Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (56 page)

BOOK: Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
6.63Mb size Format: txt, pdf, ePub

123. (p. 121) Specifically the Court wrote, "Prudence counsels caution before the facts
in this case are used to establish far-reaching premises that define the existence, and
extent, of privacy expectations of employees using employer-provided communication devices. Rapid changes in the dynamics of communication and information
transmission are evident not just in the technology itself but in what society accepts
as proper behavior. At present, it is uncertain how workplace norms, and the law's
treatment of them, will evolve." (City of Ontario v. Quon, 130 S. Ct. 2619 (2010)).

124. (p. 121) Steven Bradbury, "Legal Issues Relating to the Testing, Use, and Deployment of an Intrusion-Detection System (Einstein 2.0) to Protect Unclassified Computer
Networks in the Executive Branch: Memorandum Opinion for the Counsel to the President," January 9, 2009; David Barron, "Legality of Intrusion-Detection System
to Protect Unclassified Computer Networks in the Executive Branch: Memorandum
Opinion for an Associate Deputy Attorney General," August 14, 2009.

125. (p. 121) 130 S. Ct. 2619 (2010).

126. (p. 121) Prudence counsels caution before the facts in this case are used to
establish far-reaching premises that define the existence, and extent, of privacy
expectations of employees using employer-provided communication devices. Rapid
changes in the dynamics of communication and information transmission are
evident not just in the technology itself but in what society accepts as proper behavior. At present, it is uncertain how workplace norms, and the law's treatment of
them, will evolve." (City of Ontario v. Quon, 130 S. Ct. 2619 (2010)).

127. (p. 121) Ellen Nakashima, "Cybersecurity Plan Doesn't Breach Employee
Privacy, Administration Says," Washington Post, September 19, 2009; Department of
Homeland Security, Privacy Impact Assessment for the Initiative Three Exercise, March
18, 2010, 2, 4.

128. (p. 121) Department of Homeland Security, Privacy Impact Assessment for Initiative
Three, S.

129. (p. 121) Siobhan Gorman, "Troubles Plague Cyberspy Defense," Wall Street
Journal, July 3, 2009.

130. (p. 121) Gorman, "Troubles Plague Cyberspy Defense."

131. (p. 122) Nakashima, "Cybersecurity Plan."

Chapter 6

1. (p. 123) Open source predates the Internet, but became significantly more successful after widespread use of the network.

2. (p. 124) Fermat numbers are integers of the form 22k + 1. The first several Fermat
numbers, F, = 5, FZ = 17, F3 = 257, J, = 65537, are prime. The Fermat numbers have
various interesting properties; Gauss showed, for example, that if F,, is a prime p,
then a regular p-gon (a polygon with p equal sides and all equal angles) can be
inscribed in a circle using just compass and straight edge. Fermat conjectured that
all F; were prime, but F5 was shown not to be.

3. (p. 124) Arjen K. Lenstra, Hendrik W. Lenstra Jr., Mark Manasse, and John Pollard,
"The Factorization of the Ninth Fermat Number," Mathematics of Computation 61,
no. 203 (July 1993): 339.

4. (p. 125) Adam L. Beberg, Daniel L. Ensign, Guha Jayachandran, Siraj Khaliq, and
Vijay S. Pande, "Folding(&home: Lessons from Eight Years of Volunteer Distributed
Computing," Eighth IEEE International Workshop on High Performance Computational
Biology (Piscataway, NJ: IEEE Press, 2009).

5. (p. 125) These include a better understanding of the "misbehavior" of a protein
thought to be responsible for Huntington's disease and a model for predicting mutations in p53, a protein that in a healthy state protects against developing cancer (Folding
?home distributed computing, http://folding.stanford.edu/English/Papers/#ntoc6).

6. (p. 125) http://www.google.com/trends.

7. (p. 125) Jeremy Ginsberg, Matthew Mohebbi, Raj an Patel, Lynette Brammer, Mark
Smolinski, and Larry Brilliant, "Detecting Influenza Epidemics Using Search Engine
Query Data," Nature, February 19, 2009, 1011.

8. (p. 125) Diagrams of the Internet often represent the network as a cloud, the
fuzzy area being the area in which the user cannot predict the path through which
packets pass on their way from source to destination.

9. (p. 127) Miller v. United States, 425 U.S. 435 (1976).

10. (p. 127) Miller v. United States, 443.

11. (p. 127) Network Address Translation (NAT) boxes connect to the Internet and
enable multiple devices to share a single address. They do this by showing one
address to the Internet, while actually supporting multiple devices on a local
network. NATs are widely used in home networks.

12. (p. 128) Elizabeth Wasserman, "Beaver Street Fisheries Catch RFID," RFID
Journal, April 1, 2005, http://www.rfidjournal.com/article/purchase/1546.

13. (p. 128) Michael Totty, "Business Solutions: New Ways to Use RFID," Wall Street
Journal, June 2, 2009, http://online.wsj.com/article/SB100014240529702037719045
74175882366028604.html.

14. (p. 128) Ari Juels, "RFID Security and Privacy: A Research Survey," Journal of
Selected Areas in Communications 24, no. 2 (February 2006): 382.

15. (p. 128) This was done through hydrophones-long acoustic sensors-placed
on the ocean floor.

16. (p. 128) Three hundred sensors were embedded in the new 1-35 bridge over the
Mississippi River (Henry Petrowski, "The Minneapolis Bridge," American Scientist 97,
no. 6 (November/December 2009): 447).

17. (p. 128) Voice communications have different requirements than other applications: the "unreliability" centered on delay, jitter (time variation of delay), and
packet loss due to network congestion.

18. (p. 128) Federal Communications Commission, In the Matters of Formal Complaint of Free Press and Public Knowledge against Comcast Corporation for Secretly
Degrading Peer-to-Peer Applications. Broadband Industry Practices Petition of
Free Press et al. for Declaratory Ruling that Degrading an Internet Application Violates the FCC's Internet Policy Statement and Does Not Meet an Exception for "Reasonable Network Management," Memorandum Opinion and Order, File No.
EB-08-IH-1518, WC Docket No. 07-52, August 1, 2008 (adopted), 19.

19. (p. 129) Another is in wiretaps, a situation I will revisit in chapter 8.

20. (p. 129) Dale Hatfield, A Report on Technical and Operational Issues Impacting the
Provision of Wireless Enhanced 911 Services (2002), 4. Report prepared for the FCC.

21. (p. 129) Hatfield, Report on Technical and Operational Issues, 9-10.

22. (p. 129) Susan Crawford, "The Ambulance, the Squad Car, and the Internet,"
Berkeley Technology Law Journal 21, no. 2 (2006): 895-896.

23. (p. 130) NET Improvement Act of 2008, Pub. L. 110-283, §6.

24. (p. 130) United States v. John Toinero et al., S2 06 Crim. 0008(LAK) (U.S. District
Court, S.D. New York).

25. (p. 130) In re: In the Matter of the Application of the United States for an Order
Authorizing the Roving Interception of Oral Communications, 2003 U.S. App LEXIS
23433.

26. (p. 130) 18 U.S.C. §2518(4).

27. (p. 131) Gmail inspects user mail in order to target ads on the Gmail pages.
Although there were initial objections to this, Gmail has proved a major success. There
are more differences than similarities in the two situations: Gmail is a service in the
cloud, while Charter Communications is functioning as a communications provider.

28. (p. 132) Federal Communications Commission, "Formal Complaint against
Comcast, " 4.

29. (p. 132) Peter Eckersley, Fred von Lohmann, and Seth Schoen, Packet Forgery by
ISPs: A Report on the Corncast Affair, Electronic Frontier Foundation, November 28,
2007, http://www.eff.org/wp/packet-forgery-sps-report-comcast-affair.

30. (p. 132) It is worth noting that telephone companies cannot discriminate in this
way because they are "common carriers"; cable companies are not under such a
jurisdiction. In Europe such discrimination against dial-up modem users did occur.
Calls were blocked or interrupted if the phone company noticed that a modem was
in use. The rationale for this was that users stayed on the line longer when they
used modems, causing congestion. In some cases, there was also the argument that
the caller had not paid for modem use, which involved an additional charge. Finally
there were concerns that the digital signal sent by the modem might be encrypted,
to which the state security agencies of some European countries objected.

31. (p. 132) Adam Liptak, "Verizon Reverses Itself on Abortion Messages," New York
Tunes, September 28, 2007.

32. (p. 132) Federal Communications Commission, "Formal Complaint against
Comcast," 31.

33. (p. 132) Federal Communications Commission, "Formal Complaint against
Comcast," 31.

34. (p. 133) There was controversy over whether the FBI needed the stronger wiretap
warrant for the keystroke logger.

35. (p. 133) The password was nds09813-050; Nds09813-050 was the federal prison
identification number for Nicodemo D. Scarfo, Scarfo's father.

36. (p. 133) George Anastasia, "Big Brother and the Bookie," Mother Jones, January/
February 2002, http://motherjones.com/politics/2002/01/big-brother-and-bookie.

37. (p. 133) Ted Bridis, "FBI Is Building a `Magic Lantern'; Software Would Allow
Agency to Monitor Computer Use," Washington Post, November 23, 2001, AlS.

38. (p. 133) U.S. District Court, Western District of Washington, Application and
Affidavit for Search Warrant, MJ07-5114, June 12, 2007.

39. (p. 133) CIPAV documents released under FOIA to Wired, April 16, 2009.

40. (p. 134) Median duration is two minutes (Federal Communications Commission, Wireline Competition Bureau, Industry Analysis and Technology Division,
Trends in Telephone Service, August 2008, p. 11-8). In recent years median duration
on wireline phones has dropped to two minutes but average duration remains
higher than for cell phones (p. 14-4).

41. (p. 134) As of September 2009, 56 percent of devices on wireless networks were
capable of browsing the web ("100 Wireless Facts," http://www.ctia.org/advocacy/
research/index.cfm/AID/ 1038 2).

42. (p. 134) Jo Rabin, Guidelines for Web Content Transformation Proxies 1.0, W3C
Working Draft, February 11, 2010.

43. (p. 134) David Kahn, The Codebreakers: The Comprehensive History of Secret Communication from Ancient Times to the Internet (rev. ed.) (New York: Scribner, 1996), 299-300.

44. (p. 134) Kahn, The Codebreakers, 300.

45. (p. 135) Kahn, The Codebreakers, 578.

46. (p. 135) Even when the United States could not acquire signals from within the
Soviet Union, the NSA could listen to Soviet communications to its embassies and
military deployed abroad (e.g., in Afghanistan).

47. (p. 135) These were Geoffrey Arthur Prime and Ronald Pelton, respectively.

48. (p. 135) Matthew Aid, The Secret Sentry: The Untold History of the National Security
Agency, (New York: Bloomsbury Press, 2009), 152-153.

49. (p. 135) Aid, The Secret Sentry, 143-144.

50. (p. 135) Aid, The Secret Sentry, 168-170.

51. (p. 135) Aid, The Secret Sentry, 48.

52. (p. 136) Aid, The Secret Sentry, 58.

53. (p. 136) Aid, The Secret Sentry, 110-111.

54. (p. 136) Aid, The Secret Sentry, 106-107.

55. (p. 136) One example occurred when Intel researchers studying ambient
Bluetooth technology had staff members wear Bluetooth-enabled devices. Two such
devices were in close proximity each night, disclosing a previously unknown relationship between a pair of researchers (George Danezis and Richard Clayton, "Introducing Traffic Analysis," in Alessandro Acquisti, Stefanos Gritzalis, Costos
Lambrinoudakis, and Sabrina di Vimercati, eds., Digital Privacy: Theory, Technologies,
and Practices (Boca Raton, FL: Auerbach Publications, 2007), 95-116).

56. (p. 136) Mark Klein, affidavit in Tash Hepting et al., v. AT&T Corporation et al., United
States Second District Court for Nor-them California, Case 3:06cv-0672-vrw,June 8, 2006, 7.

57. (p. 136) Corinna Cortes, Daryl Pregibon, and Chris Volinsky, "Communities of
Interest," Intelligent Data Analysis 6, no. 3 (2002): 105-114.

58. (p. 136) The issue was not simply storing the records, but storing them in "live"
storage so that they would quickly be accessible.

59. (p. 137) Directive 2006/24EC.

60. (p. 137) The directive specifically exempted requiring retention of unsuccessful
call attempts (European Union, "Directive 2006/24/EC of the European Union and
the Council of 14 March 2006," Official Journal of the European Union, April 4, 2006, § 1.2).

61. (p. 137) European Union, "Directive 2006/24/EC," Article S.

62. (p. 137) The law would require communications providers to retain traffic data
for six to twenty-four months, with each member state determining its own data
retention period within those parameters.

63. (p. 137) Daniel Soar, "Short Cuts," London Review of Books 30, no. 16 (August
14, 2008):24.

64. (p. 138) Nathan Eagle, Alex Pentland, and David Lazer, "Inferring Social Network
Structure Using Mobile Phone Data," Proceedings of the National Academy of Sciences
106, no. 36 (2009): 15274-15278.

65. (p. 138) Joseph Bonneau, Jonathan Anderson, Frank Stajano, and Ross Anderson, "8 Friends Are Enough: Social Graph Approximation via Public Listings," ACM
Workshop on Social Network Systems (New York: ACM, 2009).

66. (p. 138) Shishir Nagaraja, "The Economics of Covert Community Detection and
Hiding," WEIS 2008-Seventh Workshop on Economics of Information Security,
Hanover, NH, June 25-28, 2008, 7-8.

67. (p. 138) "Suspect Tracked by Phone Calls," BBC News, August 1, 2005.

68. (p. 139) "Profile: Hussain Osman," BBC News, July 9, 2007.

69. (p. 139) Some of the material in this section originally appeared in Whitfield
Diffie and Susan Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, rev. ed. (Cambridge, MA: MIT Press, 2007), 272-274.

70. (p. 139) This was said by Scott McNealy, the CEO of Sun Microsystems. McNealy
has a much more nuanced view of privacy than would appear from this flip and
oft-quoted comment.

Other books

Desperate Games by Boulle , Pierre
FOR THE LOVE OF THE SEA by Bohnet, Jennifer
Adrian Glynde by Martin Armstrong
El arte de amargarse la vida by Paul Watzlawick
Cured by Bethany Wiggins
Around the River's Bend by Aaron McCarver
Melinda Hammond by Highclough Lady