Read Surveillance or Security?: The Risks Posed by New Wiretapping Technologies Online
Authors: Susan Landau
This is not to say that terrorist groups or drug dealers will actually
advertise their "friends" on a Facebook page. What this result actually
shows is that exposing limited amounts of personal data can turn out to
be quite revealing. A Cambridge University researcher, Shishir Nagaraja,
who looked at the email traffic data from 1,700 university users (researchers, graduate students, and staff), studied how many nodes have to be fully
surveilled in order to infer the behavior of a large segment of the network.
Confirming earlier, related research, Nagaraja showed that if 8 percent of
the nodes in a network were spied on, investigators could determine the
communications "circle" of 45 percent of the users, while if the traffic of
28 percent of the users was known, then investigators could determine the
behavior of fully 95 percent of the users.66
What these results do not mean is that searching for unusual communications networks can be used to readily reveal terrorist groups in our midst.
The reason is simple. In the military, patterns of communications disclose
levels of activity (activity increases before battle) and organizational structure. In the civilian world, a small group of people communicating only
among themselves could be a terrorist cell or a drug dealer's crew. Or they
could easily be a group of people planning a new business venture or rock
band. Probability tells us that they are much more likely to be the latter.
On the other hand, following the communications connections of
a person of interest to other possible suspects can help crack cases. On
July 7, 2005, three London Underground trains and one London bus were
bombed, resulting in fifty-six deaths and hundreds of injuries. There were
other attempted bombings on July 21; those attacks did not succeed.
Retained data helped police track one of the suspects. Using a false passport,
the suspect, Hussain Osman, quickly fled to Rome. From earlier investigations, police knew the number of one of his friends and monitored communications on that line. Italian police discovered that the phone was
being used by Osman himself, who was captured shortly afterward.67
This success story was not a case of data retention: at the time of the
failed bombings, Osman was already a person of interest to the police. He
was in police files because in 2004 he had taken part in a camping trip
that had attracted police attention.68 The friend's number was known
previously to law enforcement. This was also not a case where the criminal
was uncovered because his communications patterns "looked interesting."
In the absence of other information-for example, presence at a camping
trip with military exercises-an unusual communications pattern is far
more likely to be a red herring than an indicator of nefarious activity. What
is true is that link analysis is extremely useful. This is no surprise; pursuing
such connections has been the approach followed by detectives and law
enforcement since the beginning of such professions. The ability to do so
quickly and easily, a result of legal changes and the ease of accessing customer calling records, explains why use of NSLs for obtaining these records
has exploded in recent years.
6.10 Tools for Anonymization
The famous 1993 New Yorker cartoon "On the Internet, no one knows
you're a dog" may be true, but the network makes it easy to trace your
online behavior. 69 Actions that are anonymous (at least if transactions are
done in cash) in the offline world-purchasing a book on Osama bin
Laden, viewing materials on sexually transmitted diseases-leave traces
when done in the online world. As one corporate executive said in 1999,
"You have zero privacy anyway. Get over it.i70 In the 1980s David Chaum
proposed several systems for providing anonymity to users, including
anonymous digital cash systems and anonymizing communications
systems. The latter has the contradictory property that messages transit
from sender to receiver but eavesdropping intermediaries are unable to
determine who is communicating with whom. The technology behind this
combines public-key encryption, go-between "mix" servers that permute
the order of messages, and batching the communications. The ensuing
confusion means that an eavesdropper is perplexed as to which message
is going where.71 This technology has been used in various anonymous
remailer systems.
In the 1990s a different approach to anonymous communication
emerged. Tor (which stands for "The onion routing")72 is focused on
making it hard to determine who is communicating with whom unless
you can watch all endpoints of the network at once. There are two parts
to Tor technology: a "proxy" Tor client that determines a route for the communication and a large set of Tor nodes in the network through which
the communication travels. When an application (a web browser, Instant
Messaging, Internet Relay Chat) connects using the Tor network, the first
thing that occurs is that a path is built using a subset of the Tor nodes
chosen by the Tor client over which the application's messages travel. Then
the communication is encrypted using the keys created for that path.
Each Tor node decrypts the message using its key for that path and then
passes the communication to the next Tor node in that communication's
Tor path. Paths are torn down once the application using it is done.73 Each
node knows where a communication has immediately come from and
where it is immediately going, but no node sees both source and destination. Only the client proxy that determined the route knows these. Such
decentralized control is appropriate; it protects privacy.
Work on onion routing started in the Naval Research Laboratory in
1995. It may seem odd that this was a DoD effort. On reflection, this makes
perfect sense. Members of the military are often stationed overseas in situations where it is better that their affiliation not be known. When they
need to hide who they are communicating with-for example, with Norfolk
or another Navy post-using Tor is a way to do so. This is not a theoretical
argument. A group in the U.S. Navy periodically based in the Mideast over
the last decade needed to make their Internet communications anonymous; otherwise they risked giving away their cover if it was noticed that
they were communicating with a gov or mil site (this could be noticed
by an eavesdropping local ISP). Using Tor, there would be no way for an
eavesdropper to tell where the communications were going, not even to
which country.
The military is not the only set of government users of this anonymizing software; law-enforcement investigators have found Tor useful for
surveilling certain chat rooms and websites. This can be done without
leaving IP addresses traceable back to government offices. For good reason,
the law enforcement and military units that use Tor do not publicize it.
In the early years of its distribution, that made Tor usage a bit dicey:
was it simply a way to hide the distribution of pornography? There was
some of that, but there was much more, as evidenced by the fact that
a number of different agencies in DoD have helped support the tool's
development.
That leads to the natural question of why DoD might release a generalpurpose anonymizer for Internet communications rather than limit usage
of the tool to military personnel. That answer is simple: "anonymity loves
company."" The more diversity of users an anonymizing system has, the more anonymous its users become. Thus opening up Tor to the general
public helps the military protect the anonymity of its communications.
The network has been in public use since October 2003. In February 2010
it had 1,500 servers, with the number having steadily increased over the
previous five years.75 The network's users include reporters,76 whistleblowers,
labor organizers, bloggers whose companies might not appreciate their
employees' writings, military and law enforcement personnel, businesses
(to enable them to find out information they might not want the competition to discover they are seeking), and IT professionals troubleshooting
their system"-in short, Tor is a tool employed by people who want to
communicate without revealing to potential eavesdroppers with whom
their conversation is occurring. As for the number of Tor users, that information is not easy to estimate, not even for its developers.
Tor is essentially the only widely used general-purpose tool for anonymizing Internet communications. Open proxy servers, servers that act as
intermediary access points to the Internet and effectively hide network
addresses, provide some circumvention capabilities. These do not, however,
provide anonymity in the rigorous way that Tor does.
At the beginning of the millennium Tor appeared to be a tool for privacy
aficionados, Chinese dissidents, and CIA agents. A decade later, anonymizing engines have become more widely deployed across a much greater
swath of society.
6.11 It's Not a U.S. Network Anymore
In 1965 packet networks were a twinkle in the eye of some engineers. In
1975 they were a DARPA project. In 1985 the NSF began its own Internet
connecting supercomputing sites; within four years, hosts in Australia,
Germany, Israel, Japan, Mexico, New Zealand, and the United Kingdom
had joined the network. In 1995 the Internet was a public network, open
to commercial enterprises.
In 1985 most of the network expertise was in the United States; the
breakthrough of easy hypertext linking and a browser, though, was due to
a British physicist, Tim Berners-Lee, and came from a nuclear laboratory
on the French-Swiss border. In 1995 the World Wide Web Consortium
(W3C) was formed, with offices in the United States, France, and Japan.
The Internet had become an international effort.
Governance was slowly shifting that way too. Despite the name, the
Internet, of course, is not a thing; it is a collection of interconnected
autonomous networks without a central governing authority. For many years the Internet Engineering Task Force (IETF), a group of governmentfunded researchers, developed the Internet standards. In the early 1990s,
the IETF became part of a newly formed organization, the Internet Society,
an international nonprofit guiding the network's development. With the
Internet being a collection of self-governing networks, naming is an important issue and much control of the network resides in determining who
the name registrars might be. Here the U.S. government appeared, at least
at first, to be less willing to cede decision-making power.
In 1998 the U.S. National Telecommunications and Information Administration proposed private administration of the Internet name space and
created a nonprofit organization, the Internet Corporation for Assigned
Names and Numbers (ICANN), which existed under an agreement with the
U.S. Department of Commerce. The fact that ICANN was not independent
of the U.S. government raised concerns. With the exception of objections
to a top-level domain of xxx for adult sites," the United States has largely
kept a hands-off attitude toward ICANN; worries about excessive U.S.
authority dissipated. Yet as the power and importance of the network have
become apparent, other governments have sought greater control of the
network and, in particular, of the root zone (recall the issues of DNSSEC
and signing the root zone). There has also been pressure for control of the
network by other international organizations, including the International
Telecommunications Union, a United Nations agency that develops telecommunication standards, including the interface between the Interment
and the PSTN.
As of 2009, the eight most popular websites on the Internet are American-Google, Facebook, Yahoo!, YouTube, Windows Live, Wikipedia,
Blogger, and Microsoft Network-but Baidu.com, the leading Chinese
search engine, is ninth, and Yahoo.co.jp, the Japanese version of Yahoo, is
tenth.79 Yet the U.S. hegemony of the network, remarkable in its exclusivity
in 1993, is ebbing. English remains the most popular language for web
pages, with 338 million people online,80 but China leads the world in terms
of actual users. While the Internet of 1985 was an American engineers'
network, the Internet of today is not really either anymore. The governance
of the network will undoubtedly change to reflect this new reality.
6.12 Coda: Changes in Law Enforcement Practice
Though it was working hard to keep surveillance techniques concurrent
with changing communications technologies, internally FBI communications infrastructure was way behind. Unbelievable as it may sound, in 2003 the FBI could not perform fundamental searches of their own files,81 and
experience with wireless communications in the work environment was
still limited to senior staff.82 In 2004 FBI agents and intelligence analysts
still did not have routine access to the Internet.83 The reasons for such
backwardness ranged from a culture that promoted secrecy to technology
that "air gapped" computer systems between the different U.S. intelligence
agencies, often making it impossible for analysts at the different agencies
to communicate by any means other than phone and hand courier.84
In 2005 the director of national intelligence, John Negroponte, tackled
the problem. Air Force Major General Dale Meyrrose was made chief information officer for the director of national intelligence, a newly created
position. He took an important step: from then on, the agencies would
buy off-the-shelf interoperable software instead of customized systems.85
This small change enabled the different agencies to communicate electronically. Meanwhile, on the suggestion of a CIA chief technology officer,
the agencies started Intellipedia, an intelligence-community informationsharing site modeled on Wikipedia. Any agent with a classified clearance
could read or contribute information to the site; the idea was to enable
analysts with disparate information to be in a position to "connect the
dots" (something that was sorely missed for the September 11 hijackers).
The FBI joined the online world, using tools that everyone else had been
taking for granted: databases, the DNS Whols, VoIP, encryption, and
Google. This was a seismic shift from a few years earlier.86 While the U.S.
intelligence agencies may not have moved Quantico and Langley (these
are respectively the FBI research and training center and CIA headquarters)
to Silicon Valley, they appear to have substantially improved the agencies'
ability to use network tools and capabilities to their advantage-even
though the dots were certainly not connected in the 2009 case of Umar
Farouk Abdulmutallab, who tried to blow up a plane on Christmas Day
2009 using explosives he brought on board.81