Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (59 page)

BOOK: Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
8.61Mb size Format: txt, pdf, ePub

157. (p. 170) Krekel, Capability of the People's Republic of China, 59-66.

158. (p. 170) Krekel, Capability of the People's Republic of China, 52.

159. (p. 170) Since the attack occurs before any vulnerability has been announced
by the vendor, this is called a zero-day exploit.

160. (p. 170) According to Google, the information observed was account information, such as the date the account was created, and the subject line; mail contents
were not accessed (David Drummond, "A New Approach to China," January 12,
2010, http://googlepublicpolicy.blogspot.com).

161. (p. 170) David Drummond, "A New Approach to China."

162. (p. 170) John Markoff and David Barboza, "2 China Schools Said to Be Tied to
Online Attacks," New York Dines, February 18, 2010.

163. (p. 170) Rhys Blakely, Jonathan Richards, James Rossiter, and Richard
Beeston, "MIS Alert on China's Cyberspace Threat," Times Online, December 1,
2007.

164. (p. 171) Interagency OPSEC, Intelligence Threat Handbook (2004), 18.

165. (p. 171) Nicholas Eftimiades, Chinese Intelligence Operations (Annapolis, MD:
Naval Institute Press, 1994), 27.

166. (p. 171) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 173-174.

167. (p. 171) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 328-329.

168. (p. 171) Owens, Dam, and Lin, Use of Cyberattack Capabilities, 332.

169. (p. 171) Timothy Thomas, "Like Adding Wings to the Tiger: Chinese Information War and Practice," Military Intelligence Professional Bulletin, July-September 2003,
http://www.iwar.org.uk/iwar/resources/china/iw/chinaiw.htm.

170. (p. 171) Gorman, "Electricity Grid in U.S. Penetrated by Spies."

171. (p. 172) Steve Chabinsky, personal communication, December 14, 2009.

172. (p. 172) David Leppard, "Fraudsters' Bugs Transmit Credit Card Details to
Pakistan," Times Online, October 12, 2008.

173. (p. 172) Henry Samuel, "Chip and Pin Scam 'Has Netted Millions from British
Shoppers,"' Telepgrah.co.uk, October 10, 2008.

174. (p. 173) U.S. Immigration and Customs Enforcement, U.S. Department of
Homeland Security, "ICE, CBP, DOJ Announce International Initiative against Traffickers in Counterfeit Network Hardware" (February 28, 2008), http://www.ice.gov/
pi/news/newsreleases/articles/080228washington.htm.

175. (p. 173) Raul Roldan, "FBI Criminal Investigation: Cisco Routers," briefing,
January 11, 2008.

176. (p. 173) The damage caused to Cisco's reputation, on the other hand, would
not have been minor if the activity had not been uncovered.

177. (p. 173) Roldan, "FBI Criminal Investigation: Cisco Routers."

178. (p. 173) Presumably confidential communications would be encrypted but
even the transactional information, who is communicating with whom when, is
potentially quite revealing.

179. (p. 173) This is known as 4G LTE.

180. (p. 173) In the end, AT&T went with Alcatel-Lucent and Ericsson.

Chapter 8

1. (p. 175) Under the SHAMROCK Program, between August 1944 and May 1975
RCA Global and ITT World provided copies to the NSA of essentially all
international communications from the United States, while Western Union
International gave copies of only certain telegrams to the surveillance agency. The
NSA estimated that by the final months of the program it was reviewing
one hundred fifty thousand telegrams a month (U.S. Congress, Senate, Final
Report of the Select Committee to Study Governmental Operations with Respect to
Intelligence Activities: Supplementary Detailed Staff Reports on Intelligence Activities and
the Rights of Americans: Book 77 (Washington, DC: Government Printing Office,
1976), 765).

2. (p. 175) U.S. Congress, Senate, Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities, 749.

3. (p. 175) The First Amendment reads as follows: "Congress shall make no law
respecting an establishment of religion, or prohibiting the free exercise thereof; or
abridging the freedom of speech, or of the press; or the right of the people peaceably
to assemble, and to petition the Government for a redress of grievances."

4. (p. 175) U.S. Congress, Senate, Final Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities, 749-750.

5. (p. 175) The interception ended in the fall of 1973 (U.S. Congress, Senate, Final
Report of the Select Committee to Study Governmental Operations with Respect to Intelligence Activities, 756-757).

6. (p. 176) There was no evidence of illegal activities. In 1989 FBI Director William
Sessions said: "The broadening of the investigation in October 1983, in essence,
directed all field offices to regard each CISPES chapter, wherever located, as a proper
subject of investigation. Based on the documentation available to the FBI by October
1983, there was no reason ... to expand the investigation so widely" (U.S. Senate,
Senate Select Committee on Intelligence Inquiry into the FBI Investigation of the Committee
in Solidarity with the People of El Salvador (Washington, DC: Government Printing
Office, 1989), 122). See also James Dempsey and David Cole, Terrorism and the Constitution (Los Angeles: First Amendment Foundation, 1999), 22-24.

7. (p. 176) Its purpose was described in an FBI memo as providing "assistance to
Palestinian students in their education and settlement in the United States and to
report, explain, correct and spread the Palestinian cause to all people" (Dempsey
and Cole, Terrorism and the Constitution, 44-45).

8. (p. 176) U.S. Department of Justice, Executive Office for Immigration Review,
Immigration Court, Los Angeles, In the Matters of. Khader Musa Hamde and Michel
Ibrahim Nasif Shehaldeh, in Deportation Proceedings Files A19 262 560 Los Angeles CA
A30 650 528 respectively; Order of the Immigration Judge (October 29, 2007).

9. (p. 176) The organization, the Popular Front for the Liberation of Palestine (PFLP),
provided support for social services-day care, healthcare, and so on-as well as for
terrorist activities. Material support for the terrorist side of the organization would
be grounds for prosecution, but the LA 8's efforts were directed toward the social
service side of the PFLP.

10. (p. 176) Tash Hepting et al. v. AT&T Corporation, U.S. District Court for the Northern District of California, Case 3:06-cv-00672-vrw, Exhibit C, Klein-C3.

11. (p. 176) J. Scott Marcus, affidavit in Tash Hepting et al. v. AT&T Corporation et al.,
United States Second District Court for Northern California, Case 3:06-cv-0672-vrw
(June 8, 2006), 21.

12. (p. 177) Mark Klein, personal communication, December 16, 2009.

13. (p. 177) Susan Landau, "National Security on the Line," Journal of Telecommunications and High Technology Law, 4, no. 2 (Spring 2006): 411.

14. (p. 177) Vassilis Prevelakis and Diomidis Spinellis, "The Athens Affair," IEEE
Spectrum, July 2007, 18-25.

15. (p. 177) For a PSTN or cellular call, the phone number might reveal who is
communicating with whom; on the Internet, the equivalent, which is an IP address, may be quite revelatory, or it might simply signify an Internet cafe with two dozen
users. Of course, the IP address may be combined with other information that may,
in fact, identify the user.

16. (p. 178) Wired How-To Wiki, Tap a Phone Line, http://howto.wired.com/wiki/Tap a
Phone Line.

17. (p. 178) Adam Clymer, "Gingrich is Heard Urging Tactics in Ethics Case," New
York Times, January 10 1997.

18. (p. 178) Office of the Manager, National Communications System, SMS over SS7,
NCS Technical Information Bulletin 03-2 (December 2003), 41-42.

19. (p. 178) D. Richard Kuhn, Thomas J. Walsh, and Steffen Fries, Security Considerations for Voice over IP Systems, National Institute for Standards and Technology
Special Publication 800-58 (Gaithersberg, MD: National Institute for Standards and
Technology, January 2005), 4.

20. (p. 178) Kuhn, Walsh, and Fries, Security Considerations for Voice over 1P Systems,
82-83.

21. (p. 179) One estimate is fifteen to twenty systems other than those of the sender
and receiver (Kuhn, Walsh, and Fries, Security Considerations for Voice over IP Systems, 18).

22. (p. 179) Patrick Traynor, Patrick McDaniel, and Thomas La Porta, Security for
Telecommunications Networks (New York: Springer, 2008), 144-145.

23. (p. 179) Tom Berson, Skype Security Evaluation (October 18, 2005), 11, http://
www.anagram.com/berson/abskyeval.htmi.

24. (p. 179) Nart Villineuve, Breaching Trust: An Analysis of Surveillance and Security
Practices on China's Tom-Skype Platform, Information Warfare Monitor (Toronto:
Munk Center for International Studies, University of Toronto, October 1, 2008). The
insecurity of the logging servers was corrected after the report was issued.

25. (p. 179) Kuhn, Walsh, and Fries, Security Considerations for Voice over IP Systems, 77.

26. (p. 179) This phenomenon results from the distinctive packet lengths for each
of the phonemes, which arises from compression used to save communications
bandwidth. If padding, which adds bits so that all packets are a longer common
length, is used, then it becomes much more difficult to recognize words or phrases
within the encrypted communications (Charles V. Wright, Lucas Ballard, Scott E.
Coull, Fabian Monrose, Gerald M. Masson, "Spot Me If You Can: Uncovering Spoken
Phrases in Encrypted VoIP Conversations," Proceedings of the 2008 IEEE Symposium
on Security and Privacy, Piscataway, NJ: IEEE, 2008).

27. (p. 179) Even when sessions are encrypted through SSL, through examining the
number and length of the encrypted http responses, it is possible to determine
which web pages are being viewed.

28. (p. 180) Asoke Talukder, "Clean and Tidy," Communications Engineer 3, no. 4 (2005): 39.

29. (p. 180) Traynor, McDaniel, and La Porta, Security for Telecommunications
Networks, 77.

30. (p. 180) Finding active phone numbers from which to launch the assault is the
main problem in this space (Traynor, McDaniel, and La Porta, Security for Telecommunications Networks, 80-81, 83-86).

31. (p. 181) BluFlo, "Handheld SCADA," http://www.bluflo.com/ndex.php?option
=comcontent&taks=view&id=27 &itemid=4 2.

32. (p. 181) Traynor, McDaniel, and La Porta, Security for Telecommunications
Networks, 59-60.

33. (p. 181) Pub. L. 104-104, 110 Stat. 56.

34. (p. 181) Traynor, McDaniel, and La Porta, Security for Telecommunications Networks, 59.

35. (p. 181) The fee of $2,000 was AT&T's fee in the state of California, which should
be representative. This included a $590 nonrecurring fee, a $100 monthly charge,
and a small mileage charge.

36. (p. 181) AT&T was advertising "Talk and surf the Web at the same time on 3G."

37. (p. 181) Jenna Wortham, "AT&T Urges Customers to Use Less Wireless Data,"
New York Times, December 10, 2009.

38. (p. 182) Wayne Jansen and Karen Scarfone, Guidelines on Cell Phone and PDA
Security, National Institute of Standards and Technology Special Publication 800-124
(Gaithersberg, MD: National Institute of Standards and Technology, October 2008), 3-8.

39. (p. 182) All it takes to be able to track a user is for them to register their cell
number with a website and agreeing via text to their phone that "X" is their "buddy"
and allowed to have their location information. A Guardian newspaper reporter
described the system, whose security rests on responding to a text message sent to
the cell of the person being tracked (Ben Goldacre, "How I Stalked My Girlfriend,"
guardian.co.uk, February 1, 2006, http://www.guardian.co.uk/technology/2006/
feb/01/news.g2). Such a system is easy to subvert.

40. (p. 183) The discussion in this section relies heavily on Steven M. Bellovin, Matt
Blaze, Ernie Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau,
Jon Peterson, John Treichler, "Security Implications of Applying the Communications
Assistance for Law Enforcement Act to Voice over IP" (2006), http://www.cs.columbia
.edu/--smb/papers/CALEAVOIPreport.pdf

41. (p. 183) This is interconnected VoIP.

42. (p. 187) Steven M. Bellovin et al., "Security Implications," 15.

43. (p. 187) Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, PeterNeumann,
and Jennifer Rexford, "Risking Communications Security: Potential Hazards of the
`Protect America Act,"' IEEE Security and Privacy, 6, no. 1 (January/February 2008): 29.

44. (p. 188) Steven M. Bellovin et al., "Security Implications," 15.

45. (p. 188) Bellovin et al., "Security Implications," 16-17.

46. (p. 188) U.S. Department of Justice, Office of Inspector General, Audit Division,
The Implementation of the Communications Assistance for Law Enforcement Act, Audit
Report 06-13 (Washington, DC: U.S. Department of Justice, March 2006), 54.

47. (p. 188) U.S. Department of Justice, Office of Inspector General, Audit Division,
Implementation of the Communications Assistance for Law Enforcement Act, 54-55.

48. (p. 188) The bill was not introduced; Senator Mike DeWine, who had been planning to do so, lost his reelection bid and chose not to introduce the bill late in the
term. That does not mean that the FBI will not try a variation of the bill at a later
date. CALEA itself was first proposed by the FBI in 1992 as the "Digital Telephony"
bill. It was reintroduced in the 1994 session and passed in the waning days of
the term.

49. (p. 188) Bellovin et al., "Security Implications," 17.

50. (p. 189) U.S. Department of Justice, Office of Inspector General, Audit Division,
The Implementation of the Communications Assistance for Law Enforcement Act, 23-30.

51. (p. 189) Bellovin et al., "Security Implications," 17.

52. (p. 189) Center for Democracy and Technology, Balancing the Location Needs
of E911 with Privacy and Innovation (Washington, DC: Center for Democracy and
Technology, May 2007).

53. (p. 189) Yochai Benkler, Wealth of Networks: How Social Production Transforms
Markets and Freedom (New Haven, CT: Yale University Press, 2006), 370.

Other books

TheRedKing by Kate Hill
Too Far Gone by Debra Webb, Regan Black
RawHeat by Charlotte Stein
Dreamology by Lucy Keating
Remember Love by Nelson, Jessica
The Bloodless Boy by Robert J. Lloyd
El jugador by Iain M. Banks
A Voice in the Wind by Francine Rivers