Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (3 page)

BOOK: Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
8.46Mb size Format: txt, pdf, ePub

CALEA applied to VoIP attempts to design the new communications
world so that it satisfies the surveillance capabilities of the old. Objections
to CALEA and the government's warrantless wiretapping have focused on
threats to privacy and civil liberties, and on potential harm to innovation.
There has been an implicit presumption that enabling such surveillance is
good for security. Characterizing such wiretapping as an obvious win for
security is a facile description of a complex problem and like many facile
descriptions, it is wrong. Embedding surveillance capabilities deeply into
communications infrastructures squarely pits surveillance against security,
and may, in fact, endanger us far more than it secures us.

Wiretapping and location tracking will not be easy to implement in
the Internet communications environment. On the surface, the circuitswitched telephone and the packet-switched Internet look alike: the communications networks use the same type of transmission facilities (often
sharing the same cable), often delivering the same type of content
(voice, data).' However, the Internet is a far more complex and diverse
communications network than the telephone. The two have very different
architectures.

Technologists have a snappy way to say this: the telephone network has
dumb "terminals"-telephones-and smart networks while the Internet is
the reverse. The fact is that while there is a great deal of cleverness in the
switches and routers that direct the traffic on the Internet, the "smarts"
are at the endpoints: the computers and applications they support that
have given rise to a powerful new economy in the last decade and a half.
The same "smarts at the edges" have important implications for privacy
and security. The flexibility and dynamism that make possible Internet
innovation also enable the network's vulnerabilities.

At the same time that the FBI was seeking CALEA jurisdiction over
certain types of VoIP, over one hundred Greek government officialsincluding the prime minister-were being wiretapped for ten months by
parties unknown.10 Although this was the cell phone network that was
wiretapped, and not the Internet, the underlying principle is the same. The
danger in CALEA and other efforts to build wiretapping capabilities into
the communications infrastructures is that the surveillance potential we
are building will be turned and used against us.

In the old days, tapping a phone line was not particularly hard; you
simply attached a pair of alligator clips" to the copper wires that constituted the phone line. But the case in Greece did not occur in the old days.
The tapping was neither small in scale (e.g., of a single subscriber), nor did
it occur only for a brief period. Rather the wiretapping went on for almost a year. The ability to eavesdrop undetected for such a long period arose
from the ease of penetration into the communications network. That ease
is the result of changes in communications technology that have occurred
over the last fifty years, changes from electromechanical switching boxes
to computer-mediated routing.

In 1960, in order to make a phone call from New York to London, you
first had to book it, then use an operator to place the call.12 In 2010,
you neither have to book the call in advance nor use the services of any
person employed by the phone company. You don't even need to use a
telephone.

More has changed with communications technology in a half century
than has remained the same. Fifty years ago the United States had a single
long-distance carrier: AT&T. Now it has a plethora of companies providing
such communications services, including cable companies and Internet
service providers (ISPs). Fifty years ago, telephone service was provided
through the Public Switched Telephone Network (PSTN), which assigned
a circuit to each call that lasted for the duration of the call. Now calls can
proceed through a variety of technologies, from POTS (plain old telephone
service, e.g., the PSTN) to a combination Voice over IP (VoIP) and POTS
(where the call is telephone service between the subscribers and the phone
switch but VoIP across the network), to PANS (Pretty Advanced Network
Services) such as is provided by Skype. Fifty years ago telephones were the
"dumb terminals" of figure 1.1; now a telephone may be a cell phone, a
laptop computer, a device that has aspects of both technologies in it (such
as an iPhone), or just the same squat black box that worked in 1960.

The simplicity of dialing 011-44-20-7323-8000 from New York and reaching the British Museum in seconds belies the fact that the technologies
making such a call possible have become increasingly complex. Many technical and policy hurdles had to be overcome to permit such simplicity.

Until the mid-1950s, overseas communications were transmitted by
high-frequency radio; fading, interference, and noise made it essentially
impossible to use automatic switching equipment to transmit the calls.13
The first transatlantic cable was installed in 1956, but this did not in itself
solve the problem. Just as at the beginning different national railroads each
developed their own different-and thus incompatible-gauges for their
tracks,14 so did the national telephone companies develop diverse and
incompatible signaling systems.

For automatic switching to occur, the differences in numbering schemes,
switching and signaling systems, operating procedures, and transmission
criteria had to be made compatible across different national systems.15 Over a period of years, AT&T and the British, French, and West German telephone systems agreed on a signaling system that would be compatible with
the North American and European systems.16 One problem preventing
genuine direct dialing was that installed equipment could not handle the
increased number of digits needed for such a call.17 By 1970 this was fixed
for calls between the United States and the United Kingdom;` international direct dialing from the United States to a number of other nations
followed rather quickly.19

Figure 1.1

The "terminals" of the PSTN. Photo by Neil Immerman.

Other changes were legal ones. In 1968 the Federal Communications
Commission ruled that it was permissible to connect a "Carterfone," essentially a two-way mobile radio, to the PSTN.20 This ended the era when
AT&T was the sole judge of what could be connected to the telephone
network.21 Consumers could use whatever device they wanted to connect
to the phone system so long as the device did not harm the network.22
Innovation resulted. Probably the most profound effect of the Carterfone
decision was on a different network entirely. By allowing the attachment of various devices, including modems, to the telephone network, the Carterfone decision enabled digital communication with the same broad connectivity enjoyed by telephone communication. This included the Internet,
ushering in a new era of communication.23

There is yet a third transformation ongoing as this book is being written,
one that grew out of the other two and has so far occurred without much
public notice: the conjoining of the PSTN and the Internet. The PSTN had
telephones, or "dumb" terminals, as endpoints, while the Internet's endpoints were computers, "smart" terminals. If you consider Skype and the
iPhone, it becomes clear that the PSTN and the Internet are converging.
Computers have become telephones, and telephones, computers. In fact
some of that convergence is happening within the network as well, as
control mechanisms are moving to being based on Internet protocols. This
convergence may be the most revolutionary transformation of all.

The Greek wiretapping case is one example of information security gone
wrong. There is a good chance that the eavesdropping was professionally
done, but even amateurs can easily succeed in the business. Anyone present
at the 2008 trial of a Hollywood detective who had illegally tapped various
celebrities could have learned how to wiretap using less than $50 worth
of easily available electrical equipment.24 It was not even necessary to go
to the trial; Wired magazine's online wiki presented detailed instructions
on telephone tapping.25 The emergence of common switching worldwide
simplifies the ability to wiretap at long distance.

Communications security is simply not easy with modern systems. In
2008 the FBI uncovered a major case of counterfeit Cisco equipment being
imported into the United States from China;26 the fake material included
various forms of network switching equipment .27 This has potentially
serious national-security implications. The hardware had been sold to the
Department of Defense and financial firms, defense contractors, and universities. Investigations showed that fortunately the fake equipment did
not have secret back doors.28 The United States appears to have been
lucky-this time.

In the 1990s, we moved our mail online. A few years later we moved
real-time chatting and conversations online. We moved control of much
of our critical infrastructure online (either onto the Internet or onto private
networks that employ Internet protocols). We have moved much of our
business online. We are poised to move large numbers of our social and
business meetings and collaborations online. In a globalized economy
where "the product" is often not an object but its digital representation,
in some sense, we have moved much of our manufacturing online. We are moving detailed data about our daily lives online as Radio Frequency
Identification (RFID) tags29 and sensor networks become ubiquitous.
Indeed, the Internet is changing from a network supporting millions of
users to one supporting billions and billions of devices.

Technology has changed, and usage patterns have evolved even more.
We have become a mobile society, always on and always connected. Our
communication devices travel with us. It is not unusual for someone to be
carrying a BlackBerry, a cell phone, and a laptop. Communications are
where we are, not where our home or office is. We text from our cell phone
while riding the subway, we send mail from our iPhones while waiting on
a plane, we read our email from our laptops while sitting at a coffeehouse.
Without thinking about it, we communicate our whereabouts a thousand
times a day while using our BlackBerrys, our cell phones, and our laptops,
yet also without thinking about it, we frequently disguise our locationevery time we use a phone card or borrow a friend's cell phone.

Law enforcement's job has become more challenging. When a telephone number determined a location-"this line belongs to that
apartment"-wiretapping was straightforward. Now electronic surveillance
is very different. If the target calls using his own cell phone, he is easy to
track.30 But when the target uses an Internet cafe, an anonymizing service,
or VoIP, tracking in real time who is talking with whom is often not possible. This has created quite a shock for law enforcement.

Of course these advanced communications methods are not the first
time new technologies have created complexities for law enforcement.
From the telegraph to the telephone to the automobile, police have had
to cope with the challenges posed by technical innovations, including
inventions that allow criminals to move with abandon. Criminals and
police officers both benefited from the mobility and connection that
Alexander Graham Bell's device provided-just as both sides benefited
from other forms of modern technology. The major difference for law
enforcement between the new communications technologies and the older
ones is that where the earlier generation of communications technologies
took decades31 before they were widely adopted by society and criminals,32
the widespread adoption of Internet cafes, anonymizing services, and VoIP
is happening in "Internet time." We have experienced a profound change
in societal behavior in a matter of a few years-and sometimes even a
matter of months-not the decades over which such adoption and change
occurred previously.

Exacerbating this has been the fact that this time around the law enforcement community has been slow in adopting the new communications technologies themselves. This has created a serious problem when combating criminal activities-including terrorism-and an equally serious problem
when advising lawmakers about law enforcement legislative needs regarding wiretapping.33 The adage that generals always fight the last war comes
to mind.

Law enforcement is seeking to hold on to the wiretapping capabilities
it had during the era of circuit-switched telephony, capabilities that do not
readily translate into the packet-switched era of Internet communications.
The old paradigms do not easily fit the new technologies. During the
Cold War we had a formidable enemy with vast technological capabilities
of its own and with a population it sought to protect. During our current
war, one that may go on for decades, we are faced with a shadowy
enemy, one that not only has no discernible population base but that
also relishes U.S. attacks on its supposed "base" for the new recruits such
attacks create.

Other books

Kids Is A 4-Letter Word by Stephanie Bond
In the Memorial Room by Janet Frame
Hidden Hideaways by Cindy Bell
Goldsmith's Row by Sheila Bishop
Adam's Peak by Heather Burt
Las suplicantes by Esquilo
War Lord by David Rollins