Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (42 page)

Such knowledge about your habits would be exceptionally useful to the
ISPs. Currently when you use a search engine to look up "heartburn remedies" on Google, ads appear for medications, diets, and doctors. The ads
are supplied by Google. But if your ISP were to search the packets as it
transmits the content, there would be no need for the ads to all come from
Google. The service provider could supply some of the ads itself. This scenario is not imaginary; in some cases, such hijacking has already occurred.79

The potential for abuse is enormous, and the risks to privacy cannot be
overstated. As Ohm says, "The New York Times [may] track which articles
we read on its site but has no way of knowing what we do when we visit
the Washington Post."" Google may track your searches, your travel (Google
Maps), and your appointments (Google Calendar), but the company's
ability to do so is limited by the number of different Google services of
which you avail yourself. If you object to Google's privacy policies, you
can choose to use other services. By contrast, your ISP knows everything
you do online. Because most people lack access to multiple ISPs,81 the
ability to hide your activities among different service providers is minimal.
(And, of course, it may be that none of them offer privacy.) A single ISP
will know what you are browsing, what your email says, VoIP, and so on.
In a matter of days, possibly even hours, an ISP using DPI can develop a
remarkably detailed dossier on a person. It has already been said about the ability to amass this amount of information that "the Stasi could only
dream of such data. 1182

Currently wiretap law would appear to make such collection illegal. As
Ohm has noted, there are sections of the law that permit carriers to
examine communications content if that is being done to protect "the
rights and property of the service."" That exception has so far been narrowly construed. However, the dynamics surrounding the protection of
communications content have been changing. Service providers currently
seek to provide the added service-and added charge-of protecting customers from malware; from there it is a small step to monitoring content
in order to do so.

Despite the enormous risks posed by such activity, the FBI continues to
press for such quotidian packet surveillance. In 2008, FBI Director Robert
Mueller testified that

legislation has to be developed that balances, on the one hand, the privacy rights
of the individuals who are receiving the information but, on the other hand, given
the technology, the necessity of having some omnibus search capability utilizing
filters that would identify the illegal activity as it comes through and give us the
ability to preempt that illegal activity where it comes through a choke point, as
opposed to the point where it is diffused on the Internet."

That is, after all, what Einstein 3 does for communications destined for
federal systems (including private communications sent to private email
addresses if those communications are accessed via a federal system). Once
the idea is accepted that communications carriers have the right to examine
communications content for malware, it is not hard to imagine, as Ohm
does, that the next step could be for "providers [to] argue that the service
provided is 'ad-subsidized web surfing.' n85

The risks to privacy would be enormous. These are dwarfed by the risks
to security. Were an ISP to collect this information it would zealously seek
to protect it, for such data are an extremely valuable business asset. Consider the value of these data for the Washington metropolitan area, which
includes thousands of employees of the CIA and FBI, not to mention
members of Congress and their staff, Pentagon employees, and the military
contractors surrounding the city. Or consider the value of such data for
employees of the high-technology firms of Silicon Valley, or for members
of the media. The incentive to misuse the information will be great, the
ability to protect it, poor. How will ISPs guard against insider threats, or
sophisticated attacks from the outside? Recall that 1,500 ISPs in the United
States have fewer than one hundred employees. It is impossible to imagine
that such data can be secured.

The only way for a user to avoid the risks from ubiquitous use of DPI
by the carriers would be to encrypt everything: every web browsing session,
every email communication, every touch to another endpoint. That is not
done now, but it is not unreasonable to expect that email, VoIP, IM, and
other forms of personal communication be routinely encrypted. Indeed,
in the wake of the attacks that occurred in late 2009 and early 2010, Google
started routinely encrypting all Gmail. Skype has always used end-to-end
encryption for its VoIP service. Because the endpoints would have to
encrypt and decrypt, transmission would be slower (more precisely, transmission time within the network would be unaffected but transmission
time to the human user would be slower). A communications network in
which all communications were encrypted would impede the work of law
enforcement and intelligence agencies. Yet in the same way that one locks
one's car and one's house, encryption would become a daily part of Internet communication.

The real issue about ubiquitous DPI would be a necessary reliance on
anonymization tools such as Tor to hide transactional information. Anyone
not using these privacy-preserving, security-protecting tools in the face of
omnipresent DPI usage by communications providers would be endangering themselves, their companies, and anyone with whom they communicated. Looking purely from the vantage point of security, it is difficult to
understand law enforcement's push for the ubiquitous use of DPI. This is
a short-term solution to enable wiretapping with severe long-term negative
consequences for communications security.

9.8 Putting Terrorism in Context

It is important to keep in mind that domestic terrorism is not a new phenomenon. In 1916 a munitions storage depot in New York Harbor was
blown up by German saboteurs, destroying windows in nearby Jersey City,
Manhattan, and Brooklyn. A total of over two million pounds of explosives
were destroyed." A half year later, a shell-assembling plant was completely
destroyed through arson." In 1995 explosives tore apart the Murrah building in Oklahoma City. The attacks on September 11 were physical attacks,
but in some sense, their largest impact was on the American psyche (which
was, of course, the intent). It was made clear that the oceans on either side
of the United States no longer provided security.

With the anthrax attacks occurring on the heels of the attacks on the
World Trade Center and on the Pentagon, it was easy to imagine the world
had suddenly changed. In one sense, it had. The United States discovered it was facing terrorists who would exult in killing thousands, if not millions. In another sense, nothing changed. Tony Judt put the attacks in
context:

Terrorists are nothing new. Even if we exclude assassinations or attempted assassinations of presidents and monarchs and confine ourselves to men and women who
kill random unarmed civilians in pursuit of a political objective, terrorists have been
with us for well over a century.

There have been anarchist terrorists, Russian terrorists, Indian terrorists, Arab terrorists, Basque terrorists, Malay terrorists, Tamil terrorists, and dozens of others
besides. There have been and still are Christian terrorists, Jewish terrorists, and
Muslim terrorists. There were Yugoslav ("partisan") terrorists settling scores in World
War II; Zionist terrorists blowing up Arab marketplaces in Palestine before 1948;
American-financed Irish terrorists in Margaret Thatcher's London; US-armed mujahideen terrorists in 1980s Afghanistan; and so on....

The only thing that has changed in recent years is the unleashing in September
2001 of homicidal terrorism within the United States.88

The response to the attacks was immediate, and in many ways the United
States of September 10 disappeared. The USA PATRIOT Act was passed. The
warrantless wiretapping program started within weeks of the September 11
attacks. CALEA was extended to cases of VoIP. What did not occur was a
serious public discussion on the types of threats the United States faced,
and whether the changes in law enforcement and national security were
appropriate for the most important ones.

An issue rarely mentioned in the terrorism discussion is the frequency
with which natural disasters unfold. In the first decade of the twenty-first
century, the Indian Ocean earthquake tsunami left 283,000 dead, and the
Haitian earthquake, 230,000. Such numbers are not unusual-and dwarf
the numbers of September 11. In 1839, the Indian cyclone was estimated
to leave 300,000 dead, the 1887 Yellow River Flood, 1-2 million, the 1931
Yellow River Flood and the 1970 Bhola cyclone, both with a half million
to a million dead. In considering the security risks of building surveillance
into communications infrastructures, it is time to consider another facet
of the issue: the need for secure communication during times of crisis. I
now turn to that subject.

Four years after the attacks of September 11, Hurricane Katrina made landfall in southeastern Louisiana. A category 5 storm in the Gulf of Mexico
and category 3 by the time it reached the Louisiana coast, Katrina was one
of the strongest hurricanes ever recorded in the Atlantic. The storm was
followed a month later by Rita, another hurricane of surprising strength.
Thousands of deaths and huge financial losses resulted. While the aftermath of the storm caused a major political fallout, the storm had surprisingly little impact on the general public's conception of crises, which
continued to focus on terrorist attacks. Yet historically, natural disastershurricanes, cyclones, earthquakes, and tsunamis-have had far more catastrophic effects than terrorist acts.

They are likely to continue to do so. In the fifteen-year period before
Katrina and Rita, the United States had suffered through a series of highly
damaging hurricanes,' massive flooding in the Midwest in 1993, the Northridge earthquake, which measured 6.7, in 1994, major ice storms in the
Southeast United States in 1994 and in the Northeast United States and
Quebec in 1998,2 and a series of devastating tornadoes and floods in the
south-central and upper Midwest in 1995 and 1997.3 Some of these events
arrived with a warning, if only a partial one (though hurricanes may be
tracked for days, their strength on landfall is not always easy to predict4).
Others, such as earthquakes and tornadoes, may occur with no advance
notice. The United States is, of course, far from unique in suffering from
natural disasters. Many nations have a higher risk from severe earthquakes,
volcanic eruptions, and tropical cyclones.

During natural disasters buildings may be destroyed, roads may be made
impassable, power may be down. From government services to financial
systems to distribution of food and fuel, much critical infrastructure may
be severely disrupted. This is when communications become critical.
Despite the disruption of infrastructure-indeed, because of it-government communication systems need to function during a crisis, and first responders must be able to communicate with one another.

10.1 What Types of Communications Function in Crises?

It is instructive to look at two recent U.S. disasters: the attacks of September
11 and Hurricane Katrina5 and see how communications functioned. In
the case of the terrorist attacks, I consider only the attacks on the World
Trade Center, since communications were not particularly affected by the
other two hijacked planes.

As New York City Mayor Bloomberg said, "[Every bad guy has] a map
of New York City in their pockets." The city is a center for art, theater,
finance, fashion; it is also a major communications hub. When the planes
crashed into the Twin Towers on September 11, they destroyed communications capability. How much functioned despite the destruction varied by
type of network.

The North Tower of the World Trade Center-the first tower to be hitheld many transmission antennas, including those for nearly all of New
York City's television stations and for several radio stations. The South
Tower had several ISP Points-of-Presence (POP); this is where ISP customers
dial in to connect to the network. These ISPs lost their POP connections
to the Internet when the South Tower fell. In addition, some major
fiber-optic channels were destroyed as a result of the fires and general
destruction in the area.' A major switching office, Verizon's West Street
building, was badly damaged during the collapse of World Trade Center
Building 7; the office served three hundred thousand of Manhattan's two
million voice lines.7 A nearby Broad Street central office serving the New
York Stock Exchange was also affected, although not as severely as the
West Street office.

The telephone network began experiencing trouble shortly after the first
plane hit. Overloaded switches in northern New Jersey hindered the
national toll-free calling system just as government officials began using
the GETS system to give their calls priority. Meanwhile within a half hour
of when the first plane hit the North Tower it had become extremely difficult to make calls into or out of New York City, a situation that continued
for some time.'