Interesting People mailing list archives
Software for Tyranny (was: Anti-terrorism software that balances privacy and security?)
From: David Farber <dave () farber net>
Date: Wed, 25 Jan 2006 15:34:25 -0500
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: January 25, 2006 3:08:06 PM EST To: neumann () vortex com Cc: dave () farber netSubject: Software for Tyranny (was: [IP] Anti-terrorism software that balances privacy and security?)
(This is regarding the UCLA Press Release for a new "anti-terrorism software concept". When you read releases like that you understand why so many people consider academics to be dangerously out of touch with the impacts of their creations...) The technical term that is best used to describe the underlying philosophy implied by systems such as that described below is "dangerous bullsh*t." Let's ignore for the moment the grandiose claims of mathematical impenetrability. The algorithms may prove to be very strong -- or not. Often systems that are theoretically very secure are compromised through implementation or usage errors (think WWII and Enigma for but one early example). But the real sidesplitting, ultimate guffaws line from the press release is this:
... may ease some of these privacy concerns by making the tracking of terrorist communications over the Internet more efficient, and more targeted, than ever before.
Man, talk about reasoning straight out of 1984's Newspeak! Let's get this straight. The idea being promoted is the wide deployment of effectively unauditable monitoring software throughout the Internet, where only the entity doing the monitoring can detect or control the details of what is being intercepted or demonstrate later that only the "correct" material was obtained. This is supposed to ease privacy concerns? It does exactly the opposite. Such a scheme combines all of the worst aspects of conventional communications monitoring with the added bonus (for the entities doing the monitoring) of drastically reducing the likelihood of surveillance abuses being detected. I won't get into a detailed discussion here of the obvious vectors for massive misuse and risks in such a system. But here's a quickie example related to current news. Obviously there's a big controversy right now about the Feds going after search engine query data (which, as we've now made clear, certainly can and does contain very personal information, even without IP addresses and the like). But at least in the cases under discussion the government had to go to the companies involved to request/demand the data in question. Now, imagine a scenario where it is possible to tap into any ISP activity on an instantaneous basis, changing what you're probing for from minute to minute -- with even the search engines, mail service providers, or any other services having no idea what's been sucked up and no way to even retroactively verify what's been intercepted. This is a recipe for electronic tyranny -- nothing less -- and is one of the best arguments I've ever seen for the deployment of pervasive encryption. There are those who would argue that there's no need to fear such systems, since we're assured they'd only be used to fight terrorists or criminals, and we can trust that such powers would not be abused. That's always the party line. But I remind such apologists that the technological surveillance infrastructures that we put into place now will be available to future administrations and governments which might be less, uh, "benign" than the current one. Do you really want to put such incredible spying power -- especially of the essentially unauditable sort -- into the hands of future would-be tyrants? I'd be glad to discuss the more detailed aspects of this issue with interested parties, of course. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - -
By BJS Created 01/24/2006 - 13:42 The government's ability to balance the privacy concerns of lawful U.S. citizens with effective monitoring of potential terrorists has proven an increasingly difficult task, particularly in recent months. But a landmark software development by researchers at UCLA's Henry Samueli School of Engineering and Applied Science may ease some of these privacy concerns by making the tracking of terrorist communications over the Internet more efficient, and more targeted, than ever before. UCLA Engineering professor Rafail Ostrovsky and graduate researcher William Skeith have developed a new method to mine potential terrorist-related communications that essentially narrows down the data to only those documents that fit pre-set, secret criteria chosen by intelligence agencies. The new approach filters down the information from billions of communications to just those deemed essential — discarding communications from law-abiding citizens before they ever reach the intelligence community. That means lawful U.S. citizens who don't fit the parameters are automatically ruled out. The truly revolutionary facet of the technology is that it is a new and powerful example of a piece of code that has been mathematically proven to be impossible to reverse-engineer. In other words, it can't be analyzed to figure out its components, construction and inner workings, or reveal what information it's collecting and what information it's discarding — it won't give up its secrets. It can't be manipulated or turned against the user. Because the code cannot be analyzed, terrorists using the Internet to communicate will never know if the filter has pinpointed their data or not. For those seeking to thwart terrorism, this development means less data to store and wade through in a secure setting, and, ultimately, the ability to react more quickly, without fear of exposing top-secret search criteria and tipping off the terrorists. ..."Gathering data can be costly and time-consuming for intelligence agencies. All of the potential data must first be pulled offline into a trusted and classified environment, and then painstakingly sifted through," Ostrovsky said. "With this new technology, based on highly esoteric mathematics, the software can be distributed to many machines on the Internet, not necessarily trusted or highly secure. The software works by analyzing all of the data and then having the appearance of putting all the data into a 'secure box.' A secret filter inside the box dismisses some data as useless and collects only relevant data according to the confidential criteria that can be programmed into the software. And because it's all done inside encrypted code, it's not apparent which, if any, of the data has been selected and kept, except by the person who has deployed the filter and has the decryption key." The filter criteria can be reset as often as intelligence analysts deem necessary to keep up with the changing terminology of terrorists. "While a savvy person may be able to tell that the program is running in the background, they will not be able to tell what data is being selected," Ostrovsky explained. "For example, even if Al Qaeda had an extremely knowledgeable programmer and, say, they steal a laptop with this program, they would not be able to figure out which documents were selected and kept inside the 'secure box' and which were not. By distributing this software all over the Internet to providers and network administrators, you can easily monitor a huge data flow in a distributed, cost-efficient manner, and choose only those documents that look promising based on your secret criteria. The filter cannot be broken in the same sense that one cannot crack time tested public key encryption functions such as those already used for Internet commerce and banking applications. In that aspect, it's essentially a bullet-proof technology." ...Ostrovsky, who also directs the Center of Information and Computation Security at the school, said, "There have to be checks and balances. Like any tool, technology can be used for good or bad. I view this research as a new and viable way to combat terrorism that can also strike a balance with the need for strong privacy protections for ordinary citizens. It's an efficient data gathering technology against the bad guys. In that sense, it could be an exciting new tool in the U.S. Department of Defense's arsenal against terror."
... - ------- End of Forwarded Message ------- End of Forwarded Message ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Software for Tyranny (was: Anti-terrorism software that balances privacy and security?) David Farber (Jan 25)