Technology, Thoughts & Trinkets

Touring the digital through type

Month: March 2011

Security, Hierarchy, and Networked Governance

UnlockedThe capacity for the Internet to route around damage and censorship is dependent on there being multiple pathways for data to be routed. What happens when there are incredibly few pathways, and when many of the existing paths contain hidden traps that undermine communications security and privacy? This question is always relevant when talking about communications, but has become particularly topical given recent events that compromised some of the Internet’s key security infrastructure and trust networks.

On March 22 2011, Tor researchers disclosed a vulnerability in the certificate authority (CA) system. Certificates are used to encrypt data traffic between parties and to guarantee that security certificates are actually issued to the parties holding them. The CA system underpins a massive number of the Internet’s trust relationships; when individuals log into their banks, some social networking services, and many online email services, their data traffic is encrypted to prevent a third-party from listening into the content of the communication. Those encrypted sessions are made possible by the certificates issued by certificate authorities. The Tor researchers announced that an attacker had compromised a CA and issued certificates that let the attacker impersonate the security credentials associated with many of the world’s most prominent websites. Few individuals would ever detect this subterfuge. In effect, Tor researchers discovered that a central element of the Internet’s trust network was broken.

In this post I want to do a few things. First, I’ll briefly describe the attack and its accompanying risks. This will, in part, see me briefly discuss modes of surveillance and motivations for different gradients of surveillance. I next address a growing problem for today’s Internet users: the points of trust we depend on, such as CAs and the DNS infrastructure, are increasingly unreliable. As a result, states can overtly or subtly manipulate to disrupt or monitor their citizens’ communications. Finally, I suggest that in spite of these points of control, states are increasingly limited in their capacities to unilaterally enforce their will. As a consequence of networked governance, and its accompanying power structures, citizens can impose accountability on states and limit their ability to (re)distribute power across and between nodes of networks. Thus, networked governance not only transforms state power but redistributes (some) power to non-state actors, empowering those actors to resist illegitimate state actions.

Continue reading

Technology and Politics in Tunisia and Iran: Deep Packet Surveillance

Middleeast-IranFor some time, I’ve been keeping an eye on how the Iranian government monitors, mediates, and influences data traffic on public networks. This has seen me write several posts, here and elsewhere, about the government’s usage of deep packet inspection, the implications of Iranian government surveillance, and the challenges posed by Iranian ISPs’ most recent network updates. Last month I was invited to give a talk at the Pacific Centre for Technology and Culture about the usage of deep packet inspection by the Iranian and Tunisian governments.

Abstract

Faced with growing unrest that is (at least in part) facilitated by digital communications, repressive nation-states have integrated powerful new surveillance systems into the depths of their nations’ communications infrastructures. In this presentation, Christopher Parsons first discusses the capabilities of a technology, deep packet inspection, which is used to survey, analyze, and modify communications in real-time. He then discusses the composition of the Iranian and Tunisian telecommunications infrastructure, outlining how deep packet inspection is used to monitor, block, and subvert encrypted and private communications. The presentation concludes with a brief reflection on how this same technology is deployed in the West, with a focus on how we might identify key actors, motivations, and drivers of the technology in our own network ecologies.

Note: For more information on the Iranian use of deep packet inspection, see ‘Is Iran Now Actually Using Deep Packet Inspection?

Call for Assistance: A Broadband Analysis Tool

3096166092_da7bcf9997_bCommunications systems are integral to emerging and developed democracies; the capability to rapidly transmit information from one point to another can help fuel revolutions and launch information campaigns about unpopular decisions to ‘meter’ the Internet. In foreign nations and at home in Canada we regularly see ISPs interfere with transmissions of data content. Both abroad and at home, researchers and advocates often have difficulties decoding what telecom and cableco providers are up to: What systems are examining data traffic? How is Internet access distributed through the nation? Are contractually similar data plans that are sold in different geographic regions providing customers with similar levels of service?

To date, Canadian advocates and researchers have been limited in their ability to draw on empirical data during major hearings at the CRTC. This makes research and advocacy challenging. Over the past several years, researchers, advocates, counsel, and members of industry that I’ve spoken to have complained that they need hard data. (It’s a gripe that I’ve stated personally, as well). With your help, numbers will be on the way. Continue reading