Technology, Thoughts & Trinkets

Touring the digital through type

Review: Surveillance or Security?

surveillance-or-security-the-risks-posed-by-new-wiretapping-technologiesIn Security or Security? The Real Risks Posed by New Wiretapping Technologies, Susan Landau focuses on the impacts of integrating surveillance systems into communications networks. Her specific thesis is that  integrating surveillance capacities into communications networks does not necessarily or inherently make us more secure, but may introduce security vulnerabilities and thus make us less secure. This continues on threads that began to come together in the book she and Whitfield Diffie wrote, titled Privacy on the Line: The Politics of Wiretapping and Encryption, Updated and Expanded Edition.

Landau’s work is simultaneously technical and very easy to quickly read. This is the result of inspired prose and gifted editing. As a result, she doesn’t waver from working through the intricacies of DNSSEC, nor how encryption keys are exchanged or mobile surveillance conducted, and by the time the reader finishes the book they will have a good high-level understanding of how these technologies and systems (amongst many others!) work. On the policy side, she gracefully walks the reader through the encryption wars of the 1990s,[1] as well as the politics of wiretapping more generally in the US. You don’t need to be a nerd to get the tech side of the book, nor do you need to be a policy wonk to understand the politics of American wiretapping.

Given that her policy analyses are based on deep technical understanding of the issues at hand, each of her recommendations carry a considerable amount of weight. As examples, after working through authentication systems and their deficits, she differentiates between three levels of online identification (machine-based, which relies on packets; human, which relies on application authentication; and digital, which depends on biometric identifiers). This differentiation lets her  consider the kinds of threats and possibilities each identification-type provides. She rightly notes that the “real complication for attribution is that the type of attribution varies with the type of entity for which we are seeking attribution” (58). As such, totalizing identification systems are almost necessarily bound to fail and will endanger our overall security profiles by expanding the surface that attackers can target.

Landau argues that key US intercept laws, such as CALEA, often add costs that delay the deployment of new products. Further, such laws act as market barriers to smaller competitors because they find it challenging to comply with laws that demand costly infrastructure investments that aren’t needed for day-to-day operations. To comply with CALEA, telecommunications carriers are increasingly purchasing expensive and fungible systems that integrate deep packet inspection technologies. To offset equipment costs, these same carriers are motivated to use their fungible equipment to prioritize and delay traffic. Landau takes a dim view of such repurposing, writing that:

There is no need to do deep packet inspection to determine traffic priority. The simple solution to the traffic congestion problem consists of IPv6, the long-delayed IP protocol, and Internet usage pricing. IPv6 has two fields, one for service … and one for the quality of service designated by the user … Instead of the ISP determining the traffic shaping, the customer can do so, and can pay for the privilege of employing the faster service (132).

Further, inserting surveillance equipment that can massively mediate data and voice communications introduces intentional vulnerabilities into the communications infrastructure. In effect, wiretapping creates risks to communication security and, by endangering the privacy of citizens’ communications, society’s social fabric. Given the widespread introduction of such vulnerabilities throughout American telecommunications networks, two things are required to ensure secure communications:

  1. End-to-end encryption to guarantee message content;
  2. Company practices that disallow divulging conversations and that disallow revealing that communications between parties even happened.

Extending her view of communications security beyond the borders of continental America, Landau argues that providing secure communications systems to NGOs and other ‘on the ground’ parties lets them communicate useful intelligence to the world without fearing retribution from local authorities. The US and UN alike have diminishing sites of presence throughout the world but NGOs continue to burrow into the world’s social fabric. The US is thus well served in pumping research dollars into projects such as Tor; only by doing so can America hope to have a informed perception of the world.

After arguing that DPI (and, by extension, technologies replicating DPI functionality) is effectively a totalizing surveillance apparatus, Landau writes:

The real issue about ubiquitous DPI would be a necessary reliance on anonymization tools such as Tor to hide transactional information. Anyone not using these privacy-preserving, security-protecting tools in the face of omnipresent DPI usage by communications providers would be endangering themselves, their companies, and anyone with whom they communicated. Looking purely from the vantage point of security, it is difficult to understand law enforcement’s push for the ubiquitous use of DPI. This is a short-term solution to enable wiretapping with severe long-term negative consequences for communications security (222).

Such long-term consequences arise because infrastructure can be exceedingly challenging to retrofit; once hardware is deployed in the field, networks configured, and policies set in place, modifying them can be devilishly difficult.[2] The potential consequence is that all ICT systems reliant on the Internet to communicate could be vulnerable to security exploits. Were such an exploit ever taken advantage of the public would reduce its trust in its communications systems. With a loss of trust, and subsequent loss of speech, the democratic spirit suffers.

So, what are the solutions? Landau recognizes that the network of yesterday is poorly suited for the needs of today and tomorrow. Rather than trying to retrofit security, authentication, and identification across the entire Internet, a more granular and modest approach is preferred. The widespread adoption and deployment of Software Defined Networks (SDNs) would enable a multifaceted security profile at the switch/node, providing authentication and identification for some, but not all, transactions and transmissions. Worrying that present and future security policies at nodes are subject to economic facts – vendors often receive a greater market share by getting to market first rather than by providing a secure product – Landau argues that all security-driven vendors should be somehow accountable for exploits of their systems. This would place economic risk on vendors, encouraging delays to market in order to resolve security deficits and avoid future economic losses.

The book concludes with a series of principles that are needed to ‘get communications security right. They are:

  1. Wiretapping laws and technologies must be measured against the threats they pose to communications security. These laws and technologies should not be implemented if they would substantively threaten the “freedom, security, human dignity, or the consent of the governed” (251).
  2. To preserve freedom for posterity, the following must be adopted:
    1. Interception technologies must be designed such that auditing functions are automatically on;
    2. The design of interception access should minimize flexibility to reduce risks that the system can be subverted;
    3. The system should be designated to have genuine two-factor control;
    4. The design should be subject to open public review before implementation in any public network.
  3. Any suspension of communications’ privacy protections must only occur for extremely short durations (think measurable in hours or days, not weeks, months, or years) and only during periods of extreme danger. Audits and evaluations of the suspension(s) must follow.
  4. Communications surveillance must not impede the working of the press, on the belief that a “nation is a democracy only so long as journalists’ communications are secure” (252).

On the whole, the book is excellent. Landau possesses a deep technical and policy understanding of American wiretapping, and brings both of these to bear in her evaluations and policy recommendations. Further, she is gifted in her ability to explain to the layperson and expert alike how policy and security intersect, with hosts of examples throughout the book to supplement her overall argument that intentional security deficits for wiretapping purposes are dangerous to communications security and communicative privacy. When Landau moves away from security, however, the text is on weaker footing. While the forth estate is an important element of a democracy, one can’t help but think of Herman and Chomsky’s Manufacturing Consent: The Political Economy of Mass Media (and the Propaganda Model more specifically) and feel that her trust and reliance on the American press is somewhat overstated. There are some sections that also seem particularly patriotic – private communications caused Americans to adopt the telegraph more rapidly than their surveilled European counterparts, as one example – which could have been more critical of both American and European communications history alike.

I should point out two caveats that might bother some readers. First, the book focuses on the reality of American surveillance. Landau’s justifications are that the wiretapping and surveillance are complex issues and need nuance, that US choices affect the rest of the world, and that communications intelligence and interference affects economics. A good place to start looking at the economic impacts are on the national, rather than international, level. Second, Landau argues that the line to draw is not between surveillance and civil liberties but between surveillance and security. If either of these conditions are particularly unpalatable, then the book may not be for you.

On the whole, I would highly recommend Susan’s book. It’s extremely well referenced, technically savvy, politically aware, and forward thinking. If you’re interested in the politics of security, what governments and technologists are up to in the field of communications security and communications infrastructure, or the implications of present communications infrastructures for the future of democracy, then you need to buy and read this book.

Footnotes:

[1] For an excellent overview of the encryption wars, see “The Encryption Wars: An interview with Jay Worthington” (link to .pdf).

[2] Her argument here closely follows that of Langdon Winner’s in The Whale and the Reactor

1 Comment

  1. You have seen her chapter for NAP;-

Leave a Reply

Your email address will not be published.

*