Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (50 page)

72. (p. 30) National Communications System, SMS over SS7, 39-41.

73. (p. 30) U.S. Bureau of the Census, Statistical Abstract of the United States, 83rd
ed. (Washington, DC: U.S. Bureau of the Census, 1962), table 689.

74. (p. 30) U.S. Bureau of the Census, Statistical Abstract of the United States, 83rd
ed., table 695.

75. (p. 30) U.S. Bureau of the Census, Statistical Abstract of the United States:
2009,128th ed. (Washington, DC: U.S. Census Bureau, 2008), table 1110.

76. (p. 30) U.S. Bureau of the Census, Statistical Abstract of the United States: 2009,
table 1110.

77. (p. 30) CTIA, "Wireless Quick Facts: MidYear Figures," http://www.ctia.org/
advocacy/research/index.cfm/AID/10323.

78. (p. 30) Pew Internet & American Life Project Surveys (March 2000-August 2008).

79. (p. 30) CTIA, "Wireless Quick Facts."

80. (p. 31) Jerome H. Saltzer, David P. Reed, and David D. Clark, "End-to-End
Arguments in System Design," ACM Transactions on Computer Systems 2, no. 4
(November 1984): 278.

81. (p. 31) There are also secure browsers using https (http over an encrypted communications channel).

82. (p. 31) Susan Landau, "National Security on the Line," Journal of Telecommunications and High Technology Law 4, no. 2 (Spring 2006): 427.

83. (p. 31) The actual statement is as follows: "In the future, everyone will be worldfamous for 15 minutes." (Of course, the issue then becomes: if everyone can be
famous, who will be the audience?)

84. (p. 31) Teleconferencing services are possible on the PSTN but take work to
arrange. On the Internet, one-to-many and many-to-many applications are readily
available.

85. (p. 31) The 2004 Indian Ocean tsunami and 2006 London Underground and
bus bombings gave multiple examples of this phenomenon. Descriptions of the
events by eyewitnesses and photos by amateurs taken on cell phones appeared on
blogs read around the world. These accounts and photos were then picked up by
the popular press and were published in such standard news sources as the BBC.

86. (p. 31) In nations such as China and Singapore, where the government tightly
controls Internet usage, the population does not have the same social and political
freedoms that the Internet enables elsewhere (Shanthi Kalathil and Taylor Boas,
Open Networks, Closed Regimes: The Impact of the Internet on Authoritarian Rule
(Washington, DC: Carnegie Endowment for International Peace, 2003)). Sometimes
the modicum of control is self-censorship rather than direct government control.
The self-censorship is, of course, in order to avoid a punitive government response.

87. (p. 32) A notable instance occurred in the 2002 resignation of U.S. Senator Trent
Lott from his position as Senate majority leader. Lott had made a racist comment
at the one hundredth birthday party for former Senator Strom Thurmond. Although
the comment was broadcast live by C-SPAN, it was originally ignored by the popular
press. Bloggers kept the issue alive (Lawrence Lessig, Free Culture: How Big Media Uses
Technology and the Law to Lock Down Culture and Control Creativity (New York:
Penguin Press, 2004), 43), and the public fallout led to Lott's resignation as Senate
majority leader.

88. (p. 32) Christopher Hayes, "MoveOn.org Is Not as Radical as Conservatives
Think," The Nation, July 16, 2008. MoveOn's origins are a lesson in the power of
the Internet. Frustrated by the prospect of Clinton's impeachment, two Silicon
Valley entrepreneurs posted an online petition suggesting that Clinton be censured
instead. They sent emails to a hundred friends about the petition, which was then
mentioned in a San Francisco Chronicle news article. The petition quickly received a
hundred thousand signatures.

89. (p. 32) Clay Shirky, Here Comes Everybody: The Power of Organizing without Organization (New York: Penguin Press, 2008), 143-160.

90. (p. 32) This is Voice of the Faithful.

91. (p. 32) It seems that the value of the network grows proportionally to n log n
(Bob Briscoe, Andrew Odlyzko, and Benjamin Tilly, "Metcalfe's Law Is Wrong,"
IEEE Spectrum Online, July 2006, http://www.spectrum.ieee.org/ju106/4109/4).

92. (p. 32) In fact, the number of interesting groups, groups with more than one
person, is 2"-n-1; that is the refined version of Reed's law (David P. Reed, "The
Law of the Pack," Harvard Business Review, February 2001, 23-24).

93. (p. 32) www.wikipedia.org.

94. (p. 33) Torvalds was developing a kernel for MINIX, an operating system created
for academic purposes, to run on the Intel 386 chip.

95. (p. 33) The name Linux originally applied only to the operating-system kernel
but has since been used to apply to the full operating system.

96. (p. 33) David Wheeler, More Than a Gigabuck: Estimating GNU/Linux's Size, July
29, 2002, http://www.dwheeler.com/sloc/redhat7l-vl/redhat7lsloc.html.

97. (p. 33) Supporting aspects of Linux's success include the GNU General Public
License, a copyright license that requires that any derived works be licensed under
the same copyright agreement as the original, thus preserving the freedoms of the
original work if it is, for example, open source and sharable (Free Software Foundation, "GNU General Public License," http://firstmonday.org/htbin/cgiwrap/bin/ojs/
index.php/fm/article/view/ 14 79/ 1394) .

98. (p. 33) Jae Yun Moon and Lee Sproull, "Essence of Distributed Work: The Case
of the Linux Kernel," First Monday, October 3, 2005, http://firstmonday.org/htbin/
cgiwrap/bin/oj s/index.php/fm/article/view/ 1479/ 1394.

99. (p. 33) There is an open-source effort in medicine, the Tropical Disease Initiative,
which seeks to do open-source drug discovery. Much biological research is computational; a SARS protein was identified by scanning the SARS genome against a
database of known proteins (Stephen Maurer, Arti Rai, and Andrej Sali, "Finding
Cures for Tropical Diseases: Is Open Source an Answer?", PLOS Medicine, December
28, 2004). Given the wealth of publicly accessible biological data, open-source
medical research is a real option for the future.

100. (p. 33) Yochai Benkler, The Wealth of Networks: How Social Production Transforms
Markets and Freedom (New Haven, CT: Yale University Press, 2006), 3.

101. (p. 35) Federal Communications Commission, In the Matters of Formal Complaint of Free Press and Public Knowledge against Comcast Corporation for Secretly
Degrading Peer-to-Peer Applications. Broadband Industry Practices Petition of
Free Press et al. for Declaratory Ruling that Degrading an Internet Application
Violates the FCC's Internet Policy Statement and Does Not Meet an Exception for
"Reasonable Network Management," Memorandum Opinion and Order, File No.
EB-08-IH-1518, WC Docket No. 07-52, August 1, 2008 (adopted), 3.

Chapter 3

1. (p. 37) Cohen developed the first voice-over-the-Internet application.

2. (p. 38) Vinton Cerf and Robert Kahn, "A Protocol for Packet Network Intercommunication," IEEE Transactions on Communications 22, no. 5 (May 1974): 637-648.

3. (p. 38) Even six years after the original paper describing TCP/IP, in RFC761-DoD
Standard Transmission Control Protocol, an updated version of the TCP specification based on eight earlier versions, the focus remained on robustness (Jon Postel,
"RFC761-DoD Standard Transmission Control Protocol," January 1980, http://
www.faqs.org/rfcs/rfc761.html).

4. (p. 38) Laura DeNardis, "A History of Internet Security," in Karl De Leeuw and Jan
Bergstra, eds., Handbook of the History of Information Security (Amsterdam: Elsevier,
2007), 683.

5. (p. 38) This is codified in cryptography as Kerckhoffs' principle.

6. (p. 38) Dennis Jennings, personal communication, March 26, 2009.

7. (p. 39) In the early 1970s, BBN was asked to build packet encryption devices. The
resulting devices were huge; they looked like "Darth Vader's refrigerators-black and
seven feet tall" (Stephen Kent, personal communication, April 15, 2009).

8. (p. 39) Stephen Kent, personal communication, April 15, 2009.

9. (p. 39) Snow served as Technical Director for NSA's Information Assurance Directorate, one of three major technical components of NSA.

10. (p. 39) Research Day 2007: Interdisciplinary Studies in Information Security,
Ecole Polytechnique Federale de Lausanne, July 5, 2007.

11. (p. 39) 2600 Hertz (Hz).

12. (p. 39) The user, often called a "phone phreak," either whistled at 2600 Hz or
had a "blue box" that did so. The success relied on the fact that a PSTN trunk line
would make its availability to transmit a call known by sending out a signal at 2600
Hz to the other lines in the network. The phone phreak would dial an 800 number.
The sending end of the trunk line would be engaged and stop sending a 2600 Hz
signal down the line. The phone company's accounting system would start the
process of charging the call (to the party with the 800 number). But then the phone
phreak would whistle a 2600 Hz signal down the line. That causes the far end of the
trunk line to assume the user has disconnected and the trunk line stopped the dialing
process. Instead, however, the user stopped the 2600 Hz signaling, causing the trunk
to again wait for the dialed digits. But now the dialed digits could be anywhere-at
least anywhere that was included in the automatic switching system at the time-and
not just the expected 800 number. The accounting system is still engaged. Only at
the actual end of the call would it make a notation, and that would be to charge the
800 number for the user's call, a call that never engaged the 800 number itself (Ron
Rosenbaum, "Secrets of the Little Blue Box," Esquire, October 1971).

13. (p. 40) Human speech is often garbled, which is why it has a high level of
redundancy. Furthermore, connections go down or become overloaded.

14. (p. 40) http://www.scientificamerican.com/article.cfm?id=magic-and-the-brain.

15. (p. 42) Of course, one could use a laptop's MAC address, the product's registered
identification number. These addresses are intended to be globally unique identifiers, but on most current hardware, it is possible to change them. In any case, many
computers have multiple users, so knowing the computer does not identify the user.

16. (p. 42) Dennis Jennings, personal communication, March 26, 2009.

17. (p. 43) One of the first British actions at the start of World War I involved cutting
the five undersea cables connecting Germany to the rest of the world. Germany was
forced to use easily intercepted radio communications, advantaging the British, who
had a much larger and reliable wired network (Daniel Headrick, The Invisible Weapon:
Telecommunications and International Politics, 1851-1946 (Oxford: Oxford University
Press, 1991), 141).

18. (p. 43) Whitfield Diffie and Susan Landau, Privacy on the Line: The Politics of
Wiretapping and Encryption, rev. ed. (Cambridge, MA: MIT Press, 2007), 58.

19. (p. 44) The enciphering was really simple. Any alphanumeric message can be
written as a string of Os and is (this can be done, for example, by using Morse code,
where "a" is 11000, "b" is 10011, etc.). Then the key is also a string of Os and is,
and the message is added to the key binary digit by binary digit using "XOR," in
which 0+0=1, 1+0=0+1=1, and 1+1=0. The same key and algorithm were used at the
other end for decoding, leading back to the original message (Kahn, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the
Internet, rev. ed., New York: Scribner, 1996, 394-401).

20. (p. 44) In English, for example, the letter e appears 13 percent of the time, followed by the letter t (9.3 percent), n (7.8 percent), r (7.7 percent), and so on (Abraham
Sinkov, Elementary Cryptanalysis: A Mathematical Approach (Washington, DC: Mathematical Association of America, 1966), 177). A more sophisticated approach also
relies on the percentage of digraphs-pairs of letters-as well as the frequency with which
particular letters appear at the beginning or end of a word to cryptanalyze a message.

21. (p. 44) Kahn, The Codebreakers, 394-401.

22. (p. 44) In a single rotor, the wiring between the contacts created a scrambled, but
fixed substitution of the letters of the alphabet (e.g., a D, b M, c T, ... , z V).

23. (p. 44) After encrypting a single letter, the first rotor would advance a single
position, thus employing a new substitution alphabet for encoding the next letter.
At that point the rotor machines had an added twist: the second rotor would only
advance a position after the first had gone through all of its twenty-six positions,
the third, only after the second had passed through all twenty-six of its positions
(Kahn, The Codebreakers, 411-413). This change meant that the period-the number
of letters encrypted before the machine would repeat the same configuration of
alphabets-was just under seventeen thousand. The four-rotor machines would take
about four hundred thousand times before they would repeat the same series of
alphabets, thus apparently thwarting frequency analysis.

24. (p. 44) At one point the British attacked a German boat solely to obtain the
Enigma encryption keys it was carrying (Kahn, The Codebreakers, 977).

25. (p. 44) Ruth Davis, "The Data Encryption Standard in Perspective," IEEE Cornmunications Magazine 16, no. 6 (November 1978): 6-7.

26. (p. 45) Whitfield Diffie and Martin Hellman, "Exhaustive Cryptanalysis of the
NBS Data Encryption Standard," IEEE Computer 10, no. 6 (June 1977): 74-84.

27. (p. 45) If one is decrypting doing a brute-force search of the key space, on
average this should take 255 steps.

28. (p. 4S) Electronic Frontier Foundation, Cracking DES Secrets ofEncryption Research,
Wiretap Politics & Chip Design (Sebastopol, CA: O'Reilly, 1998).

29. (p. 45) Kahn, The Codebreakers, 549-550.

30. (p. 45) Marks, Leo, Between Silk and Cyanide: A Codeinaker's Story 1941-1945 (New
York: Free Press, 1998).

31. (p. 45) Whitfield Diffie and Martin Hellman, "New Directions in Cryptography,"
IEEE Transactions in Information Theory IT-22, no. 6 (1976): 644-654.