great Firewall of China isn't perfect, it effectively limits information flowing in and out of the country. But now the Chinese government is taking things one step further.
Under a requirement taking effect soon, every computer sold in China will have to contain the Green Dam Youth Escort software package. Ostensibly a pornography filter, it is government spyware that will watch every citizen on the Internet.
Green Dam has many uses. It can police a list of forbidden Web sites. It can monitor a user's reading habits. It can even enlist the computer in some massive botnet attack, as part of a hypothetical future cyberwar.
China's actions may be extreme, but they're not unique. Democratic governments around the world -- Sweden, Canada and the United Kingdom, for example -- are rushing to pass laws giving their police new powers of Internet surveillance, in many cases requiring communications system providers to redesign products and services they sell.
Many are passing data retention laws, forcing companies to keep information on their customers. Just recently, the German government proposed giving itself the power to censor the Internet.
The United States is no exception. The 1994 CALEA law required phone companies to facilitate FBI eavesdropping, and since 2001, the NSA has built substantial eavesdropping systems in the United States. The government has repeatedly proposed Internet data retention laws, allowing surveillance into past activities as well as present.
Systems like this invite criminal appropriation and government abuse. New police powers, enacted to fight terrorism, are already used in situations of normal crime. Internet surveillance and control will be no different.
Official misuses are bad enough, but the unofficial uses worry me more. Any surveillance and control system must itself be secured. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and by the people you don't.
China's government designed Green Dam for its own use, but it's been subverted. Why does anyone think that criminals won't be able to use it to steal bank account and credit card information, use it to launch other attacks, or turn it into a massive spam-sending botnet?
Why does anyone think that only authorized law enforcement will mine collected Internet data or eavesdrop on phone and IM conversations?
These risks are not theoretical. After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States.
Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn't always match those rules. NSA analysts collected more data than they were authorized to, and used the system to spy on wives, girlfriends, and famous people such as President Clinton.
But that's not the most serious misuse of a telecommunications surveillance infrastructure. In Greece, between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice.
Ericsson built this wiretapping capability into Vodafone's products, and enabled it only for governments that requested it. Greece wasn't one of those governments, but someone still unknown -- a rival political party? organized crime? -- figured out how to surreptitiously turn the feature on.
Researchers have already found security flaws in Green Dam that would allow hackers to take over the computers. Of course there are additional flaws, and criminals are looking for them.
Surveillance infrastructure can be exported, which also aids totalitarianism around the world. Western companies like Siemens, Nokia, and Secure Computing built Iran's surveillance infrastructure. U.S. companies helped build China's electronic police state. Twitter's anonymity saved the lives of Iranian dissidents -- anonymity that many governments want to eliminate.
Every year brings more Internet censorship and control -- not just in countries like China and Iran, but in the United States, the United Kingdom, Canada and other free countries.
The control movement is egged on by both law enforcement, trying to catch terrorists, child pornographers and other criminals, and by media companies, trying to stop file sharers.
It's bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers and censors say, these systems put us all at greater risk. Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in.
This essay previously appeared -- albeit with fewer links -- on the Minnesota Public Radio website.
Posted on August 3, 2009 at 6:43 AM
• 37 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
"The more you tighten your grip, Tarkin, the more star systems will slip through your fingers..."
Princess Leia, 'Star Wars'
FYI if I remember correctly ISP in Sweden are deciding to not store any client info to avoid recent IPRED law requiring them to hand data without court warrant (passed due to pressure of media companies).
Yes you are right about ISPs not storing client information in Sweden. However, there will soon be a new law implemented which require that the ISPs store information about clients for at least 6 months.
The politicians refuse do discuss the Internet in any way other than passing ridiculous laws without any valid arguments for them.
Thanks Bruce for raising this issue on your blog. I've been writing about US Internet Censorship and other regulations coming down the pipe to enforce controls on the Internet over the last few months. (See my articles at: http://www.newswithviews.com/Trinckes/johnA.htm ) I see the policies from other countries being pushed here in America. I would also like to point out a recent discovery for your readers who participated in the 'Cash for Clunkers' programs at cars.gov. (Warning: Do not try this at home; however, it is important that you take a look at this video describing how the government will legally take control of your computers.) http://www.youtube.com/watch?v=mqfuZ7hiap0
Thanks Bruce for all that you do.
Well, folks, the Internet was nice during the nearly 20 years that it was open to all and sundry and hardly controlled at all. Looks as if that period of history is coming to an end - quickly.
There are three types of people involved.
1. Clueless politicians who have never taken the trouble to understand the Internet, but who nevertheless demand Results Now - Whatever It Takes!
2. Clueful politicians who know full well that, as Bruce describes, the new "features" can be abused to deprive citizens of their liberties in a way so thoroughgoing that even Stalin would have envied it - and couldn't care less, as long as they get what they want.
3. Criminals, who will gleefully walk through the door the politicians have opened for them.
Unfortunately, this time there will be no refuge on Earth, thanks to the legal and cultural uniformity that has been imposed on us by "the end of history".
Early in my career I had a job at an US ISP. One day we received a request from the local law enforcement agency for log information. The owner of the company took the call and promptly told the officer to get a warrant if he wanted our data. To the best of my knowledge, we never heard from that agency ever again. I wish more ISPs were like this.
For those wondering, it was http://netonecom.net
Let's not forget that Costas Tsalikidis, the telecommunications tech who brought information to light about the Greek surveillance program was conveniently "suicided"; as was Adamo Bove, the head of security at Telecom Italia who was chief witness for the Milanese prosecution against the 26 CIA agents who were involved in the abduction, rendition and torture of Egyptian cleric Abu Omar.
Green Dam Youth Escort Service
Small fish ISPs can reject requests for logs all they want. Deep packet inspection, easily tweaked VOIP software deployed at the building infrastructure level, and data vaccuum appliances are implemented at the upstream provider level and make such resistance moot. Furthermore, thanks to CALEA if for some reason they do need something they can't get from a small fish's upstream provider, they can legally shut it down.
It's pretty much a given that most small providers will never even see the request to log. Packets are very easily siphoned off at the larger (and more government compliant) upstream providers.
It all comes down to whether you believe that there are more "bad" people out there than there are "good" people.
When you think you see "terrorists" and "child porn" everywhere then these steps make sense.
If you don't, they don't.
And this is happening in france too with laws like HADOPi (to sum up, this law is supposed to protect copyright owners against file sharers by "allowing" caught people to install a governement-approved spyware on their computer.) or LOPSI (Police should be allowed to install a trojan (by "any" means: phisical access or remote infection) on your computer when they think you do something illegal.)
By the way, I'd like to translate this post in French someday, is it possible?
"Just recently, the German government proposed giving itself the power to censor the Internet."
They didn't just propose, the law is passed and ready to be applied. They're just waiting for the EU notification period to be over to start censoring.
You should have given a little history behind the FBI amongst others and their "European Road Shows" to convince Europe to do what it knew was not possible in the US.
They had all the arguments draft legislation etc put together but people where not biting, then 9/11 happened.
The dam was broken all the legislation was grabbed from the various TLA Organizations dusty shelves and stapled together along with a large measure of pork and called the Patriot Act...
When they found just how easy it was they carried on. The European Parliament due to various stitch up tricks has no real power and the secretive and very probably corrupt council of ministers just hand waved through similar legislation.
I suppose you could say Osama bin Laden has done more for our "democratic leaders" than any other single individual. As for "we the people" well it's like the old joke, The politicos get the elevator (to the high life) and the rest of us get the....
"criminal appropriation and government abuse" are the same thing in my book.
"False is the idea of utility that sacrifices a thousand real advantages for one imaginary or trifling inconvenience; that would take fire from men because it burns, and water because one may drown in it; that has no remedy for evils except destruction."
Internet censoring is only one front in this war.
The more our governments know about us, the more it is they appear to want to know. All, of course, to fight terrorism, etc.
Some months ago a member of the House of Lords lambasted UK citizens in the press for failing to know their rights, and worst still, how those rights were being further eroded.
Unfortunately, without blogs like this I probably wouldn't have a clue what is going on in the UK. The official line is always, 'It is not in the public interest to disclose this information.'
Of course I'm interested in what is happening around the globe, but my main interest is actions being taken that erode rights in the US (where I wouldn't expect it to happen) and the UK
@ Stephen B
"'The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.' - Princess Leia"
And in response to Ms. Organa's trenchant observation Governor Tarkin uses the Deathstar to blow Alderaan to smithereens...
"Thanks Bruce for all that you do."
While I certainly respect this blog and the man behind it, as well as all of the ideas and commentary, really we're not doing any more than talking this issue to death. It gets worse with every passing moment in the US, as well as elsewhere, and it's becoming more and more apparent that the discourse, with all of its ominous warnings of a kafkaesque police state looming on the horizon, is really not making much of an impact on the people who actually matter in these situations (the lawmakers). Apparently having a blog isn't as powerful as a well funded group of determined lobbyists, polling data on FUD with-us-or-against-us issues, or the completely incestuous orgy that is the US capitol.
I mean good lord people, just yesterday I saw a news expo about the TSA confiscating a few toys from a couple of kindergartners on their trip home from Disneyland. We've abandoned all common sense in the face of this legislative rampage on our freedom.
I think we'd all agree it's far easier to prevent these laws from being passed than it is to take them away once they've been written into law. That being the case, why are so many making it all the way to the signing table? What the hell is all this talk for? No one that matters is really listening.
I for one don't want to sit around waiting for a second American revolution to put our constitution back on its throne. I applaud Bruce as well, but he isn't making much of a difference, and neither are any of us. We seem to be just as incestuous as the politicos up on the hill, preaching to the choir on our favorite hot-button issues, with nothing more than nodding approvals and pats on the back for a thought well done.
For all our talk, our message still sits on the fringe, with the ACLU, the conspiracy nuts, the super-whatever-winger 'liberals', etc. We helped elect Obama, hoping for change, but he's just as on-board with the warrantless data-mining as anyone else on the hill. I don't really have the answers as to what should be done, but we're losing this battle very quickly, and (it would seem) without much of a fight aside from a few op-eds here and there (and even those seem to land in our favorite biased publications, online and off).
Whatever we're all doing out here is failing. Maybe that's what we ought to be talking about. I think we can all agree that we value our privacy, and our freedom, and that both are slipping away with every passing law. I don't think we are the ones that need convincing.
We scoff at China's internet policing, but at least they don't try to dress it up to be something it isn't. They (the US) are spoon feeding us poison from the same shelf every day, they just keep touting it as medicine.
@ Words < Action
And your proposed list of actions to correct the situation as you see it includes what precisely?
Thanks for the article. It is very useful and timely.
@Words < Action
As a victim of domestic spying (you'll know it when they are watching you, believe me, they sent men into the motherhouse of a convent after me twice, same guys in many other locations) I think that it would be great if someone as well informed as Bruce could help congressmen interested in pushing this business into the public eye. I think if most people knew how god awful the observer program is in real life, they'd be appalled.
You can not get help from anyone.
Living through this reminds me of the Russian lit novels we read in college in the early 80s. Its like living in a 24/7 virtual jail. Its a terrible thing to see it happening in America. Its worse when its your life, your privacy.
This blog helps me to see its not just me in this oubliette of our beautiful democracy.
What did I do? I don't know. Well the police will say, you must have done something or they wouldn't be watching you.
Green Dam is a level in Phantasy Star 2. Green Dam Youth Escort must be the official ...
"I think we'd all agree it's far easier to prevent these laws from being passed than it is to take them away once they've been written into law."
In the UK laws never get taken away parts get ignored, modified by case law or only when it's in the politicians interest do they get modified or repealed in part, but the original law once on the statutes stays as is as part of the historical record (like the stain of red wine on white silk, caused by the careless hand).
"That being the case, why are so many making it all the way to the signing table?"
As has been observed many times,
'The Devil makes work for idle hands'
We do not have real democracy in the US or UK we have "representational democracy", that is, we vote for a monkey in a suit to be "experts on our behalf" "working for us". Unfortunatly they work on "monkey see monkey do" they do not think except in their own self interest (as we have seen in the UK).
The Devil on these monkeys backs is "We the People" who despite the politicians best attempts to prevent it still have a final veto on their "monkeys tea party".
However it is a Faustian bargain, we need to be ever vigilant to their tricks otherwise we end up with a mess that gets increasingly rotten and replant to clear up. We have allowed ourselves to take our eye of the ball and have been seduced into a trance like sleep by sound bites and spin. Entirely as predicted by George Orwell during WWII. I'm not sure if it is a simple case of George being correct or if the Politicos and their advisor's are now using it as their manual to replace the ageing works of Machiavelli.
We the people need to wake up and become responsible for ourselves. We need to stop behaving like small children who have been hurt by our environment and be as adults and shape our environment to suit us best.
This however is not without risk, as has been noted above about fire and water, our environment needs fire to forge and water to quench as part of the process of making the tools we need to do the job. Therefore without risk we cannot grow and develop, our options become limited and we regress back to the mindless comfort that can only be had in the womb.
Since WWII we have as societies opted to regress whilst science and technology have advanced to make the tools that can be used to make the chains that enslave us or give us the eyes to see into a future that we would wish to live in.
Risk is built into our very core being, as is the ability to learn from pain. Which gives rise to our desires to protect "me and mine" which forms our clans, tribes and societies. Risk and pain and the ability to learn allied with the will to trade risk and pain for gain are what has made mankind.
Mankind has to tread a path of risk that is balanced between the desire to be protected by society and the risk of living and learning in the environment we live in that we have created for ourselves.
But the path like the tools we make has two sides it is our choice as to which way to go and how the tools should be used. But who makes the choice us or the monkeys we have created?
Unfortunately we have regressed, our own self interest has been to blind us to anything other than to avoid risk at any cost. This childish desire has driven us to the point where we have given up control of our own futures to the monkeys we have created at the tea party we set out for them.
But who keeps and trains the monkeys we have created who is the Devil upon their backs? is it you and me? no we have given up that in our desire for the comfort of not thinking and not having to face risk. Our place has been taken by those with different agender who see society as merely raw materials or grist to be used to their own enrichment not ours. Our desire for safety and security from the privations of risk has made us slaves to those who would be kings of their own empires. They have enslaved the monkeys with baubles and trapings of self interest such that we become further enslaved to their wishes.
Think of it this way, the farmer pays the sheep herder to mind the sheep who intern uses a dog that looks like a wolf to frighten the sheep into moving the way he wishes.
But ultimately it is the farmer who decides when the sheep go to market not the herder. But do the sheep see the farmer or do they see the herder? and do they see which hand controls the dog?
"What the hell is all this talk for? No one that matters is really listening.
Are they not?
Take care, the farmer hears the bleating from a distance not up close like the herder.
For the farmer to take note the bleating has not just to be loud but meaningful at a distance. That is it needs to be a chant, but the farmer does not wish to be disturbed he pays the herder to keep the flock out of his way and thoughts. The herder dancing to his paymasters tune sets the dog upon the flock.
But why is there a dog, originally it was to fight the enemy from outside the wolf, but times have changed the wolf has been removed or cowed to impotence in most places by the hunter, the wolves only roam free in distant mountains taking refuge in caves from the hunter.
For the sheep to chant not bleat they need to be aware that it is they not the herder who is responsible for their destiny, that it is they not the farmer who should control the herder who controls the dog. And importantly they need to wrest control of the herder from the farmer so that they can turn the dog from themselves and onto the real enemy the farmer who through the herder raises the spectre of the wolf to cower the sheep.
Becoming aware takes time, it takes thought it takes learning, we the people have regressed such a distance that it will take time to awaken from the trance to transform from babes to adults and take responsibility for our own direction.
Then we have to chose, do we take control of the fat and lazy herder and tell him to get lean and fit and turn the dog on the farmer, or do we call back the hunter to remove the herder and replace him and what is the risk that the hunter should decide to be king and collect tribute from the farmer?
Orwell lives and breathes thru Clive.... Where's your blog dude?
@ Anonymous at 5:34 PM
"It claims that the UK has already put CCTV cameras into British homes."
I would not be surprised.
In a related news item the UK Gov has decided that "smart utility meters" will go into peoples homes.
One feature of which is that they will be able to control your home power consumption as the utility companies see fit...
The cost is expected to be around 2 Billion pounds. The expected benefit to the consumer around 30million/annum the expected benefit to the industry 360million/annum.
Who has the Government decided will pay for this, you guessed it the consumer entirely not the industry.
There are two things to note about the decision,
1, It's based on a very small study.
2, One of the most Pro "smart meter" Politicos has been suspended as part of the "cash for questions" corruption enquiry.
The problem with the limited study is that it was an all singing and dancing smart meter for the consumer, giving them instant information about cost etc of the energy they where consuming.
The Gov recommendations have decided that this most useful benefit which is the sole reason the trial showed any benefit for consumers will be left out from the requirements for the smart meters that will be installed (the control of your home however will be left in).
Also from what I have been told these smart meters consume a fair amount of electricity themselves (they have expensive and complex telemetry systems in them) in the trial this consumption was left out of the equation.
Therefore the additional cost of running the "smart meter" will fall onto the consumer at around 250million a year whiping out the meagre 30million saving that won't be any way due to the features that lead to it not being mandated.
This is at the same time adding 250million in sales on top of the 360million saving for the utility companies...
Then there is the question of the suspended for corruption politician. Amongst other things (taking bribes) he had forgotten to mention in the debates where he was so pro the benefits of the smart meters that he had significant interests in one of the companies manufacturing smart meters...
So trebles all around except for the consumer...
Oh and something else the study left out of it's savings calculations, the expected market changes to the cost of energy by utility company profits.
It would appear that the study used a historical percentage of earnings not profit normalised against market conditions and inflation etc.
The problem with this is it ignores the fact that in a market where demand falls the suppliers increase cost to maintain the value of the profit not the percentage of earnings it represents, as they have to pay dividends to maintain share value...
Ah the joys of free market mantra on a closed cartel market.
The above post caused the following to be returned to my browser,
filemtime() [function.filemtime]: stat failed for /htdocs/www/blog/templates_c/%%2A^2A9^2A9DE3F0%%mt%3A119.php
I hope this helps track down the probs you where trying to resolve on 4th July.
To fill in the next missing step:
>> @ Stephen B
>> "'The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.' - Princess Leia"
>"And in response to Ms. Organa's trenchant observation Governor Tarkin uses the Deathstar to blow Alderaan to smithereens..."
Which is, if I recall correctly, followed by the whole empire sliping through Mr. Tarkin's fingers.
What was the last thing that went through Governor Tarkin's mind? Steel i-beam of an exploding death star
>>> "'The more you tighten your grip, Tarkin, the more star systems will slip through your fingers.' - Princess Leia
>> And in response to Ms. Organa's
trenchant observation Governor Tarkin uses the Deathstar to blow Alderaan to smithereens...
> Which is, if I recall correctly, followed by the whole empire sliping through Mr. Tarkin's fingers.
So who will play the peace-loving population of Alderaan in our metaphor? And is Bruce Obi-Wan, Yoda, or that goggle-eyed squid-looking dude?
Bruce S: Ukle numo solo. Jaba wanighiko poco!
"And your proposed list of actions to correct the situation as you see it includes what precisely?"
It includes creating a proposed list of actions to correct the situation, as opposed to simply patting ourselves on the back day in and day out for discussing how we abhor the situation and why.
Don't get me wrong, discourse is necessary. I'm all for it (I'm reading and commenting on this blog aren't I?), I just think that, at this point, these type of issue needs to be argued feverishly with the people who do not agree, not discussed in the same ole' incestuous fashions.
I highly doubt that Bruce's audience has a significant number of people who believe that wholesale surveillance is a good thing, and that our privacy and freedom should be sacrificed in the name of a false sense of security. That said, what good does it do if we aren't taking the point to the people who do believe these things, or perhaps don't but pass the laws that entrench them anyhow?
I guess my best suggestion is to take the message where it isn't welcome, while we still have the freedom to do so.
You wrote: "While I certainly respect this blog and the man behind it, as well as all of the ideas and commentary, really we're not doing any more than talking this issue to death. It gets worse with every passing moment in the US, as well as elsewhere, and it's becoming more and more apparent that the discourse, with all of its ominous warnings of a kafkaesque police state looming on the horizon, is really not making much of an impact on the people who actually matter in these situations (the lawmakers)."
The Swedish Piracy Party got into the European parliament not only on filesharing. They are a part of much wider movement in Sweden against these new technologies on surveillance.
If you can not change the lawmakers, become one yourself.
I wonder if any storage requirements might be met by encoding with a random key, then storing the only copy of the key with the data. Or by using "Vanish" - http://vanish.cs.washington.edu/
this isn't a good idea because it would result in closing the safe and to put the key on top of it.
If you want to protect some data that's because it's not "safe" where it is. Say on your laptop and you fear theft. What's the point of encrypting your data if the key is as accessible as the encrypted file? The attack to such a system is:
open the file, wait for the computer to retrieve the key on his own, done. (It's done in constant time, the worst case (or the better case from the cracker's point of view).)
"The Swedish Piracy Party got into the European parliament not only on filesharing. They are a part of much wider movement in Sweden against these new technologies on surveillance."
While _I_ respect the movement, to a point, my original statement stands vis-a-vis the argument remaining on the fringe. I really don't believe the best way to win back our privacy rights, or stop the forward motion of their erosion, is by touting other agendas, especially ones that try to defend piracy or rescind legislation against copyright infringement. Granted, I understand this isn't in their declaration of principles, but the majority of the public see 'Pirate Party' in regards to filesharing and simply think of movie/music/software thieves trying to rid themselves of any wrongdoing after the fact.
The ACLU seems our (US) best hope, but even they stay on the fringe for some reason. We have to take the message of privacy concerns to the public, directly, and subsequently the lawmakers as well, and it needs to be about privacy, security, and nothing else. Ulterior motives in this case would seem to mire the argument's good nature, especially in terms of the 'I have nothing to hide' argument.
If you're a self-proclaimed 'Pirate', it's going to be hard to convince someone who believes that domestic spying is a _good_ thing because they 'have nothing to hide', when the label seems to imply that you yourself _do_ have 'something to hide'.
"If you can not change the lawmakers, become one yourself."
If only it were that simple, but frankly, if the lawmakers need to be extremists to maintain the balance of power between the government and its citizens, then the problem is far too systemic. Which, sadly, I think is the case.
However, I do agree in theory, but sadly a couple of votes in the house and senate doesn't seem as though it's going to stop these things from getting out of hand. Seems to me that the best way is to motivate the public to start thinking about the not-so-far-off ramifications of these types of laws, rather than sitting idly by and deciding that, yes, they are for their own good.
The TSA may be a good example of this type of tactic, as the media seem to be getting more and more critical of the paranoia and lack of common sense, the public may come around and decide enough is enough, to a point that may actually shake the politicos on the hill enough to get them to tone it down. Although that remains to be seen. We can see it as well with the 'War on Drugs', although at a far slower pace. It seems the public is getting a bit more fed up then they used to be with the time and money spent on something that does nothing more than fill our jails with non-violent drug users and put insane amounts of money and power into the hands of, what would've been, nothing more than two-bit thugs.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.