Big Brother in the black box Pt II
While the experts debate what it takes to counter cyberattacks, civil liberties concerns centre around the emergence of a police state mentality toward Internet use across Europe. Russian critics claim that with Sorm, the FSB effectively has the power to tap into Internet traffic at any time without a warrant. And privacy experts in Britain argue that a deliberate loophole in the legislation means authorities will still be able to trawl through the traffic of British citizens using a "blanket warrant".
Director of Human Rights Online in Moscow, Sergei Smirnov, echoes Britain's concerns over the RIP Bill when he wades into Sorm's provisions: "The technology provides an effective mechanism to bypass a constitutionally required process of court authorisation for wire-tapping of electronic communications," he says.
Trust appears to have already been lost in Russia with civil liberties groups declaring the end of privacy. Russian president Vladamir Putin -- a former KGB agent -- introduced the directive on black boxes as a priority. This was seen by many as a means to restoring tighter controls over the populace rather than a means to tackle cybercrime.
But while British authorities, the FSB and Kremlin maintain a united front on the logic behind what civil libertarians view as draconian legislation, security experts argue it will take more than a black box to outsmart seasoned hackers.
"There is no reason the authorities can't pull down traffic if they know what they're looking for," said Richard Stagg, senior security architect at British firm Information Risk Management. "It might deal with a lot of amateur attacks, but if you're really motivated there are a lot of ways to get around this."
"As someone who emulates hacking, I would use extra-way points [compromised machines], and SSH [Secure Shell] tunnels [encrypted connectivity between machines] to my system so that they can't trace me or see my traffic. I would also move around lots, have lots of Internet accounts."
The ability for anyone -- including hackers to encrypt their communications -- is another concern as it could be used to evade government efforts to snoop on electronic communications.
Russia's Sorm and Britain's RIP both have provisions to obtain encryption keys and the Home Office says MI5's new technical centre "will be mainly used to crack encryption". But again, critics say, the provisions are far from infallible and could conceivably actually make things worse.
"It undermines cryptography and actually makes things worse," said Brian Gladman, a computer expert formerly with Britain's ministry of defence. "Historically in Britain, cryptography has been in the hands of GCHQ [Government Communications Headquarters], and they haven't wanted anybody else to have it [encryption]. I think that the hidden agenda is that they don't want anybody to have it. The RIP bill effectively reduces confidence and trust in security."
Encryption is not just used to send secure emails but also enable secure online transactions through technology such as the SSL (Secure Socket Layer) implemented by both Netscape Communicator and Internet Explorer. Ironically, says Gladman, these technologies where built to protect consumers from fraud and deception.
"In fact," says Otstavnov, "strong encryption and guaranteed anonymity can seriously reduce certain types of computer crime -- stealing credit cards numbers, covert collection of personal data and spam."
Maksim Otstavnov, contributing editor of Russian publication Computerra Weekly, thinks that in Russia resources could better be spent on shoring up commercial security measures.
"I believe so-called 'computer crime' is mostly an outcome of improper systems and networks architecture," he says.
Return to Pt I/ Big Brother in the black box
Take me to the Summer of Hacking Special
Take me to Hackers
Find out who's spying on you and how they're doing it in our exclusive Echelon News Special.
What do you think? Tell the Mailroom. And read what others have said.