Bruce Schneier on Building in Surveillance into Internet

Robin Gross robin at IPJUSTICE.ORG
Sat Aug 15 18:04:04 CEST 2009


Begin forwarded message:

> From: katitza at datos-personales.org
> Date: August 15, 2009 7:33:56 AM PDT
> To: irp at lists.internetrightsandprinciples.org
> Subject: [IRP] Building in Surveillance
>
> Building in Surveillance
> Crypto-Gram Newsletter
> Bruce Schneier
> Chief Security Technology Officer, BT
>
> China is the world's most successful Internet censor. While the Great
> Firewall of China isn't perfect, it effectively limits information
> flowing
> in and out of the country. But now the Chinese government is taking
> things
> one step further.
>
> Under a requirement taking effect soon, every computer sold in
> China will
> have to contain the Green Dam Youth Escort software package.
> Ostensibly a
> pornography filter, it is government spyware that will watch every
> citizen
> on the Internet.
>
> Green Dam has many uses. It can police a list of forbidden Web
> sites. It
> can monitor a user's reading habits. It can even enlist the
> computer in
> some massive botnet attack, as part of a hypothetical future cyberwar.
>
> China's actions may be extreme, but they're not unique. Democratic
> governments around the world -- Sweden, Canada and the United
> Kingdom, for
> example -- are rushing to pass laws giving their police new powers of
> Internet surveillance, in many cases requiring communications system
> providers to redesign products and services they sell.
>
> Many are passing data retention laws, forcing companies to keep
> information on their customers. Just recently, the German government
> proposed giving itself the power to censor the Internet.
>
> The United States is no exception. The 1994 CALEA law required phone
> companies to facilitate FBI eavesdropping, and since 2001, the NSA has
> built substantial eavesdropping systems in the United States. The
> government has repeatedly proposed Internet data retention laws,
> allowing
> surveillance into past activities as well as present.
>
> Systems like this invite criminal appropriation and government
> abuse. New
> police powers, enacted to fight terrorism, are already used in
> situations
> of normal crime. Internet surveillance and control will be no
> different.
>
> Official misuses are bad enough, but the unofficial uses worry me
> more.
> Any surveillance and control system must itself be secured. An
> infrastructure conducive to surveillance and control invites
> surveillance
> and control, both by the people you expect and by the people you
> don't.
>
> China's government designed Green Dam for its own use, but it's been
> subverted. Why does anyone think that criminals won't be able to
> use it to
> steal bank account and credit card information, use it to launch other
> attacks, or turn it into a massive spam-sending botnet?
>
> Why does anyone think that only authorized law enforcement will mine
> collected Internet data or eavesdrop on phone and IM conversations?
>
> These risks are not theoretical. After 9/11, the National Security
> Agency
> built a surveillance infrastructure to eavesdrop on telephone calls
> and
> e-mails within the United States.
>
> Although procedural rules stated that only non-Americans and
> international
> phone calls were to be listened to, actual practice didn't always
> match
> those rules. NSA analysts collected more data than they were
> authorized
> to, and used the system to spy on wives, girlfriends, and famous
> people
> such as President Clinton.
>
> But that's not the most serious misuse of a telecommunications
> surveillance infrastructure. In Greece, between June 2004 and March
> 2005,
> someone wiretapped more than 100 cell phones belonging to members
> of the
> Greek government -- the prime minister and the ministers of defense,
> foreign affairs and justice.
>
> Ericsson built this wiretapping capability into Vodafone's
> products, and
> enabled it only for governments that requested it. Greece wasn't
> one of
> those governments, but someone still unknown -- a rival political
> party?
> organized crime? -- figured out how to surreptitiously turn the
> feature
> on.
>
> Researchers have already found security flaws in Green Dam that would
> allow hackers to take over the computers. Of course there are
> additional
> flaws, and criminals are looking for them.
>
> Surveillance infrastructure can be exported, which also aids
> totalitarianism around the world. Western companies like Siemens,
> Nokia,
> and Secure Computing built Iran's surveillance infrastructure. U.S.
> companies helped build China's electronic police state. Twitter's
> anonymity saved the lives of Iranian dissidents -- anonymity that many
> governments want to eliminate.
>
> Every year brings more Internet censorship and control -- not just in
> countries like China and Iran, but in the United States, the United
> Kingdom, Canada and other free countries.
>
> The control movement is egged on by both law enforcement, trying to
> catch
> terrorists, child pornographers and other criminals, and by media
> companies, trying to stop file sharers.
>
> It's bad civic hygiene to build technologies that could someday be
> used to
> facilitate a police state. No matter what the eavesdroppers and
> censors
> say, these systems put us all at greater risk. Communications
> systems that
> have no inherent eavesdropping capabilities are more secure than
> systems
> with those capabilities built in.
>
> http://www.schneier.com/crypto-gram-0908.html
>
> _______________________________________________
> IRP mailing list
> IRP at lists.internetrightsandprinciples.org
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp-
> internetrightsandprinciples.org




IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA  94117  USA
p: +1-415-553-6261    f: +1-415-462-6451
w: http://www.ipjustice.org     e: robin at ipjustice.org



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ncuc.org/pipermail/ncuc-discuss/attachments/20090815/4c20aaf8/attachment.html>


More information about the Ncuc-discuss mailing list