Software for Tyranny (was: [IP] Anti-terrorism software that balances privacy and security?)
Begin forwarded message:
From: Lauren Weinstein <lauren@xxxxxxxxxx>
Date: January 25, 2006 3:08:06 PM EST
To: neumann@xxxxxxxxxx
Cc: dave@xxxxxxxxxx
Subject: Software for Tyranny (was: [IP] Anti-terrorism software that
balances privacy and security?)
(This is regarding the UCLA Press Release for a new "anti-terrorism
software concept". When you read releases like that you understand
why so many people consider academics to be dangerously out of
touch with the impacts of their creations...)
The technical term that is best used to describe the underlying
philosophy implied by systems such as that described below is
"dangerous bullsh*t."
Let's ignore for the moment the grandiose claims of mathematical
impenetrability. The algorithms may prove to be very strong -- or
not. Often systems that are theoretically very secure are
compromised through implementation or usage errors (think WWII and
Enigma for but one early example).
But the real sidesplitting, ultimate guffaws line from the press
release is this:
... may ease some of
these privacy concerns by making the tracking of terrorist
communications over the Internet more efficient, and more targeted,
than ever before.
Man, talk about reasoning straight out of 1984's Newspeak!
Let's get this straight. The idea being promoted is the wide
deployment of effectively unauditable monitoring software throughout
the Internet, where only the entity doing the monitoring can detect
or control the details of what is being intercepted or demonstrate
later that only the "correct" material was obtained.
This is supposed to ease privacy concerns? It does exactly the
opposite. Such a scheme combines all of the worst aspects of
conventional communications monitoring with the added bonus (for the
entities doing the monitoring) of drastically reducing the
likelihood of surveillance abuses being detected.
I won't get into a detailed discussion here of the obvious vectors
for massive misuse and risks in such a system. But here's a quickie
example related to current news. Obviously there's a big controversy
right now about the Feds going after search engine query data (which,
as we've now made clear, certainly can and does contain very personal
information, even without IP addresses and the like). But at least
in the cases under discussion the government had to go to the
companies involved to request/demand the data in question.
Now, imagine a scenario where it is possible to tap into any ISP
activity on an instantaneous basis, changing what you're probing for
from minute to minute -- with even the search engines, mail service
providers, or any other services having no idea what's been sucked
up and no way to even retroactively verify what's been intercepted.
This is a recipe for electronic tyranny -- nothing less -- and is one
of the best arguments I've ever seen for the deployment of pervasive
encryption.
There are those who would argue that there's no need to fear such
systems, since we're assured they'd only be used to fight terrorists
or criminals, and we can trust that such powers would not be
abused. That's always the party line.
But I remind such apologists that the technological surveillance
infrastructures that we put into place now will be available to
future administrations and governments which might be less, uh,
"benign" than the current one. Do you really want to put such
incredible spying power -- especially of the essentially unauditable
sort -- into the hands of future would-be tyrants?
I'd be glad to discuss the more detailed aspects of this issue with
interested parties, of course.
--Lauren--
Lauren Weinstein
lauren@xxxxxxxxxx or lauren@xxxxxxxx
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
- People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
- International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com
- - -
By BJS
Created 01/24/2006 - 13:42
The government's ability to balance the privacy concerns of lawful
U.S. citizens with effective monitoring of potential terrorists has
proven an increasingly difficult task, particularly in recent months.
But a landmark software development by researchers at UCLA's Henry
Samueli School of Engineering and Applied Science may ease some of
these privacy concerns by making the tracking of terrorist
communications over the Internet more efficient, and more targeted,
than ever before.
UCLA Engineering professor Rafail Ostrovsky and graduate researcher
William Skeith have developed a new method to mine potential
terrorist-related communications that essentially narrows down the
data to only those documents that fit pre-set, secret criteria chosen
by intelligence agencies. The new approach filters down the
information from billions of communications to just those deemed
essential — discarding communications from law-abiding citizens before
they ever reach the intelligence community. That means lawful U.S.
citizens who don't fit the parameters are automatically ruled out.
The truly revolutionary facet of the technology is that it is a new
and powerful example of a piece of code that has been mathematically
proven to be impossible to reverse-engineer. In other words, it can't
be analyzed to figure out its components, construction and inner
workings, or reveal what information it's collecting and what
information it's discarding — it won't give up its secrets. It can't
be manipulated or turned against the user.
Because the code cannot be analyzed, terrorists using the Internet to
communicate will never know if the filter has pinpointed their data or
not. For those seeking to thwart terrorism, this development means
less data to store and wade through in a secure setting, and,
ultimately, the ability to react more quickly, without fear of
exposing top-secret search criteria and tipping off the terrorists.
..."Gathering data can be costly and time-consuming for intelligence
agencies. All of the potential data must first be pulled offline into
a trusted and classified environment, and then painstakingly sifted
through," Ostrovsky said. "With this new technology, based on highly
esoteric mathematics, the software can be distributed to many machines
on the Internet, not necessarily trusted or highly secure. The
software works by analyzing all of the data and then having the
appearance of putting all the data into a 'secure box.' A secret
filter inside the box dismisses some data as useless and collects only
relevant data according to the confidential criteria that can be
programmed into the software. And because it's all done inside
encrypted code, it's not apparent which, if any, of the data has been
selected and kept, except by the person who has deployed the filter
and has the decryption key."
The filter criteria can be reset as often as intelligence analysts
deem necessary to keep up with the changing terminology of terrorists.
"While a savvy person may be able to tell that the program is running
in the background, they will not be able to tell what data is being
selected," Ostrovsky explained. "For example, even if Al Qaeda had an
extremely knowledgeable programmer and, say, they steal a laptop with
this program, they would not be able to figure out which documents
were selected and kept inside the 'secure box' and which were not. By
distributing this software all over the Internet to providers and
network administrators, you can easily monitor a huge data flow in a
distributed, cost-efficient manner, and choose only those documents
that look promising based on your secret criteria. The filter cannot
be broken in the same sense that one cannot crack time tested
public key encryption functions such as those already used for
Internet commerce and banking applications. In that aspect, it's
essentially a bullet-proof technology."
...Ostrovsky, who also directs the Center of Information and
Computation Security at the school, said, "There have to be checks and
balances. Like any tool, technology can be used for good or bad. I
view this research as a new and viable way to combat terrorism that
can also strike a balance with the need for strong privacy protections
for ordinary citizens. It's an efficient data gathering technology
against the bad guys. In that sense, it could be an exciting new tool
in the U.S. Department of Defense's arsenal against terror."
...
- ------- End of Forwarded Message
------- End of Forwarded Message
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/