Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (63 page)

55. (p. 251) I use the word substantively because, as the IETF RFC 2804 notes, "Wiretapping, even when it is not being exercised, therefore lowers the security of the
system" (Network Working Group, RFC 2804: IETF Policy on Wiretapping, http://
www.ietf.org/rfc/rfc2804.txt 7). By definition, any form of wiretapping intrudes on
the security of a communication.

56. (p. 251) In this and what follows in this section, I use the term must as in the
"MUST" of IETF RFCs: "This word, or the terms `REQUIRED' or `SHALL,' mean that
the definition is an absolute requirement of the specification" (Scott Bradner, RFC
2119: Key Words for Use in RFCs to Indicate Requirement Levels, (http://www.ietf.org/
rfc/rfc2ll9.txt, March 1997), 1).

57. (p. 251) The Cisco architecture used a hashing algorithm, MDS, that is now known
to have weaknesses. Periodic review of systems in place will catch such security changes.

58. (p. 251) "The system is less secure ... [and] more complex. Being more complex,
the risk of unintended security flaws in the system is larger" (Network Working
Group, RFC 2804: IETF Policy on Wiretapping, 7).

59. (p. 251) Cross, "Exploiting Lawful Intercept," 2, 5, 7.

60. (p. 252) National Research Council, Protecting Individual Privacy in the Struggle
Against Terrorists: A Framework for Program Assessment (Washington, DC: National
Academies Press, 2008), S.

61. (p. 252) National Research Council, Protecting Individual Rights, S.

62. (p. 252) In Branzburg v. Hayes, the Supreme Court held that requiring journalists
to testify before state or federal grand juries does not violate the First Amendment.

63. (p. 252) The issue is not can a wiretap order be placed on a journalist, for the
answer is yes if there is a probable cause that the journalist is involved in the commission of a serious crime, an agent of a foreign power, and so on. Rather the concern is whether a subpoena to place a pen register on a journalist is legitimate during
the course of a criminal or foreign-intelligence investigation of another party. The
government takes the issue very seriously and requires, for example, that the subpoena be approved by the attorney general.

Epilogue

1. (p. 255) Wayne M. Morrison and Michael F. Martin, How Large Is China's Economy?
Does It Matter?, Congressional Research Service Report for Congress, RS22808 (February 13, 2008), CRS3-CRS4.

2. (p. 255) Franklin D. Kramer, "Cyberpower and National Security: Policy Recommendations for a Strategic Framework," in Franklin D. Kramer, Stuart H. Starr, and
Larry K. Wentz, eds., Cyberpower and National Security (Washington, DC: National
Defense University Press, 2009), 12.

3. (p. 256) The U.S. government found no evidence that the warrantless wiretapping
of the President's Surveillance Program had been intentionally misused (Offices of
the Inspector General of the Department of Defense, Department of Justice, Central
Intelligence Agency, National Security Agency, Office of the Director of National
Intelligence, Unclassified Report on the President's Surveillance Program, Report 20090013-AS, July 10, 2009, 15).

4. (p. 256) The Department of Justice Inspector General report concluded that "it
was extraordinary and inappropriate that a single DOJ attorney" could conduct such
a critical legal analysis working entirely on his own (Offices of the Inspector General,
Unclassified Report on the President's Surveillance Program, 30).

5. (p. 256) David Cole, "How to Skip the Constitution," New York Review of Books,
November 16, 2006, 21.

6. (p. 256) Cole, "How to Skip the Constitution," 21.

7. (p. 256) The Sedition Act, which criminalized publishing "false, scandalous, and
malicious writing" against the government and government officials, expired in
1801; it is assumed that had the act been tested in court, it would have been found
unconstitutional. The Alien Act, which remains in effect today as 50 U.S.C. §21-24,
authorizes the president to deport resident aliens if their native country is at war
with the United States.

8. (p. 256) Cole, "How to Skip the Constitution," 22.

Administrative Office of the United States Courts. Wiretap Report. Washington, DC:
Government Printing Office, 1999.

Afanasyev, Mikhail, Tadayoshi Kohno, Justin Ma, Nick Murphy, Stefan Savage,
Alex Snoeren, and Geoffrey Voelker. Network Support for Privacy-Preserving Forensic
Attribution. University of California San Diego Technical Reports, CS2009-0940,
March 2009.

AT&T Messaging FAQ. http://www.wireless.att.com/leam/messaging-intemet/messaging/
faq.j sp#pricing-text.

Bernstein, Nina. "In American Mill Towns, No Mirror Image of the Muslims in
Leeds." New York Times, July 21, 2005.

Bobbit, Philip. The Shield of Achilles: War, Peace, and the Course of History. New York:
Knopf, 2003.

Byres, Eric, and Justin Lowe. "The Myths and Facts behind Cyber Security Risks
for Industrial Control Systems." Proceedings of the VDE Kongress, 213-217. Berlin:
VDE, 2004.

Center for Democracy and Technology. Einstein Intrusion Detection Systems: Questions
That Should Be Addressed. Washington, DC: Center for Democracy and Technology,
July 2009.

Clarke, Richard. Interview on Frontline, http://www.pbs.org/wgbh/pages/frontline/
shows/cyberwar/interviews/clarke.html, March 18, 2003.

Cooper. Michael. "Ex-CIA Spy Chief to Run Police Intelligence." New York Times,
January 25, 2002.

Commission of the European Communities. Brussels, "Protecting Europe from Large
Scale Cyber-Attacks and Disruptions: Enhancing Preparedness, Security and Resilience." Communication from the Commission to the European Parliament, the
Council, the European Economic and Social Committee and the Committee of the
Regions on Critical Information Infrastructure Protection. SEC 2009 Brussels, 2009. "Cyber War: Sabotaging the System." Sixty Minutes, CBS, November 8, 2009. http://
www.cbsnews.com/stories/2009/ 11/06/60minutes/main5555565.shtml?tag=cont.

Dagon, David, Cliff Zou, and Wenke Lee. "Modeling Botnet Propagation Using Time
Zones." Proceedings of the 13th Annual Network and Distributed System Security Symposium (NDSS 2006), San Diego, CA, February 2006.

Doyle, Charles. The USA PATRIOT Act: A Sketch. CRS Report for Congress, R521203,
April 18, 2002.

Droma, R. RFC 2131-Dynamic Host Configuration Protocol. March 1997. http://
tools.ietf.org/html/rfc2l3l.

EFF v. Department of Justice. Civil Action No. 06-1708-CKK (D.D.C.) (filed 3 Oct.
2006). www.eff.org/ issues/foia/061708CKK.

European Union, Council of the European Union. Report from Working Party on
Cooperation in Criminal Matters to Article 36 Committee, 6566/05. Copen 35, Telecom
10. Brussels, February 24, 2005.

Exhibit A. Tash Hepting et al. v. AT&T Corporation et al. United States Second District
Court for Northern California, Case 3:06-cv-0672-vrw, June 8, 2006.

Fildes, Jonathan. "Wikipedia `Shows CIA Page Edits."' BBC News, August 15, 2007.
http://news.bbc.co.uk/2/hi/technology/6947S32.stm.

Froehlich, Fritz E., and Allen Kent. The Froehlich/Kent Encyclopedia of Telecommunications, vol. 15, 231-255. New York: Marcel Dekker, 1997. http://www.cert.org/
encyc-article/tocencyc.html.

Frost, Mike, as told to Michael Gratton. Spyworld: Inside the Canadian and American
Intelligence Establishments. Toronto: Doubleday Canada, 1994.

Gellman, Barton, Dafna Linzer, and Carol Leonnig. "Surveillance Net Yields Few
Suspects." Washington Post, February 5, 2006.

Goldberg, Ian. "Privacy-Enhancing Technologies for the Internet, II: Five Years
Later." In Roger Dingledine and Paul Syverson, eds., Proceedings of the Privacy Enhancing Technologies Workshop (PET 2002), April 2002. New York: Springer, 2003.

Golle, Philipe, and Kurt Partridge. "On the Anonymity of Home/Work Location
Pairs." Proceedings of the 7" International Conference, Pervasive 2009, New York:
Springer 2009.

Hadian, Nasser, Shaul Bakhash, Henry Precht, and Gary Sick. "The Shah and Revolution."
World Feature, BBC News, October 26, 2004. http://www.theworld.org/?q=node/3567.

Helm, Sarah. A Life in Secrets: Vera Atkins and the Lost Agents of SOE. London: Little,
Brown, 2005.

Heymann, Phillip. Terrorism and America: A Commonsense Strategy for a Democratic
Society. Cambridge, MA: MIT Press, 1998.

Hussain, Zahid, Siobhan Gorman, and Neil King, Jr. "Students Linked to Al Qaeda."
Wall Street Journal, December 11, 2009.

"Internet Infrastructure Security: A Taxonomy." IEEE Network (November/December) (2002): 13-21.

Johnson, Thomas R. American Cryptology during the Cold War, 1945-1989; Book II,
Centralization Wins: 1960-1972. vol. S. United States Cryptologic History: The NSA
Period, 1952-Present. Fort Meade, MD: Center for Cryptologic History, National
Security Agency, 1995.

Johnston, David, and James Risen. "Traces of Terrorism: The Intelligence Series:
Series of Warnings." New York Times, May 17, 2002.

Jones, Seth, and Martin Libiki. How Terrorist Groups End: Lessons for Countering Al
Qa'ida. Santa Monica, CA: Rand Corporation, 2008.

Kahn, David. "The Rise of Intelligence." Foreign Affairs, September/October 2006.

Kennedy, Charles, and Peter Swire. "State Wiretaps and Electronic Surveillance after
September 11th." Hastings Law Journal 54 (2003): 971.

Kent, Stephen. "Architectural Security." In Daniel Lynch and Marshall Rose, eds.,
Internet System Handbook, 369-419. Reading, MA: Addison-Wesley, 1993.

Kent, Stephen, and Lynette Miller. Who Goes There? Authentication through the Lens
of Privacy. Washington, DC: National Academies Press, 2003.

Kepel, Gilles. The Battle for Muslim Minds: Islam and the West. Cambridge, MA:
Harvard University Press, 2004.

Kohlmann, Evan. "The World of Warcraft." Foreign Affairs, September/October 2006.

Kosta, Eleni, and Peggy Valcke. "Telecommunications, the EU Data Retention Directive: Retaining the Data Retention Directive." Computer Law & Security Report 22
(2006): 370-380.

Kris, David. "The Rise and Fall of the FISA Wall." Stanford Law & Policy Review 17
(2006): 487-528.

Landau, Susan. "Standing the Test of Time: The Data Encryption Standard." Notices
of the American Mathematical Society (March) (2000): 341-349.

Leibovich, Mark. "Strom of the Century; The Hill Sings `Happy Birthday' as Sen.
Thurmond Turns 100." Washington Post, December 6, 2002, Al.

Lockhart, Gregory. "Ohio Man Pleads Guilty to Conspiracy to Bomb Targets in
Europe and the United States." Press release, United States Attorney General, Southern District of Ohio, June 3, 2008.

Lynch, Daniel, and Marshall Rose, eds. Internet System Handbook. Reading, MA:
Addison-Wesley, 1993.

Markoff, John. "Before the Gunfire, Cyberattacks." New York Times, August 13, 2009.

McMillan, Robert. "The NSA Wiretapping Story That Nobody Wanted." New York
Dines, July 17, 2009.

Nakashima, Ellen. "Cybersecurity Plan to Involve NSA, Telecoms." Washington Post,
July 3, 2009.

Office of the Manager, National Communications System. The Electronic Intrusion
Threat to National Security and Emergency Preparedness Telecommunications.
2nd ed. Arlington, VA: Office of the Manager, National Communications System,
December 5, 1994.

Packer, George. "Knowing the Enemy." New Yorker December 18, 2006, 61-69.

Parfomak, Paul W. Vulnerability of Concentrated Critical Infrastructure: Background and
Policy Options. CRS Report for Congress. Washington, DC: Congressional Research
Service, September 12, 2008.

Parker, Geoffrey, and Edward Anderson, Jr. "From Buyer to Integrator: The Transformation of the Supply-Chain Manager in the Vertically Integrating Firm." Production and Operations Management 11 (1) (Spring 2002): 75-91.

Pew Research Center. Muslim Americans: Middle Class and Mostly Mainstream.
Washington, DC: Pew Research Center, May 22, 2007.

Research and Development Committee, Financial Services Coordinating Council for
Critical Infrastructure Protection and Homeland Security. Research Agenda for the
Banking and Finance Sector. September 2008. https://www.fsscc.org/fsscc/reports/2008/
RD-Agenda-FINAL.pdf.

Rheingold, Howard. Smart Mobs: The Next Social Revolution. Cambridge, MA: Perseus
Press, 2002.

Risen, James, and Eric Lichtblau. "Rice Defends Bush Eavesdropping." New York
Times, December 19, 2005.

Rishikof, Harvey. "Economic and Industrial Espionage." In Jennifer Sims and Burton
Gerber, eds., Vaults, Mirrors, and Masks: Rediscovering U.S. Counterintelligence,
199-222. Washington, DC: Georgetown University Press, 2009.

Rosenthal, Elizabeth, with David Sanger. "U.S. Plane in China After It Collides with
Chinese Jet." New York Times, April 2, 2001, Al.

Rosenzweig, Paul. "National Security Threats in Cyberspace: A Workshop Jointly Conducted by the American Bar Association Standing Committee on Law and National Security
and National Strategy Foruin," Post Workshop Report, September 2009.

Savage, Stefan. Comments on "CCC BLOG." February 25, 2009. http://www.cccblog
. org/ 2009 /02/21 /does-better-secu rity-depend-on-a-better-intemet/.