W7y8w3

apidly falling cost of sensors to convert real-worldinputs into digital signals has resulted in a proliferationof these sensors in our environment, from ourconsumer devices to agriculture to sensor networksdesigned to improve urban life.Data immortalityAlthough your personal device might fail, informationstored on servers in digital formats effectivelylives forever. Physical storage mediums often haveshort life spans, but information is nearly alwaysstored in duplicate, so that when one physical devicebegins to fail the information is automaticallymirrored to another storage device. Error-correctingprotocols ensure that this endless copying never resultsin an imperfect copy. As the amount of storageavailable per dollar continues to grow exponentially,there is often no need to ever throw anythingaway, even for very large datasets.AutomationThe capture, storage and analysis of digital informationis largely automated, unbound by the limitationsof available human labour. The former East Germansecret police employed as many as two millioninformants, 4 but today it would require only a handfulof off-the-shelf network monitoring devices, placed inkey locations, to far surpass the Stasi’s reach. The resultof this automation is that both state intelligenceservices and internet businesses that monetise userinformation have taken the general approach of capturingeverything, when practical, with the idea thatthe data might be useful in the future.To be sure, there are limits to how much informationcan be captured and effectively analysed.These limits, however, have been pushed backfaster and farther than most observers expected, asboth nation-states and private firms have investedheavily in ways to store and process more data.High confidentialityIn the past, when surveillance was labour intensiveand available only at a few specific sites in the communicationprocess, it was possible to establish alegal framework that adequately sanctioned andcontrolled the when, where, who and why of statesurveillance. Digital communication has destroyedthis in two ways: first, the barriers to entry for capturinginformation for surveillance are very low;and second, the only way to prevent nearly everyonefrom doing so is to encrypt the data, but thisalso prevents state-sanctioned surveillance. Data is4 Koehler, J. (2000). Stasi: The untold story of the East Germansecret police. Boulder: Westview Press.either widely vulnerable to surveillance by a varietyof actors, many nefarious, or it is secure, encrypted,and eludes state control. In practice, of course,this is still not entirely the case, because most securityproducts are deeply flawed and determinedstate actors and criminal organisations are able tobypass these systems. The poor quality of existingsecurity products is changing rapidly, however, asmore people become aware of the level of surveillancein their lives and seek out increased security.One potential middle ground that could allowsanctioned surveillance but prevent unsanctionedcompromise is the so-called “key escrow” technology,such as the type promoted by the United States(US) government in the 1990s under the Clipper Chipprogramme. In practice, this technology has notproven itself to be secure, and widespread adoptionwould require making normal cryptography illegal, amove only likely in the most repressive contexts.So far, the mathematics behind common encryptionstandards, such as OpenPGP or AES, havegenerally held strong and those seeking to decryptconfidential communication are fighting an uphillbattle. Typically, attacks against encrypted communicationexploit other weaknesses, but are unableto break the encryption itself. 5Low anonymityIf communication can theoretically be made highlyconfidential without much effort, the opposite istrue of anonymity. It is possible, for example, toidentify a unique fingerprint of the radio signalsproduced by all wireless digital devices. In general,every electronic device emits electromagnetic radiationthat can be used to identify it and often toeavesdrop remotely. 6 Even our web browsers advertiseto every web server a set of attributes that cancomprise a unique fingerprint. 7Government and private sector organisationsoften argue that the certain datasets they collectand maintain are anonymous because they do notinclude the real names of people. In reality, re-5 One of the top cryptographers in the world, Adi Shamir, has said“cryptography is bypassed, not penetrated.” This is not to implythat systems are generally secure. Far from it – they are usuallyentirely insecure, but rarely because of a fundamental flaw in thecryptography. Peter Gutmann’s excellent presentation “Crypto Won’tSave You Either” covers most of the major security problems in recentmemory and details how attackers simply bypassed encryption: www.cs.auckland.ac.nz/~pgut001/pubs/crypto_wont_help.pdf6 Elliot, M. (2013). Noise Floor: Exploring the World of UnintentionalRadio Emissions. Presentation at DEF CON 21. Video:www.youtube.com/watch?v=5N1C3WB8c0o, slides:https://docs.google.com/presentation/d/1Z_IRt6R2FL7POeY4JpYGLDAIAdEHprQY13f-NVIfwE7 Eckersley, P. (2010). How Unique Is Your Web Browser?https://panopticlick.eff.org/browser-uniqueness.pdfsearchers have been able to de-anonymise nearlyevery such dataset when given an opportunity. 8 Forcertain types of information, like location and relationships,it often requires only a few points of datato unmask a person’s identity by correlating withanother dataset in which real names are known.The rise of packet-switched networks, like theinternet, has also made anonymity difficult. Thehistorical transition from analogue to digital wasaccompanied by a similar transition in networkingfrom circuit switching to packet switching. Whereonce a single continuous circuit was required tomake a phone call, now a phone call is digitisedand converted into millions of tiny packets, routedthrough equipment that handles millions ofother calls. Every packet contains a source and destinationheaders so that each device in the networkknows where to forward the packet on to. Packetbasedrouting has revolutionised communication asmuch as digitisation has by allowing the massive investmentin old copper cables to be re-purposed fordigital networks that can transport millions of timesmore data. One consequence of packet-switchednetworks is that it is extremely easy, at many pointsand times in the network, to determine the flow ofwho is communicating with whom.All digital data carried over a network is convertedinto packets, with different communicationprotocols layered on top, such as phone calls,email and financial exchanges. These higher-levelcommunications involve their own, and distinct, informationregarding the from, to and when of therelationship, but the general idea is the same. Thistype of transactional or relationship data, recentlydubbed “metadata” in the press, is structured andefficient to store, lending itself to various types ofpowerful analysis that can reveal surprising informationfrom seemingly innocuous data.Attempts to mask these associations with trickssuch as onion routing and data mixing are mostlyexperimental, make communication much slower,and are rarely used. 9 Because the success of these8 One of the first examples of surprising de-anonymisationconcerned the “anonymised” dataset released by Netflixfor a competition to improve their recommendation engine.Narayanan, A., & Shmatikov V. (2008). Robust De-anonymizationof Large Sparse Datasets. www.cs.utexas.edu/~shmat/shmat_oak08netflix.pdf9 Onion routing is a process where a communication stream is routedthrough many computers, each one unaware of all the others exceptfor their immediate peers. It is used in low-latency anonymisationnetworks like Tor. Data mixing is a process where many asynchronouspackets of data or messages are combined into a common flow, andthen potential routed through multiple mixing nodes. Data mixing isused in high-latency anonymisation networks like Mixmaster. Bothprocesses attempt to anonymise communication by using manyservers, but each approach makes different trade-offs.anonymising networks is dependent on their scale,anyone seeking anonymity in their digital communicationis fighting an uphill battle until suchapproaches become commonplace.In brief, surveillance of digital communication isubiquitous, automatic, and effectively lives forever.In the future, people will likely find it easy to encryptthe content of their communication, but theirpattern of communication and relationships willlikely be difficult to keep from being exposed.A brief taxonomy of digital communicationsurveillanceIn examining where surveillance of digital communicationtakes place, we divide surveillance into twocategories: attack or capture.Points of attackAttacks are attempts to subvert the way a computingsystem is supposed to work. Attacks mightbe legal and ordered by a court, carried out by agovernment without legal authorisation, or entirelyextralegal. Attacks might be carried out byprivate contractors, government agents, or organisedcrime. Regardless of who is carrying out theattack, and for what purpose, attacks share manycommon characteristics.Network interposition: In a man-in-the-middle(MiTM) attack, the attacker interposes themselvesin the communication stream between two partiesin order to modify the data. Modified traffic can beused to steal authentication information, modifyweb applications, or inject Trojans into the target’sdevice. Although network interposition attacks aretypically associated with powerful surveillanceagencies like the US National Security Agency(NSA) and Government Communications Headquarters(GCHQ) in the United Kingdom (UK), even smallgovernments with very limited resources have madeeffective use of MiTM attacks against dissidents (forexample, the Tunisian government in the lead-upto the Jasmine Revolution of 2011). 10 Regardless ofthe physical location of the target, a MiTM attackcan be launched from nearly anywhere, even on amodest budget, due to critical vulnerabilities in theprotocol that negotiates routes on the internet. 11Mobile devices are also vulnerable to MiTM attacks10 O’Brien, D. (2011, January 5). Tunisia invades, censors Facebook,other accounts. Committee to Protect Journalists. https://cpj.org/blog/2011/01/tunisia-invades-censors-facebook-other-accounts.php11 Pilosov, A., & Kapela, T. (2008). Stealing The Internet: An Internet-Scale Man in the Middle Attack. Paper presented at DEF CON 16.https://www.defcon.org/images/defcon-16/dc16-presentations/defcon-16-pilosov-kapela.pdf20 / Global Information Society Watch Thematic reports / 21