Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (25 page)

Cloud computing shifts control from the laptop and desktop to the
compute farm. From the point of view of law, cloud computing changes
who has the data (and how accessible it is). Recall the Millers decision: the
Supreme Court ruled that "the Fourth Amendment does not prohibit the
obtaining of information revealed to a third party ... even if the information is revealed on the assumption that it will be used only for a limited
purpose."" Data on a laptop or desktop is subject to the stringent Fourth
Amendment protections against "unreasonable search and seizure;" data
in the cloud currently has lesser protections.

6.3 The Network of Things

Today's Internet connects millions of IP-enabled devices: servers, desktop
computers, laptops, notebooks, BlackBerrys, iPhones, routers, NAT boxes,11
and more. This network is unimaginably huge by the standards of the
DARPA pioneers, but is a fraction of the size the network is likely to be
within a decade. Billions and billions of small, low-powered devices
will soon be connected to the network. These devices will do everything
from noting the passage of a car through a tollbooth to monitoring
the movement of rare species. The devices are of two types: RFID (radiofrequency ID) tags, microchips intended for wireless data transmission; and
sensors, inexpensive devices for measuring physical attributes (such as
temperature, humidity, vibration) with limited computing power and
energy supply.

RFID tags have a computer chip and an antenna; they receive and
respond to radio-frequency queries from a transmitter. Tags are often the
size of a barcode (which they are in the process of replacing). They are able
to hold much more data than a barcode, to the point of being able to
identify a single item instead of a class of items (e.g., a particular can of Coke and not all cans of Coke manufactured at a particular plant on a
particular day), and they do not need a direct line of sight between reader
and device.

Active RFID tags have a power source and can initiate communication
with an RFID reader; passive tags are cheaper and derive power from a
reader's querying signal. Car fobs that unlock a car from a distance are
examples of active RFID tags, while subway cards are examples of passive
ones. Today's tags are used for access to a building or room, for payment
(e.g., such as are used by various gas stations), for inventory tracking and
supply-chain management (following a pallet of lobster tails from a Jacksonville fish supplier to a Wal-Mart freezer12), or even for knowing how
long a plate of sushi has been circulating on a restaurant conveyor belt.13
Anticipated uses include smart appliances, such as washing machines that
can read the RFID tags on clothes and adjust water temperature and agitation according to fabric type, terminals in stores that can read the prices
of full shopping carts and charge the customer's account, and cell phones
that can read an RFID tag on a movie poster and discover showtimes at
the nearest movie theater.14

Neither RFID tags nor sensors are new. The latter, for example, were
used during the Cold War to monitor the movement of Soviet submarines.15 Two things change the situation: the decreasing cost of the technologies and the ability to easily access the data through the Internet.
Much RFID data are accessed locally and does not use the Internet for
transport. Other information, including data that is constantly changing
and frequently updated, will traverse the Internet. Given the nature of their
functionality, in measuring anything from the temperature and humidity
of the soil to bridge movement16 to monitoring activity or heart rate in an
older person, much sensor data are likely to transit the network.

6.4 The Convergence of Telephones and Computers

A telephone was once a fixed object using the PSTN to connect with similar
devices. A computer was also once a large, fixed electromechanical processor that performed complex calculations and used an Ethernet cable to
communicate with other computers (and perhaps a printer). Increasingly
cell phones are digital, with some moving even one step further to an IPbased architecture. Early on the Internet was thought to be too unreliable
for voice,17 but "the explosion of VoIP service in the last four years has put
that myth to rest," as the FCC observed in 2008.18 Telephones and computers are converging in the type of applications they support.

Yet while computers and telephones have, in many ways, become interchangeable, the networks that support them most definitely have not. The
circuit-based PSTN uses a separate signaling channel to communicate
transactional information, while Internet signaling information is conveyed within the same packet as the content. Thus the device convergence-for example, with IP-based telephones-creates complications, at
least for a PSTN system that inherently assumes "phone number equals
location." One is the emergency call system-in the United States this
would be the E911 system-the enhanced 911, or emergency service, that
automatically associates a location with each phone number.19 It is worth
a brief digression into the E911 system to see what these problems are.

Public Safety Answering Points (PSAPs), facilities that receive E911 calls
and refer them to the appropriate emergency services, are spread throughout the nation. Determining the location of the caller can be sticky; such
information is not normally conveyed as part of the call signaling data.
But because the location is needed by the phone company for billing purposes, enough information is transmitted with each call to determine caller
location. The question was how to put things together for E911 services.

For callers using traditional wireline phones, the PSAPs use data transmitted with the call to query a location database.20 This is done automatically, set up so that as the call is being answered at a PSAP, the caller's
location appears on the E911 operator's screen. Cell phones, of course,
present a problem. There is no location database for the phone number.
The phone moves. So cell phone companies provided a workaround.

At the point at which a cell phone call connects to the PSTN, it goes
though a switch (the Mobile Switching Center). If the call is to 911, the call
is assigned a pseudo-number that corresponds to a phone number within
the same sector of the cell site" (the area covered by a cell tower is split
into sectors). That pseudo-phone number is transmitted to the PSAP. When
the PSAP queries the location database for the call location, it uses the
pseudo-number to do so. Complex workarounds as these solutions may be,
they are at least solutions. The situation for interconnected VoIP was more
confounding. This was as much for business reasons as for technical ones.

Like cell phones, VoIP is nomadic, and there were numerous instances
where callers used VoIP to reach E911 only to discover that the emergency
service had no idea of the caller's location.22 But while cell phones could
make use of telephone-company facilities to handle changing locations,
VoIP is owned by competitors to the telephone companies, which saw a
way to disrupt VoIP. Congress intervened. Under a law passed in 2008, the
telephone companies are required to offer VoIP providers the same rights to interconnect with E911 services that they do for providers of cell
service.23

6.5 Bugging Everywhere

Cell phones can act not only as location beacons but also as wiretaps-and
have been used that way. In an investigation of the Genovese organized
crime family, law enforcement interception of conversations in sixteen
restaurants, cars, an auto store, an insurance office, a jewelry store, a boat,
and even on public streets occurred through a cell phone that had been
modified to intercept and transmit conversations within its range regardless
of whether it had been turned on.24

Our cell phones are not the only modern tools that can be used to
wiretap us: our cars can be programmed to do the same thing. Want to
know the nearest pizza place or fancy French restaurant? Want alternate
directions because there is a traffic jam? Through a combination of GPS
and cellular technology, some automobile manufacturers offer a high-end
in-car communications service giving 24/7 access for navigation, roadside
assistance, and emergencies. In addition, if the car is reported stolen, the
automobile company can, at the car owner's request, activate the "stolen
recovery mode." The car's communication system will be turned into a
roving bug, transmitting all sounds made within the car. This will continue
until the car engine is shut off or cellular reception ends.

The FBI wanted this on-board system to be used as a wiretap; the automobile company claimed that doing the FBI's surveillance would disrupt
the car's communication system. This was indeed correct, because the
only function that would still work would be the emergency button, and
even that would not function as advertised. The court ruled for the car
manufacturer.25

The ruling turned on the thinnest of threads: the wiretapping, as proposed by the FBI, would disrupt the car's communication channel, and
federal wiretap law says that wiretaps should function with a "minimum
of interference."" If the car's communication system had been designed
in a way in which such surveillance would not disrupt it, it could have
been used as a wiretap.

Cell phones and cars can now wiretap us; what will be next?

6.6 Deep Packet Inspection

Our ISPs are also well prepared to wiretap us. To keep traffic flowing, a
user's ISP has to know with whom, at least in terms of IP address, the user is communicating, but rather suddenly the intrusiveness jumped several
levels. The technique is called deep packet inspection (DPI), and it involves
studying not just IP headers, but actual packet content. DPI is just packet
filtering by a firewall, but much more intrusive packet filtering than existed
when firewalls were introduced. Traditionally firewalls simply examined
packet headers, which have a fixed format and always appear in the same
location in a packet. Despite the fact that the firewall filtering must be
done in real time, the task is relatively easy to accomplish: the checks are
simply whether the source or destination address matches particular
addresses and/or which IP ports are being accessed. (A port number identifies which service on a system a packet is being directed to. For example,
port 80 means this is an http request and port 25 is for email using the
SMTP protocol.) The work for DPI is harder: the format and location of
content in the packet payload are more variable. That makes DPI more
difficult and more costly in time taken to accomplish. That is much of the
reason why DPI was not possible until recently. Two uses made it come to
public attention.

In 2008 Charter Communications, the fourth largest cable company
in the United States, wanted to use DPI to provide users with targeted ads.
An online advertising company, Nebuad, would place hardware doing
deep packet inspection on Charter's ISP servers, then use that information
to analyze where the customer was browsing, then target ads to Charter's
customers (so if the sites were about Barcelona and Seville, and the
originating address was in Texas, the ads might include flights from
Dallas to Madrid). Public outcry, including some objections by Congress,
canceled this plan,27 but in the United Kingdom the ad company Phorm
(www.phorm.com) forged a deal with British Telecom (BT), which serves
millions of users, to serve up targeted advertising. As with Charter Communications, once this arrangement became known, public response
scuttled the effort.

Meanwhile DPI can help manage traffic flow over the network. This is of
great interest to ISPs. If all Internet traffic were text, the network has grown
sufficiently that there is bandwidth for everything to hum along quite
nicely. But Internet traffic has increasingly involved such data-rich applications as voice and streaming video. Not only are these quite demanding of
bandwidth, these types of communications do not function well if subject
to delays. One way carriers seek to solve the problem is by examining packets
and determining traffic priorities; DPI would allow the carriers to do so.

Reality is actually both more complex and simpler. The more complex
part is that this situation has already arisen. It occurred with an application
that a cable company did not want to support on its system. Comcast objected to customers running BitTorrent, the peer-to-peer file-sharing
program. After some curious problems that Comcast customers had with
running the program, the Associated Press found that Comcast was interfering with customer use of peer-to-peer applications.28 Subsequently three
researchers at the Electronic Frontier Foundation discovered that Comcast
was inspecting customer packets. Every time a Comcast customer and a
BitTorrent host were about to initialize a TCP connection, Comcast would
send a forged packet appearing to be from the BitTorrent host resetting
the connection.29 The TCP handshake could not occur and the connection
could not happen. This prevented BitTorrent from working on the Comcast
network and broke the Internet end-to-end delivery model in which
systems in the center of the network are supposed to transfer packets
without reading, modifying, or in any way touching the packet content.
The company's behavior also demonstrated that there was no privacy or
freedom of communication for Comcast users.

It is difficult to imagine the analogous situation occurring in the PSTN,
where this type of intrusion is eavesdropping. While the telephone companies do occasionally listen in to calls for quality-control purposes, they
do not discriminate depending on whether one is sending a fax or talking
over the phone line.30 That AT&T or Verizon might provide differential
service on such a basis is not only not credible; it is illegal. It is not illegal,
however, to discriminate on the basis of content of SMS messages and in
2007, Verizon Wireless did exactly that, blocking Naral Pro-Choice America
from using a five-digit "short code" for its supporters to receive text messages from the organization; the company later changed its stance.31 The
FCC concluded that Comcast's actions were not "reasonable network managementi32 and ordered the company to halt such behavior.33