Begin forwarded message: > From: [log in to unmask] > Date: August 15, 2009 7:33:56 AM PDT > To: [log in to unmask] > Subject: [IRP] Building in Surveillance > > Building in Surveillance > Crypto-Gram Newsletter > Bruce Schneier > Chief Security Technology Officer, BT > > China is the world's most successful Internet censor. While the Great > Firewall of China isn't perfect, it effectively limits information > flowing > in and out of the country. But now the Chinese government is taking > things > one step further. > > Under a requirement taking effect soon, every computer sold in > China will > have to contain the Green Dam Youth Escort software package. > Ostensibly a > pornography filter, it is government spyware that will watch every > citizen > on the Internet. > > Green Dam has many uses. It can police a list of forbidden Web > sites. It > can monitor a user's reading habits. It can even enlist the > computer in > some massive botnet attack, as part of a hypothetical future cyberwar. > > China's actions may be extreme, but they're not unique. Democratic > governments around the world -- Sweden, Canada and the United > Kingdom, for > example -- are rushing to pass laws giving their police new powers of > Internet surveillance, in many cases requiring communications system > providers to redesign products and services they sell. > > Many are passing data retention laws, forcing companies to keep > information on their customers. Just recently, the German government > proposed giving itself the power to censor the Internet. > > The United States is no exception. The 1994 CALEA law required phone > companies to facilitate FBI eavesdropping, and since 2001, the NSA has > built substantial eavesdropping systems in the United States. The > government has repeatedly proposed Internet data retention laws, > allowing > surveillance into past activities as well as present. > > Systems like this invite criminal appropriation and government > abuse. New > police powers, enacted to fight terrorism, are already used in > situations > of normal crime. Internet surveillance and control will be no > different. > > Official misuses are bad enough, but the unofficial uses worry me > more. > Any surveillance and control system must itself be secured. An > infrastructure conducive to surveillance and control invites > surveillance > and control, both by the people you expect and by the people you > don't. > > China's government designed Green Dam for its own use, but it's been > subverted. Why does anyone think that criminals won't be able to > use it to > steal bank account and credit card information, use it to launch other > attacks, or turn it into a massive spam-sending botnet? > > Why does anyone think that only authorized law enforcement will mine > collected Internet data or eavesdrop on phone and IM conversations? > > These risks are not theoretical. After 9/11, the National Security > Agency > built a surveillance infrastructure to eavesdrop on telephone calls > and > e-mails within the United States. > > Although procedural rules stated that only non-Americans and > international > phone calls were to be listened to, actual practice didn't always > match > those rules. NSA analysts collected more data than they were > authorized > to, and used the system to spy on wives, girlfriends, and famous > people > such as President Clinton. > > But that's not the most serious misuse of a telecommunications > surveillance infrastructure. In Greece, between June 2004 and March > 2005, > someone wiretapped more than 100 cell phones belonging to members > of the > Greek government -- the prime minister and the ministers of defense, > foreign affairs and justice. > > Ericsson built this wiretapping capability into Vodafone's > products, and > enabled it only for governments that requested it. Greece wasn't > one of > those governments, but someone still unknown -- a rival political > party? > organized crime? -- figured out how to surreptitiously turn the > feature > on. > > Researchers have already found security flaws in Green Dam that would > allow hackers to take over the computers. Of course there are > additional > flaws, and criminals are looking for them. > > Surveillance infrastructure can be exported, which also aids > totalitarianism around the world. Western companies like Siemens, > Nokia, > and Secure Computing built Iran's surveillance infrastructure. U.S. > companies helped build China's electronic police state. Twitter's > anonymity saved the lives of Iranian dissidents -- anonymity that many > governments want to eliminate. > > Every year brings more Internet censorship and control -- not just in > countries like China and Iran, but in the United States, the United > Kingdom, Canada and other free countries. > > The control movement is egged on by both law enforcement, trying to > catch > terrorists, child pornographers and other criminals, and by media > companies, trying to stop file sharers. > > It's bad civic hygiene to build technologies that could someday be > used to > facilitate a police state. No matter what the eavesdroppers and > censors > say, these systems put us all at greater risk. Communications > systems that > have no inherent eavesdropping capabilities are more secure than > systems > with those capabilities built in. > > http://www.schneier.com/crypto-gram-0908.html > > _______________________________________________ > IRP mailing list > [log in to unmask] > http://lists.internetrightsandprinciples.org/listinfo.cgi/irp- > internetrightsandprinciples.org IP JUSTICE Robin Gross, Executive Director 1192 Haight Street, San Francisco, CA 94117 USA p: +1-415-553-6261 f: +1-415-462-6451 w: http://www.ipjustice.org e: [log in to unmask]