LISTSERV - NCSG-DISCUSS Archives

Begin forwarded message:

> From: [log in to unmask]
> Date: August 15, 2009 7:33:56 AM PDT
> To: [log in to unmask]
> Subject: [IRP] Building in Surveillance
>
> Building in Surveillance
> Crypto-Gram Newsletter
> Bruce Schneier
> Chief Security Technology Officer, BT
>
> China is the world's most successful Internet censor. While the Great
> Firewall of China isn't perfect, it effectively limits information  
> flowing
> in and out of the country. But now the Chinese government is taking  
> things
> one step further.
>
> Under a requirement taking effect soon, every computer sold in  
> China will
> have to contain the Green Dam Youth Escort software package.  
> Ostensibly a
> pornography filter, it is government spyware that will watch every  
> citizen
> on the Internet.
>
> Green Dam has many uses. It can police a list of forbidden Web  
> sites. It
> can monitor a user's reading habits. It can even enlist the  
> computer in
> some massive botnet attack, as part of a hypothetical future cyberwar.
>
> China's actions may be extreme, but they're not unique. Democratic
> governments around the world -- Sweden, Canada and the United  
> Kingdom, for
> example -- are rushing to pass laws giving their police new powers of
> Internet surveillance, in many cases requiring communications system
> providers to redesign products and services they sell.
>
> Many are passing data retention laws, forcing companies to keep
> information on their customers. Just recently, the German government
> proposed giving itself the power to censor the Internet.
>
> The United States is no exception. The 1994 CALEA law required phone
> companies to facilitate FBI eavesdropping, and since 2001, the NSA has
> built substantial eavesdropping systems in the United States. The
> government has repeatedly proposed Internet data retention laws,  
> allowing
> surveillance into past activities as well as present.
>
> Systems like this invite criminal appropriation and government  
> abuse. New
> police powers, enacted to fight terrorism, are already used in  
> situations
> of normal crime. Internet surveillance and control will be no  
> different.
>
> Official misuses are bad enough, but the unofficial uses worry me  
> more.
> Any surveillance and control system must itself be secured. An
> infrastructure conducive to surveillance and control invites  
> surveillance
> and control, both by the people you expect and by the people you  
> don't.
>
> China's government designed Green Dam for its own use, but it's been
> subverted. Why does anyone think that criminals won't be able to  
> use it to
> steal bank account and credit card information, use it to launch other
> attacks, or turn it into a massive spam-sending botnet?
>
> Why does anyone think that only authorized law enforcement will mine
> collected Internet data or eavesdrop on phone and IM conversations?
>
> These risks are not theoretical. After 9/11, the National Security  
> Agency
> built a surveillance infrastructure to eavesdrop on telephone calls  
> and
> e-mails within the United States.
>
> Although procedural rules stated that only non-Americans and  
> international
> phone calls were to be listened to, actual practice didn't always  
> match
> those rules. NSA analysts collected more data than they were  
> authorized
> to, and used the system to spy on wives, girlfriends, and famous  
> people
> such as President Clinton.
>
> But that's not the most serious misuse of a telecommunications
> surveillance infrastructure. In Greece, between June 2004 and March  
> 2005,
> someone wiretapped more than 100 cell phones belonging to members  
> of the
> Greek government -- the prime minister and the ministers of defense,
> foreign affairs and justice.
>
> Ericsson built this wiretapping capability into Vodafone's  
> products, and
> enabled it only for governments that requested it. Greece wasn't  
> one of
> those governments, but someone still unknown -- a rival political  
> party?
> organized crime? -- figured out how to surreptitiously turn the  
> feature
> on.
>
> Researchers have already found security flaws in Green Dam that would
> allow hackers to take over the computers. Of course there are  
> additional
> flaws, and criminals are looking for them.
>
> Surveillance infrastructure can be exported, which also aids
> totalitarianism around the world. Western companies like Siemens,  
> Nokia,
> and Secure Computing built Iran's surveillance infrastructure. U.S.
> companies helped build China's electronic police state. Twitter's
> anonymity saved the lives of Iranian dissidents -- anonymity that many
> governments want to eliminate.
>
> Every year brings more Internet censorship and control -- not just in
> countries like China and Iran, but in the United States, the United
> Kingdom, Canada and other free countries.
>
> The control movement is egged on by both law enforcement, trying to  
> catch
> terrorists, child pornographers and other criminals, and by media
> companies, trying to stop file sharers.
>
> It's bad civic hygiene to build technologies that could someday be  
> used to
> facilitate a police state. No matter what the eavesdroppers and  
> censors
> say, these systems put us all at greater risk. Communications  
> systems that
> have no inherent eavesdropping capabilities are more secure than  
> systems
> with those capabilities built in.
>
> http://www.schneier.com/crypto-gram-0908.html
>
> _______________________________________________
> IRP mailing list
> [log in to unmask]
> http://lists.internetrightsandprinciples.org/listinfo.cgi/irp- 
> internetrightsandprinciples.org




IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA  94117  USA
p: +1-415-553-6261    f: +1-415-462-6451
w: http://www.ipjustice.org     e: [log in to unmask]