Over the last 20 years or so, there have been intermittent moves by the EU and the UK government to implement various levels of online surveillance — first by requiring ISPs to install equipment to facilitate wiretapping, and second by storing the masses of communications data created by all of us.
But, argues Susan Landau, a former Distinguished Engineer at Sun Microsystems, now a fellow at Harvard's Radcliffe Institute for Advanced Study, you can't build surveillance into networks without also poking some very serious security holes in them. Unlike the telephone network, which was built for control, the internet was built with very different goals in mind: information sharing, bandwidth sharing and robustness in the event of generalised attacks. Or, as Landau quotes former NSA director Brian Snow as saying, the internet was designed "assuming random malice rather than targeted attacks".
The trouble started in 1988. Before then, everyone who used the internet was able to trust each other: they were all researchers with common goals. Then came the 1988 Internet worm, which traversed the Net, replicating itself on each new machine. Overall, it paralysed perhaps a third of the internet that existed at the time. It was the first time the internet made headlines — and probably the first time the mainstream heard of its existence. The protocols written by Vint Cerf and Robert Kahn (building on work from a number of sources) have held up remarkably well through the internet's commercialisation and mass expansion. But security is still not part of its fundamental design.
And yet security is a key issue with respect to long-distance communications: the risks of interception are as old as the written word and as new as Groupon's absurd IPO. Osama bin Laden knew this and avoided email and all other electronic media that might give away his location. Ironically, that turned out to be one of the pointers that led to his capture: intelligence reports noted the oddity of a $1 million house with no telephone or internet connections and began looking more closely at its occupants.
The controlled structure of the telephone network made wiretapping a relatively easy thing to do, as Landau and public-key cryptography inventor Whitfield Diffie documented in their book Privacy on the Line: the History and Politics of Wiretapping. But the internet's decentralised, open nature makes it much harder. Give the masses a $40 internet connection and a PC with which they can create havoc, add in strong encryption — an important part of the solution for securing and authenticating internet traffic — and what's a government to do?
Why, pass laws, of course. Block the use of encryption — a very real issue in the 1990s, when both the UK and the US governments tried to enforce key escrow and limit encryption's spread. Require every ISP to build wiretap capabilities into its system so that law enforcement can gain access to any individual's flow of data at the flick of a switch. In the US, that law was CALEA; in the UK such requirements have been considered as part of the Intercept Modernisation Programme. As Landau explains, this is technically a spectacularly bad idea if you are at all concerned about security.
Since we are building an infrastructure that has to last for decades and the chance of misuse of surveillance is high (given its history), Landau recommends that all interception systems must have auditing that cannot be turned off, and that we must ensure that secure communications can take place. We must get it right, she writes.
This book should be required reading for every policy maker who thinks that making wiretapping as easy as downloading an MP3 from iTunes is a good idea.
Surveillance or Security? The Risks Posed by New Wiretapping Technologies By Susan Landau MIT Press 384pp ISBN: 978-0-262-01530-1 Price: £22.95