Read Surveillance or Security?: The Risks Posed by New Wiretapping Technologies Online
Authors: Susan Landau
When wiretapping is built into a communications infrastructure, all it
takes to invoke surveillance against society is an insider misappropriating
the technology; an outsider, including a foreign government, gaining
unauthorized access and turning a switch; or a government invoking emergency powers and vastly expanding its reach.' The analysis concluding that
the President's Surveillance Program was legal was done by a single attorney.' This experience, along with the Athens affair and the FBI misuse of
exigent letters, clearly demonstrates that when surveillance mechanisms
are easy to turn on, the chance of misuse is high.
Georgetown University law professor David Cole wrote that "the genius
behind the Constitution is precisely the recognition that 'pragmatic' costbenefit decisions will often appear in the short term to favor actions that
may turn out in the long term to be contrary to our own best principles."'
The founders sought to build a government that would act carefully and
deliberately. They wanted to insulate the system from the potential that
short-term decisions made in the heat of an "emergency" might limit
freedom and justice, perhaps for the long term.' The checks and balances
built into the U.S. form of government usually work to delay hasty action.
This is not to say that during previous times of stress, the government has
not acted against the rights of the people; such actions have included the
1798 Alien and Sedition Acts,7 the suspension of habeas corpus during the
Civil War, and the internment of Japanese-American citizens during World
War II. The U.S. form of government was deliberately designed to slow
such processes down; such a slowdown could cool the heat of the moment
and sometimes prevent some of these actions from occurring.
It is easy to imagine that communications surveillance is imperative to
the nation's security, but in fact, there is no right more important to democracy than the right of the public to communicate securely. Secure communication underlies freedom and the nation's and the people's security.
There are some who argue that the threat of catastrophic terrorism
has changed everything.' So it also seemed to the United States during
the Civil War, again with the development of modern warfare at the
beginning of the last century, and when the Soviet Union acquired
nuclear weapons. Building surveillance capabilities into communications
infrastructure exposes our society to long-term risks. To establish justice,
maintain domestic tranquility, and provide for the common defense, we
must ensure that our communications are secure.
Preface
1. (p. xii) Angela Sasse, "Not Seeing the Crime for the Cameras," Communications
of the ACM 53, no. 2 (February 2010): 22-25.
Acknowledgments
1. (p. xvi) John McPhee, "Checkpoints: Fact-Checkers Do It a Tick at a Time," New
Yorker, February 9 and 16, 2009, 57-58.
Chapter 1
1. (p. 1) Whitfield Diffie, "Communications Revolution?", Program 10-94: "Crime
and Chaos," KPFA Radio, September 6, 1994.
2. (p. 1) DavidKahn, TheCodebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet, rev. ed. (New York: Scribner, 1996), 121-124.
3. (p. 1) Thomas Jefferson, letter to James Thomas Callender, October 6, 1799; in
Thomas Jefferson, The Works of Thomas Jefferson, Federal ed., vol. 9 (New York:
Putnam, 1904), 488.
4. (p. 2) Strong cryptography, meaning cryptography invulnerable to being broken
using current technology, is a floating term. In the 1970s, 56-bit DES was considered
strong, but since the late 1990s, DES-encrypted content can be easily decrypted
through brute-force methods.
5. (p. 2) Customized equipment, especially if the purchaser is a government, continues to require an export license.
6. (p. 2) Stephen Levy, Crypto: How the Code Warriors Beat the Government-Saving
Privacy in the Digital Age (New York: Viking Press, 2001).
7. (p. 2) Pub. L. 110-055.
8. (p. 2) J. Scott Marcus, affidavit in Tash Hepting et al. v. AT&T Corporation et al.,
United States Second District Court for Northern California, Case 3:06-cv-0672-vrw,
June 8, 2006, 12-15.
9. (p. 3) Steven M. Bellovin, Matt Blaze, Ernie Brickell, Clinton Brooks, Vinton Cerf,
Whitfield Diffie, Susan Landau, Jon Peterson, John Treichler, "Security Implications
of Applying the Communications Assistance to Law Enforcement Act to Voice over
IP" (2006), 9, http://www.cs.columbia.edu/--smb/papers/CALEAVOIPreport.pdf.
10. (p. 3) Vassilis Prevelakis and Diomidis Spinellis, "The Athens Affair," IEEE
Spectrum, July 2007, 18-25.
11. (p. 3) Alligator clips are spring-loaded clips with serrated jaws.
12. (p. 4) G. H. Johanessen, "Signaling Systems ... An International Concern," Bell
Labs Record, January 1970, 18.
13. (p. 4) Johanessen, "Signaling Systems," 13.
14. (p. 4) Railway gauges have become somewhat standardized. The Stephenson
gauge, at 4'81/2" separation, now accounts for about 60 percent of world's railway lines.
15. (p. 4) Johanessen, "Signaling Systems," 14.
16. (p. 5) In April 1963 overseas operators were able to dial directly to England,
France, and West Germany. Shortly afterward this was extended to Australia,
Belgium, the Netherlands, Italy, Japan, and Switzerland (Johannessen, "Signaling
Systems," 14-15).
17. (p. 5) In 1964, the International Telegraph and Telephone Consultative Committee (later known as the International Telecommunications Union) recommended
eleven digits as the preferred maximal length for international calls. This is prefixed
by digits signaling that the call is international (e.g., "011" when dialing from the
United States) (Bell Telephone Laboratories, Engineering and Operations in the Bell
System (New York: Bell Telephone Laboratories, 1977), 117).
18. (p. 5) Johannessen, "Signaling Systems," 18.
19. (p. 5) A. E. Joel Jr. and other members of technical staff, A History of Engineering
and Science in the Bell System, Switching Technology (1925-1975), vol. 3 (New York:
The Laboratories, 1982), 193-195.
20. (p. 5) The connection was "acoustical," with the handset of the operator's phone
placed in a Carterfone device. The Carterfone switched on a radio transmitter whenever the telephone caller was speaking and returned to receiving mode when
the voice stopped (Federal Communications Commission, In the Matter of Use of
the Carterfone Device in Message Toll Telephone Service; In the matter of Thomas
F. Carter and Carter Electronics Corp., Dallas, Tex. (complainants) v. American
Telegraph and Telephone Co., Associated Bell System Companies, Southwestern Bell Telephone Co., and General Telephone Co. of the Southwest (defendant); Docket
No. 16942; Docket No. 17073; 13 F.C.C.2d 420 (1968); 13 Rad. Reg. 2d (P&F) 597;
Release-Number: FCC 68-661; June 26, 1968 (adopted)).
21. (p. 5) This period had started with the phone company's interpretation of FCC
tariff 132, which stated that "no equipment, apparatus, circuit or device not furnished
by the telephone company shall be attached or connected with the facilities furnished
by the telephone company, whether physically, by induction, or otherwise." After
the Carterfone decision, this regulation was superseded by FCC tariff 263.
22. (p. 5) Federal Communications Commission, In the Matter of Use of the
Carterfone Device in Message Toll Telephone Service.
23. (p. 6) Jason Oxman, The FCC and the Unregulation of the Internet, OPP Working
Paper 31 (Washington, DC: Office of Plans and Policy, Federal Communications
Commission, July 1999), 14.
24. (p. 6) David Halbfinger, "In Pellicano Case, Lessons in Wiretapping Skills," New
York Times, May 5, 2008.
25. (p. 6) Wired How-To Wiki, Tap a Phone Line, http://howto.wired.com/wiki/
Tap_a_Phone_Line.
26. (p. 6) United States Attorney's Office, Eastern District of Virginia, "Departments
of Justice and Homeland Security Announced International Initiative against
Traffickers in Counterfeit Network Hardware," February 28, 2008, http://www.justice
.gov/criminal/cybercrime/Intl-Initiative.pdf.
27. (p. 6) Raul Roldan, "FBI Criminal Investigation: Cisco Routers," briefing, January
11, 2008.
28. (p. 6) John Markoff, "F.B.I. Says the Military Had Bogus Computer Gear," New
York Times, May 9, 2008.
29. (p. 7) RFID tags are tiny microchips increasingly used to tag everything from
the razors sold in Wal-Mart to U.S. military equipment deployed in a war zone. The
tags have a small antenna and respond to a radio signal with their own ID code,
alerting the scanner to their location.
30. (p. 7) This is only partially true; see chapter 8 for details.
31. (p. 7) The telephone was invented in 1876, but not until the 1920s was use
widespread. The first major use of the telephone by criminals occurred during Prohibition (Ithiel de Sola Pool, Craig Decker, Stephen Dizard, Kay Israel, Pamela Rubin,
and Barry Weinstein, "Foresight and Hindsight: The Case of the Telephone," in Ithiel
de Sola, ed., The Social Impact of the Telephone (Cambridge, MA: MIT Press, 1977),
137). This was a period when law enforcement also found the telephone extremely
valuable-but for wiretapping (Samuel Dash, Richard Schwartz, and Robert Knowlton, The Eavesdroppers (New Brunswick, NJ: Rutgers University Press, 1959), 28).
32. (p. 7) Widespread public utilization of a technology is also needed for criminals
to use the technology; otherwise their usage marks them as "persons of interest"
even before they commit an indictable offense.
33. (p. 8) During a 2007 American Bar Association panel discussion, an FBI associate
deputy director complained that Skype puts "other people's data on your machine."
While correct, that observation misses the point that this is core to peer-to-peer
technology.
34. (p. 9) William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Technology,
Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
(Washington, DC: National Academies Press, 2009), 5, 39.
35. (p. 9) Owens, Dam, and Lin, Technology, Policy, Law, and Ethics, 18.
36. (p. 9) In early 2009 Hathaway was appointed to do a sixty-day review of the
nation's Internet and cybersecurity strategy.
37. (p. 9) Prepared remarks, 2009 RSA Conference, April 22, 2009.
38. (p. 9) Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of
Wiretapping and Encryption, rev. ed. (Cambridge, MA: MIT Press, 2007), 129-131.
39. (p. 9) Diffie and Landau, Privacy on the Line, 130.
40. (p. 10) In recent years the courts have not supported unbridled investigations
by journalists. During probes over the disclosure that Valerie Plame was a CIA agent,
New York Dines reporter Judith Miller was jailed for several months for refusing to
release her sources.
41. (p. 10) Jacobellis v. Ohio, 378 U.S. 184, Stewart (concurring).
42. (p. 10) Herbert Danby, The Mishnah (Oxford: Oxford University Press, 1933), 233.
43. (p. 10) Samuel Warren and Louis Brandeis, "The Right to Privacy," Harvard Law
Review IV, no. 5 (December 15, 1890): 193-220.
44. (p. 11) 357 U.S. 449 (1958).
45. (p. 11) 381 U.S. 479 (1965).
46. (p. 11) 410 U.S. 113 (1973).
47. (p. 11) In 1878 in Ex Parte Jackson, 96 U.S. 727, the Supreme Court ruled that
the government could not open first-class mail without a search warrant.
48. (p. 11) 389 U.S. 347 (1967).
49. (p. 11) Note that this protection is for the contents of the call, not the transactional information of who called who when. Under U.S. law such information has
lesser legal protection.
50. (p. 11) Olmstead v. United States 277 U.S. 438 (1928).
Chapter 2
1. (p. 13) 700 series.
2. (p. 13) In fact, both Bell and Elisha Grey submitted patent applications for the
telephone on the same day; who was actually first remains controversial.
3. (p. 13) The telephone companies that began once Bell's telephone patent lapsed
in 1894 did not interconnect their networks. Subscribers had to be on the same
network in order to speak (Milton L. Mueller Jr., Universal Service (Cambridge, MA:
MIT Press, 1997), 43). This led to the situation of households and offices having
multiple telephones and multiple networks. Although some of those original companies remain extant to this day, systems interoperate and duplicate phones and
networks are no longer needed.
4. (p. 13) Colin Cherry, "The Telephone System: Creator of Mobility and Social
Change," in Ithiel de Sola Pool, ed., The Social Impact of the Telephone (Cambridge
MA: MIT Press, 1977), 115.
5. (p. 13) Cherry, "The Telephone System," 115.
6. (p. 13) Anton A. Huudeman, The WorldwideHistoryo fTelecommunications (Hoboken,
NJ: Wiley, 2003), 59-60, 66-83.
7. (p. 14) Paul Starr, The Creation of the Media: Political Origins of Modern Communications (New York: Basic Books, 2004), 185.
8. (p. 14) Tom Standage, The Victorian Internet: The Remarkable Story of the Telegraph
and the Nineteenth Century's On-Line Pioneers (New York: Walker and Company,
1998), 63.