Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (57 page)

BOOK: Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
3.55Mb size Format: txt, pdf, ePub

71. (p. 139) A simple example is as follows: Let the mix network have three intermediary servers. Assume Alice, Charlotte, Emily, Gilda, and Irina are sending messages to
Bob, David, Ferdinand, Henryk, andJohn respectively. Each of Alice, Charlotte, Emily,
Gilda, and Irina encrypt their messages, including the email address, using the public
keys of the three servers. This is done "Russian-doll" style, in which the encryption
is done first using the key of the last server, then encrypting the message with the
key of the intermediate server, and then finally encrypting using the key of the initial
server one. These five messages are put in a batch-in practice a batch should be very
large-and delivered to the first server. This server decrypts the messages using its
private key, mixes up the order of the messages, and sends them on to the next server,
which repeats the process. The process continues through all the servers in the mix
network. If there are many messages in the batch, it is difficult for an eavesdropper
to trace a message in order to determine who is communicating with whom.

72. (p. 139) Tor: Overview, https://www.torproject.org/overview.html.en#thesolution.

73. (p. 140) In addition, the Tor path keys are deleted.

74. (p. 140) Roger Dingledine and Nick Mathewson, "Anonymity Loves Company:
Usability and the Network Effect," Fifth Workshop on the Economics of Information
Security (Pre-proceedings), June 26-28, 2006, 533-544.

75. (p. 141) http://metrics.torproject.org/consensus-graphs.html#networksize-30d.

76. (p. 141) Tor is recommended by Reporters without Borders for use by journalists
and their sources.

77. (p. 141) http://www.torproject.org/torusers.html.en.

78. (p. 142) Harold Kwalwasser, "Internet Governance," in Franklin Kramer, Stuart
Starr, and Larry Wentz, eds., Cyberpower and National Security (Washington, DC: NDU
Press, 2009), 497.

79. (p. 142) Alexa.com, http://www.alexa.com/topsites.

80. (p. 142) These data are from the second quarter of 2009 (Internet World Stats,
http://www.internetworldstats.om/stats3.htm).

81. (p. 143) Patrick Leahy, Charles Grassley, and Arlen Specter, Interim Report on FBI
Oversight in the 107th Congress by the Senate Judiciary Committee: FISA Implementation
Failures, February 2003, 11.

82. (p. 143) James McGroddy and Herbert Lin, eds., A Review of the FBI's Trilogy
Information Technology Modernization Program (Washington, DC: National Academies
Press, 2004), 35.

83. (p. 143) McGroddy and Lin, A Review of the FBI's Trilogy Information Technology
Modernization Program, 36.

84. (p. 143) Clive Thompson, "Open-Source Spying," New York Times Magazine,
December 3, 2006.

85. (p. 143) Thompson, "Open-Source Spying."

86. (p. 143) In November 2006, FBI Special Agent Bobby Flaim commented at the
Security and Privacy session of the Global Forum in Paris that the FBI could sometimes find information online that subpoenas could not uncover.

87. (p. 143) His father had explicitly warned the United States about the son's radical
turn. In addition, NSA had picked up Yemenese intercepts discussing using a Nigerian in an attack. Nonetheless, Abdulmutallab was allowed to board a Northwest
Airlines plane flying from Amsterdam to Detroit (Scott Shane, "Shadow of 9/11 Is
Cast Again," New York Times, December 31, 2009).

Chapter 7

1. (p. 145) Rainer Bohme and Thorsten Holz, "The Effect of Stock Spam on Financial
Markets," Workshop on the Economics of Information Security, Cambridge,
U.K., 2006.

2. (p. 145) The term hots comes from robots; these are also sometimes called zombies.

3. (p. 145) William A. Owens, Kenneth W. Dam, and Herbert S. Lin, Technology,
Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities
(Washington, DC: National Academies Press, 2009), 353.

4. (p. 146) Evan Cooke, Famam Jahanian, and Danny McPherson, "The Zombie
Roundup: Understanding, Detecting, and Disrupting Botnets," Usenix Workshop on
Steps to Reducing Unwanted Traffic on the Internet (SRUTI 2005) (Berkeley, CA: USENIX),
July 2005, 2.

5. (p. 146) "Botnets for Rent," PBS, http://www.pbs.org/kcet/wiredscience/story/12botnets for rent.html.

6. (p. 146) Bohme and Holz, "Stock Spam," 16.

7. (p. 146) Michael Lesk, "The New Frontline: Estonia under Cyberassault," IEEE
Security and Privacy 5, no. 4 (July/August 2007): 76.

8. (p. 146) Jose Nazario, "Security to the Core: The Arbor Networks Security Blog," May 17,
2007, http://assert.ametworks.com/2007/05/estonian-ddos-attacks-a-summary-to-date/.

9. (p. 146) Lesk, "New Frontline," 77.

10. (p. 146) Eneken Tikk, Kadri Kaska, Kristel Rnnimeri, Mari Kert, Anna-Maria
Talihrm, and Liis Vihul, Cyber Attacks against Georgia: Legal Lessons Identified, Cooperative Cyber Defense Center of Excellence, Tallinn, Estonia, NATO Unclassified,
Version 1.0 (November 2008), 15-16.

11. (p. 146) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 81.

12. (p. 147) Thomas R. Johnson, United States Cryptologic History: The NSA Period,
1952 Present. Volume 5: American Cryptology during the Cold War, 1945-1989; Book
III, Retrenchment and Reform: 1972-1980 (Fort Meade, MD: Center for Cryptologic
History, National Security Agency, 1995), 145.

13. (p. 147) Johnson, United States Cryptologic History, vol. 5, book III, 145.

14. (p. 147) Johnson, United States Cryptologic History, vol. 5, book III, 145-146.

15. (p. 148) Laura Rocchio, "Protecting the Price of Bread," National Aeronautics
and Space Administration, April 2, 2007, http://Iandsat.gsfc.nasa.gov/news/
news-arch ive/soc-0010. html.

16. (p. 148) Susan Landau, Stephen Kent, Clinton Brooks, Scott Charney, Dorothy
Denning, Whitfield Diffie, Anthony Lauck, Douglas Miller, Peter Neumann, and
David Sobel, Codes, Keys, and Conflicts: Issues in U.S. Crypto Policy: Report of a Special
Panel of the ACM U.S. Public Policy Committee (USACM) (New York: ACM, June 1994), 1.

17. (p. 148) Kenneth Dam and Herbert Lin, Cryptography's Role in Securing the Information Society (Washington, D.C.: National Academy Press, 1996), 68.

18. (p. 148) Lourdes was active until early in this century, when most overseas U.S.
communications began traveling by fiber-optic cable and the station no longer
served a useful function.

19. (p. 148) Matthew Aid, Secret Sentry: The Untold History of the National Security
Agency (New York: Bloomsbury Press, 2009), 62.

20. (p. 148) Johnson, United States Cryptologic History, vol. 5, book 111, 148.

21. (p. 148) Johnson, United States Cryptologic History, vol. 5, book III, 146.

22. (p. 149) U.S. Interagency OPSEC Support Staff, Intelligence Threat Handbook (June
2004), 37.

23. (p. 149) U.S. General Accounting Office, Economic Espionage: Information on
Threat from U.S. Allies, T-NSIAD-96-114 (February 1996), 3.

24. (p. 149) (p. 149) U.S. General Accounting Office, Economic Espionage, 3.

25. (p. 149) Dam and Lin, Cryptography's Role, 33.

26. (p. 149) Peter Schweizer, "The Growth of Economic Espionage," Foreign Affairs 75, no. 1 (January/February 1996): 12.

27. (p. 149) William Carley, "A Chip Comes in from the Cold: Tales of High-Tech
Spying," Wall Street Journal, January 19, 1995.

28. (p. 149) The GAO report does not actually name the nations, calling them
instead "Country A," "Country B," and so on. These countries have been identified,
respectively, as Israel, France, Germany, and Japan (http://fas.org/irp/gao/nsi96114.htm).

29. (p. 149) U.S. General Accounting Office, Economic Espionage, 2.

30. (p. 149) John Flaka, War by Other Means: Economic Espionage in America (New
York: Norton, 1997), 181-182.

31. (p. 149) This was previously known as the Ministry of Industrial Trade and
Industry (MITI).

32. (p. 149) Peter Schweizer, Friendly Spies: How America's Allies Are Using Economic
Espionage to Steal Our Secrets (New York: Atlantic Monthly Press, 1993), 64.

33. (p. 150) Interagency OPSEC Support Staff, Intelligence Threat Handbook (April
1996; rev. May 1996), section S.

34. (p. 150) Schweizer, Friendly Spies, 88-90.

35. (p. 150) Schweizer, "Growth of Economic Espionage," 9.

36. (p. 150) Interagency OPSEC, Intelligence Threat Handbook (1996), section S.

37. (p. 150) Office of the National Counterintelligence Executive, Annual Report to
the Congress on Foreign Economic Collection and Industrial Espionage, FY07, September
10, 2008, 2.

38. (p. 150) Louis Freeh, testimony before the Subcommittee on Crime, Judiciary
Committee, House of Representatives, Economic Espionage, May 9, 1996.

39. (p. 151) Robert Mueller, "The FBI: Meeting New Challenges" (speech), National
Press Club, June 20, 2003.

40. (p. 151) Office of the National Counterintelligence Executive, Annual Report to the
Congress on Foreign Economic Collection and Industrial Espionage-2005, August 2006, 1.

41. (p. 151) Schweizer, Friendly Spies, 92.

42. (p. 151) Flaka, War by Other Means, 152.

43. (p. 151) Soviet agents touring a Grumman aircraft plant in 1987 had adhesive
tape on their shoes to pick up slivers of metal for analyzing the planes (Daniel
Patrick Moynihan, "How the Soviets Are Bugging America," Popular Mechanics,
April 1987, 104).

44. (p. 151) Two men in a van belonging to the French consul general in Houston
were seen removing garbage bags filled with trash at the home of an executive
for a major U.S. defense company; the FBI was called in (Flaka, War by Other
Means, 87).

45. (p. 151) Schweizer, Friendly Spies, 17.

46. (p. 151) Frank Greve, "French Techno-Spies Bugging U.S. Industries," San Jose
Mercury News, October 21, 1992.

47. (p. 151) Schweizer, Friendly Spies, 19, 84.

48. (p. 151) Stansfield Turner, "Intelligence for a New World Order," Foreign Affairs
70, no. 4 (Fall 1991): 151.

49. (p. 151) David Sanger and Tim Weiner, "Emerging Role for the C.I.A.: Economic
Spy," New York Times, October 15, 1995.

50. (p. 152) Alan Cowell, "Bonn Said to Expel U.S. Envoy Accused of Economic
Espionage," New York Times, March 10, 1997.

51. (p. 152) Nicky Hager, Secret Power: New Zealand's Role in the International Spy
Network (Nelson, New Zealand: Craig Potton Publishing, 1996); Duncan Campbell,
Interception Capabilities 2000: Development of Surveillance Technology and Risk of Abuse
of Economic Information, Report to the Director General for Research of the European
Parliament, Luxemburg (April 1999).

52. (p. 152) The company is now called Thales.

53. (p. 152) James Woolsey, "Why We Spy on Our Allies," Wall Street Journal, March
17, 2000.

54. (p. 152) This includes bribes paid to receive a contract. While in many nations,
bribery to obtain a contract is legal, in the United States it is illegal.

55. (p. 153) Pub. L. 104-294, Title 18 U.S.C. 1831 et seq.

56. (p. 153) Under §1832 of the act, it is also a criminal offense if a trade secret is
misappropriated with intent to create economic benefit for someone other than the
owner of the secret.

57. (p. 153) This makes enforcement of the Economic Espionage Act difficult. Even
though the law has an extraterritorial aspect, a suspect will not be extradited to the
United States to face charges under the act unless economic espionage is a crime in
the foreign nation.

58. (p. 153) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 26.

59. (p. 153) David A. Espie, "The Domain Program and the InfraGard Program," FBI
briefing, slides 10 and 39.

60. (p. 153) U.S. Department of Defense, Defense Security Service, Targeting U.S.
Technologies (2008), 4.

61. (p. 154) World Trade Organization, Annual Report 1998 (Geneva: World Trade
Organization, 1999), 36.

62. (p. 154) Hal Varian, "An iPod Has Global Value. Ask the (Many) Countries That
Make It," New York Times, June 28, 2007.

63. (p. 154) Greg Linden, Jason Dedrick, and Kenneth Kraemer, "Who Profits from
Innovation in Global Value Chains? A Study of the iPod and Notebook PCs,"
Industrial and Corporate Change (published online June 22, 2009), 33-34, http://icc
.oxfordjournals.org/cgi/content/abstract/dtp032.

64. (p. 154) Linden, Dedrick, and Kraemer, "Who Profits from Innovation in Global
Value Chains?", 17.

65. (p. 154) Greg Linden, Jason Dedrick, and Kenneth Kraemer, "Innovation and
Job Creation in a Global Economy," (UC Irvine: Personal Computing Industry
Center, January 2009), 6.

66. (p. 154) Thomas Friedman, The World Is Flat: A Brief History of the Twenty-first
Century (New York: Farrar, Straus and Giroux, 2005), 134.

67. (p. 154) Friedman, The World Is Flat, 136.

68. (p. 155) Benetton's innovations are not just in IT. The company first knits and
then dyes the fabric; this is contrary to the way most clothing is manufactured. This
change is much to Benetton's advantage. Sewing is slow, dyeing is fast, and doing
the process in this order enables the company to respond quickly to customer
demand (Peter Dapiran, "Benetton-Global Logistics in Action," International Journal
of Physical Distribution and Logistics Management 22, no. 6 (1992): 7-11).

69. (p. 155) Kuldeep Kumar, "Technology for Supporting Supply Chain Management," Communications of the ACM 44, no. 6 (June 2001): 57-61.

70. (p. 155) The export trading arm of Li and Fung employs fourteen thousand
people across three continents (North America, Europe, and Asia).

71. (p. 155) Kasra Ferdows, "New World Manufacturing Order: Supply Chain
Management Goes Global in a Dispersed Manufacturing Environment," All Business,
February 1, 2003.

72. (p. 155) Disclosure: Sun was my employer between 1999 and 2010.

73. (p. 156) Sun's hardware break-fix service was outsourced in the 1990s.

74. (p. 156) This is probably the most frequently asked question of system
administrators.

75. (p. 157) In recognition of the leveling resulting from such intellectual capital being
available around the globe, journalist Tom Friedman has proclaimed the world flat.

Other books

Michael's Discovery by Sherryl Woods, Sherryl Woods
Jitterbug by Loren D. Estleman
Peeling Oranges by James Lawless
Violet Path by Olivia Lodise
Freight Trained by Sarah Curtis