Schneier on Security
A blog covering security and security technology.
« Abolish the Department of Homeland Security |
| Recovering a Hacked Gmail Account »
January 13, 2012
"Going Dark" vs. a "Golden Age of Surveillance"
It's a policy debate that's been going on since the crypto wars of the early 1990s. The FBI, NSA, and other agencies continue to claim they're losing their ability to engage in surveillance: that it's "going dark." Whether the cause of the problem is encrypted e-mail, digital telephony, or Skype, the bad guys use it to communicate, so we need to pass laws like CALEA to force these services to be made insecure, so that the government can eavesdrop.
The counter-argument is the "Golden Age of Surveillance" -- that the massive increase of online data and Internet communications systems gives the government a far greater ability to eavesdrop on our lives. They can get your e-mail from Google, regardless of whether you use encryption. They can install an eavesdropping program on your computer, regardless of whether you use Skype. They can monitor your Facebook conversations, and learn thing that just weren't online a decade ago. Today we all carry devices that tract our locations 24/7: our cell phones.
In this essay, CDT fellows (and law professors) challenge the "going dark" metaphor and make the case for "the golden age of surveillance." Yes, wiretapping is harder; but so many other types of surveillance are easier.
A simple test can help the reader decide between the "going dark" and "golden age of surveillance" hypotheses. Suppose the agencies had a choice of a 1990-era package or a 2011-era package. The first package would include the wiretap authorities as they existed pre-encryption, but would lack the new techniques for location tracking, confederate identification, access to multiple databases, and data mining. The second package would match current capabilities: some encryption-related obstacles, but increased use of wiretaps, as well as the capabilities for location tracking, confederate tracking and data mining. The second package is clearly superior -- the new surveillance tools assist a vast range of investigations, whereas wiretaps apply only to a small subset of key investigations. The new tools are used far more frequently and provide granular data to assist investigators.
A longer and more detailed version of the same argument can be found in "Encryption and Globalization," forthcoming in the Columbia Science and Technology Law Review.
In a related story, there's a relatively new WikiLeaks data dump of documents related to government surveillance products.
Posted on January 13, 2012 at 6:58 AM
• 20 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
One might remark that this Golden Age of Surveillance is due to increased network capabilities and de-centralization i.e. more and more personal data being stored on the cloud.
Perhaps they can outsource to WikiLeaks or Anonymous. They seem to be doing just fine "in the dark".
The long and short of it is that low level criminals are much easier to catch, while high level organized criminals are marginally harder. It doesn't help the government's "going dark" argument that their own security controls are so poor.
The whole point of what these agencies are upto has little to do with access and very much more to do with automation.
If things are automated no blaim is attached to their use. For instance take the TSA scanners, they actually find a lot less than there is to find, and when they produce a false positive and you get dragged away for the third degree, it's not the TSA's fault, they were just "following proceadures" based on an automated indication.
Thus "no blaim no claim"...
Traditional surveillance has always been manpower heavy, thus the "power of the state" was too an extent balanced and the state could not abuse the people on mass.
However in recent years the level of automation available has destroyed this balance, as with cell phones, new cars can be tracked in real time, and the backend to most payment systems such as credit cards can be searched in real time.
Soon when a crime is commited every ordinary person within however big a radius you want to make can be identified. This effectivly diminishes your right of silence.
However this automated surveillance realy only applies to ordinary people going about their ordinary everyday lives.
In the UK in May 2001 the Hamiltons (ex politico Neil and his wife Christine) were accused of kidnapping and sexually assulting a woman in the a flat. The alegations were made in the press with the assistance of Max Clifford. The Hamiltons were arrested by the police, and it was only after they obtained and used there cell phone location information it was accepted that they were not involved. the police finaly got around to doing their job properly and found out their accusor was not telling the truth (and was subsiquently convicted of perverting the course of justice).
Around that time there were other news worthy incidents where mobile phone location data was used as evidence.
The smarter criminals immediatly realised that there was a significant advantage to be gained from this.
For some time in London we have had the Oyster Card that enables peoples journies to be tracked very easily, street wise individuals swap their cards etc around with their phone laying down false trails etc.
It is interesting to note that in the recent London riots the hard core "streetwise criminals" were untracable via CCTV, cell phone or other data, whilst the non streetwise people were quickly rounded up and given long sentances. The Met Police and UK Government have said little or nothing about the automated processes they used.
Thus this "technical ability" will enable the police to accuse ordinary people who will find it difficult if not impossible to defend themselves (no right to silence in the UK any more). Whilst the technicaly savey criminalls will in effect be even safer than they were before.
At the end of the day only good old fashioned policing with all it's checks and balances is even close to providing balance for the ordinary individual.
If we might stretch the analogy a bit: brighter lights tend to cast higher contrast shadows.
"Mass Surveillance Contractors"
It would not surprise me if one day it would come out that The Gov had received more than the advertized share of data from companies like FrankenBook and Google.
Is there really a dichotomy here? It sounds reasonable that both would be true.
It has become easier to snoop on ordinary people going about the daily business.
But at the same time people who are strongly determined to hide some particular subset of their communications from prying eyes, and are willing to spend some effort on it, now have easier and more widespread access to better tools for secret-keeping than they had 20 years ago.
So a lot of "secrets" have been easier for the agencies to come by, but the small subset of secrets they actually need to get at to do their job have become harder to gain. This is only a paradox if one thinks the development ought to move the same way everywhere.
In the US, I would have to agree we are entering a "golden age of surveillance," but not (just) for the technical reasons mentioned in the article.
Rather, it used to be against the law in almost all cases to perform wiretaps without a warrant, but now warrantless wiretapping is commonplace. It used to be that companies that helped government agencies perform perform wiretaps without a warrant would be held liable for violating the law, but now there are explicit laws holding these companies harmless for breaking wiretap laws.
What good is to have a great constitution when the very agencies charged with upholding it are violating it willy-nilly in the name of making us safer?
@Clive Robinson - a bigger concern is how much of this surveillance data flows into 'general background' on individuals.
If the police want to charge you for the riots there is a court case and evidence. If instead they logged your phone in the area at the time - there is just a record of a suspicion against you which you never know about it and never get to challenge.
But suppose you were near a bombing and you are Muslim, and you (or your phone) happened to travel on the same train as somebody who is wanted. Now you are suddenly on a no-fly list and get turned down for jobs where they do a background check with the police.
Pretty soon everybody is guilty by association by six degrees.
Has all this automated "spying" made the three-lettered agencies lazy?
Instead of putting a man in a trench coat on a street corner, watching somebody enter the liquor store, they just sit back in their offices and mine the suspects credit card transactions, and his cell phone location.
For the technologically savvy person, they might be wise enough to leave their cell phone at home that day, and use cash when making that purchase at the liquor store.
So in a sense, people who are willing to trade a little convenience for a little more privacy will stay off the records a little more, while the unaware person might not.
"Pretty soon everybody is guilty by association..."
Which is the ultimate goal of some. If the masses are afraid of something they unwittingly did, they are less likely to create a fuss when those in power choose to do something untoward.
A better question than "Can we still do surveillance?" would be "Can we still do surveillance on the people we need to?"
As far as "high-level," sophisticated criminals go, the answer would be probably not. Encryption that is, for the most part, unbreakable is available to pretty much everybody nowadays, and with a little attention to procedure two people could communicate completely securely with minimal risk.
The "low-level" criminals are usually caught with (for lack of a better term) "low-level" investigation techniques.
Of course, all the surveillance in the world is never going to help until people start to at least get a basic concept of security drilled into their heads.
Hey, with a book coming out, maybe find a way to get an interview on The Daily Show. As irreverent as it is sometimes, there's some good core messages with some of the guests.
It looks like one of the last inhibitors on automated mass surveillance will soon bee gone.
What many don't realise (but the criminals do) is that most of tthe current DB matching, is not to the "individual" but "tokens held by the individual".
That is the assumption is you are your phone / travel pass / credit card / etc, which if you think about it is as daft as saying you are the red hoodie, charcoal grey jeans and swosh trainers of traditional police work.
The reasons cloathing works with traditional police work is generaly one of a time issue, and one of direct physical and testable traceability. That is if you are picked up five minutes after the crime dressed in the clothing you probably are the person the police are looking for, they can then find fibres from the red hoodie or other clothing at the crime scene tying the hoodie to the crime then the suspects DNA inside the hoodie to tie the suspect to the hoodie to place the suspect actually at the scene.
In most cases the technology solutions are "information based" not "physicaly based" and thus are not directly "physicaly testable" traceable to the scene.
That is your modile phone may well have been within 50meter's of a crime but unless you were using it as a physical tool of some sort during the crime it leaves no physical evidence to show a chain of evidence back to an individual. Oh and handing over a mobile phone and a wallet full of cards can be done in just seconds...
However it appears that facial recognition is now within a couple of years of uniquely identifing individuals as the walk by a camera,
If this is then tied to an RFID reader for your contactless ID card or credit card etc then although it is still just information most people would (mistakenly) think it was the equivalent of physical evidence.
To paraphrase the NRA: "When [insert appropriate comm-tech crypt0] is outlawed, only outlaws will have ...
If the judges interpreting our constitution were honorable, the default would be that any use of new tech or methods is a search requiring a warrant.
"Suppose the agencies had a choice of a 1990-era package or a 2011-era package. The first package would include the wiretap authorities as they existed pre-encryption, but would lack the new techniques for location tracking, confederate identification, access to multiple databases, and data mining. "
I worked in technical support for a police agency in the early 1990s, and I have to say that these learned gentlemen have no clue whatever about the techniques and conditions of investigations "back then."
We had location tracking -- although it was expensive enough that it was always targetted. We had access to multiple databases. We had powerful algorithms for confederate identification and data mining; in fact I have reason to believe that software for this purpose was available to criminal intelligence analysts by the mid-1980s at the latest.
(We also occasionally came across encryption as an obstacle to investigation, but it was rarely done well. More of a speed bump than road block.)
All those sorts of tools are now much more readily available, and so are routinely used by crooks and unethical businesses to spy on ordinary folks going about their daily business. What has "gone dark" is the ability to use those techniques against the serious bad guys: organised crime and corporate crooks.
Do a story on THIS worldwide Linux radio BACKDOOR, does Windows have it, too?
Tails (LiveCD) is crap, and I'm being nice here. Bloated, contains HAMRADIO and PACKET RADIO modules which no one in their right mind would use on a distro aimed at Tor use, I don't even believe 1% of Linux users use them, yet they're generated right there in the directories. Google about ham radio / packet radio modules and their use over wireless devices, ethernet, and sound cards, there's some serious shady actions going on I can tell you from my observations with different distributions and these driver modules being rolled into them on many distributions of Linux.
The first agenda on your boot-to-Linux distribution is to check for these likely SPOOK friendly modules, generated in these two directories on Ubuntu, Debian, and some other distributions. First, DELETE all of your kernel headers and compiling tools so the SPOOKS can't reload them, install ARPWATCH and watch for ARP and DNS poisoning.
Now look for these modules and DELETE THEM with sudo or su depending on your distro: (kernelversion below should be replaced by your kernel version, you can just hit TAB once you're in /lib/modules since there should only be one kernel on your drive)
^ in that directory if you don't use bluetooth, delete everything in bluetooth dir
^ while you're there, locate the following directories and delete the contents:
directory names: can, ax25, x25, rose, netrom, ipx, appletalk
delete the subdirectories, too
run the killall command with sudo to stop bluetoothd and the bluetooth applet if you don't use them (I wouldn't!), and check lsmod | grep bluetooth, it's running and you should disable it, so when you type sudo rmmod bluetooth it'll say two other processes are using it, rmmod both of them, one of them is rfcomm, then remove bluetooth.
now venture into:
^ in this directory, if you don't use bluetooth, delete everything in bluetooth dir
^ locate the following directories and delete the contents:
directory names: can, ax25, x25, rose, netrom, ipx, appletalk
ALSO: in one of the above top dirs, you'll find a HAMRADIO directory, delete everything inside. Some of these modules are blacklisted in a blacklist rare conf file, but this DOES NOT prevent them from being loaded, especially by SPOOKS/hacker slime.
If you're on a LiveCD install, don't bother removing them it's futile because the CD itself contains the headers and modules which the BACKDOOR BANDITS which control the airwaves can REINSTALL.
To get information on these modules, type modinfo and the module name, for example, you're in an ax25 directory, type modinfo ax25 and it will tell you more about the module, but many modules don't say anything, which leads me to believe there's more PACKET RADIO/HAMRADIO spyware located within these modules apart from the ones I've mentioned. There's no earthly good reason for these modules to exist, nor kernel headers, on a Linux distro vanilla install, ESPECIALLY NOT ON TAILS which should be geared towards the support of PRIVACY.
And why does my cd-rom drive light flash like crazy when I'm sitting at the Tails desktop with no programs running aside from the default? Why is it so bloated, why so many applications? LESS IS MORE! I recommend everyone NOT use Tails. I couldn't believe my eyes when I saw CUPS daemon was loaded, on a security distro LiveCD? Pllllease...
People, if you want to make a CD geared towards privacy, cut down the apps to only those required, let the users decide if they want to add potentially buggy packages which may affect their privacy and security and for Buddha's sake, GET RID OF THE HAM RADIO/PACKET RADIO modules! Do you REALLY believe anyone is using any of these modules with Tor? If you do I have a bag of magic beans to tell you. And what the heck is CAN? A protocol for BANKS? You can't tell me this is something you need on such a CD.
You folks need to strip your distro down to the bare basics and start over, what you have, in my opinion, is a bloated messy .iso of junk, thrown together without serious thought to privacy and security of end users, with Tor just happening to be included.
Keep tabs on the activity of your system with snapshots and a simple command:
sudo find /usr/bin -mtime -60
(60 equals 60 minutes)
Turn your system on, boot from Tails or any other LiveCD and wait for a day, maybe two, maybe three, and issue that command to discover files having been modified and secured against virus scanning with various tools. It's a field day for LiveCDs which include kernel headers, ham/packet radio modules, and applications which are likely to contain bugs.
When you discuss this on-line, which I see little discussion of, or any serious security matter involving Linux, the SPOOKS, shills, or the unintelligent will label you a conspiracy nut, ask you why are you so paranoid, lock the thread, shuffle the thread (sock puppet users posting quickly to other threads so move yours down to become buried and unnoticed), move the thread (usually to an area of the board which is neglected by the public or where the public has no read/write access to threads), and/or delete your user account and your posts.
Have you proof that hamradio is bugged or is it just a hunch?
Don't expect anyone to listen to fairy tales -- present verifiable evidence!
While I do understand the point about removing everything unnecessary, what's the big dangers about those Linux modules?
Of course the Feds are going to say surveillance is getting tougher; how else do you justify constantly bigger budgets unless you can convince people it is harder (and more costly) to do your job?
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.