Surveillance or Security?: The Risks Posed by New Wiretapping Technologies (4 page)

As a society, we have at least three fundamentally clashing concerns.
We are in a world of mobile communications, which makes electronic
surveillance far more complicated. We have critical infrastructure-electric
power grid, banking, water, transportation, health services-moving onto
IP-based networks; such networks are far more vulnerable than the circuitswitched networks of the past. And we face an elusive enemy, one that
has created tremendous fear as a result of the attacks on New York,
London, and Madrid. It is worth noting that there was a similar level
of heightened fear in 1949 when the Soviet Union exploded its first
atomic bomb.

This new enemy consists of loosely connected nonstate actors. Small
cell size and lack of a consistent network make tracking these opponents
exceedingly difficult. This argues for increased surveillance capabilities. Yet
because of communications mobility and the migration of critical infrastructure to IP-based networks, the actual effect of such increased wiretapping capabilities may in the end play into our enemies' hands.

We are creating a massive communications network that will contain
information about the billions and billions of actions-business, governmental, and personal-that we take each day. Our enemies are not just the
terrorists that have been the focus of the extraordinary security precautions
over the last decade, but other nation-states and organized crime.

Heavy U.S. reliance on information systems has left the nation highly
exposed. A 2009 National Research Council study reports that the ease
of cyberattack is increasing and warns that "the U.S. information technology infrastructure is likely to remain vulnerable to cyberattack for the foreseeable future."" Given the U.S. military might, opponents will seek
to attack asymmetrically, and the information domain will be a prime
target.35 A number of governments are developing their information
warfare capabilities. The issue of cyberwar is quite broad, and I will limit
my attention in this book to the extent to which domestic wiretapping
capabilities enable our opponents.

In embedding eavesdropping mechanisms in the very fabric of our lives,
we are building tools to catch one set of enemies. Other antagonists may
be well poised to turn these tools against us. We are, in fact, putting into
place something for our enemies that they could not afford to do on their
own. Rather than increasing our security, we may well be imperiling it.
Melissa Hathaway, appointed by President Obama in 2009 to review the
nation's cybersecurity strategy,36 observed that "history has taught us that
security, when pursued properly, enables innovation and growth and protects existing investments."" Communications surveillance when pursued
properly will enable innovation and growth and protect the nation. The
issue before us is whether our policies are doing that or creating a major
security risk in the name of greater security.

In many national-security and foreign-intelligence cases, wiretaps
provide important pieces of a complex puzzle. In other types of cases,
including corruption and bribery, it is difficult to infiltrate the conspiracy,
and wiretaps (and bugs) provide crucial and, sometimes, the only hard
evidence of participation.38 While it appears that electronic bugs may play
a more important role in the prosecution of organized crime than do
wiretaps,39 the potential that law enforcement or national security may be
wiretapping keeps criminals, as well as spies, terrorists, and others who
would do harm, from using modern communications technologies. That
alone is of sufficient benefit to keep these eavesdropping tools in the law
enforcement and national-security arsenals. So my concern is not about
legally authorized law enforcement and national-security wiretapping, but
about the security risks of building surveillance into communications
infrastructures.

In this book I have chosen to focus on the United States. There are three
interlocking reasons for a national focus rather than an international one.
The first is that wiretapping policy issues are very complex. It seems better
to handle issues of one nation thoroughly than to provide a more superficial discussion of several. The second reason is that U.S. choices on
wiretapping affect surveillance decisions in much of the rest of the world.
Thus U.S. wiretap policy is a useful focus from which to understand global
wiretapping efforts. Finally, communications intelligence-the flip side of communications security-has a great impact on economic matters. Since
each nation has different economic self-interests, it is reasonable to take
the perspective of one state, not many. So while at times the arguments
here may seem nationalistic, it should not be hard for the reader to reinterpret the issues from the perspective of other nations.

The beginning for the United States is the Constitution and the Bill of
Rights, which strictly limit the government's power. The First Amendment
states:

"Congress shall make no law ... abridging the freedom of speech, or
of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances."

At least insofar as it refers to communications, the First Amendment is
about the press's right to publish. In order to publish, however, one must
first gather information. As we know from various troubled times in U.S.
history (e.g., the McCarthy period) as well as from difficult periods in the
histories of other nations, such ability is often impeded by the government.
Thus as we consider the issue of communications security and government
surveillance, we must include the importance the U.S. constitution assigns
to freedom of the press-and thus to freedom for journalistic investigations.
This is a freedom that has not been without controversy.40

I have saved for last the most critical policy issue of all: privacy. Privacy
is one of those ineffable matters, almost easier to define by its absence than
its presence. Indeed, one could paraphrase Justice Potter Stewart's opinion
on pornography:41 one knows a privacy violation when one sees it. Yet
despite its elusiveness, privacy is a fundamental aspect of a functioning
human society, a clear necessity for human freedom and dignity. Privacy
appears in Jewish law two thousand years ago, protecting the privacy inside
a house by preventing neighbors from building in such a way that they
may look in.42

Privacy includes the right to control information about yourself,
the right to associate as you wish, as privately as you wish, to share
confidence, in confidence, the right to enjoy solitude and intimacy. It
includes the right to anonymity. It is not always possible to exercise these
rights in modern society-of course, some of these rights were even more
difficult to exercise in centuries past-but they are all aspects of the right
to privacy.

For almost two centuries privacy was not explicitly part of U.S. jurisprudence; privacy is not, after all, distinctly discussed in the Constitution. The
concept was not even part of legal discussion until it was framed in the
famous Brandeis and Warren article written in 1890.43 But over the last half century, the Supreme Court has recognized privacy as a basis for a
number of court decisions. NAACP v. Alabama44 protects the right to
"privacy in one's associations"; the decision allowed members of the
National Association for the Advancement of Colored People to keep their
membership private at a time when public knowledge of their participation
in the organization would have been dangerous. Griswold v. Connecticut45
struck down the Connecticut law that prohibited the sale of contraceptives. The controversial Roe v. Wade decision46 was based on the idea that
the right of privacy was "broad enough to encompass a woman's decision
whether or not to terminate her pregnancy."

Of course, what is of interest to us is communications privacy. Here
the crucial protections are the Fourth and Fifth Amendments to the
Constitution:

The right of the people to be secure in their persons, houses, papers, and effects,
against unreasonable searches and seizures, shall not be violated, and no Warrants
shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

No person shall be held to answer for a capital, or otherwise infamous crime,
unless on a presentment or indictment of a Grand Jury, except in cases arising in
the land or naval forces, or in the Militia, when in actual service in time of War or
public danger; nor shall any person be subject for the same offense to be twice put
in jeopardy of life or limb; nor shall be compelled in any criminal case to be a
witness against himself, nor be deprived of life, liberty, or property, without due
process of law; nor shall private property be taken for public use, without just
compensation.

On its face, the Fourth Amendment is about searching places, not such
ephemera as conversation. But communication, whether oral, written, or,
in the last century and a half, electronic, is fundamental to being human.
The extension of constitutional protections to communications started
with protections to written communications;41 in 1937 the Supreme Court
began extending similar protections to other forms of media. The right to
privacy in electronic communications was firmly established in Charles
Katz v. United States," which protected the right to privacy of telephone
calls.49 This forms the backdrop of communication privacy protections for
U.S. wiretap law.

Since the wiretapping case of Roy Olmstead in 1928,5° the United States
has been concerned with the threat that communications surveillance
poses to civil liberties, with the discussion often coming down to a debate
between security and freedom. I believe that this is an incorrect formulation
of the issues, and that the appropriate one is between surveillance and security. The risks that communications surveillance pose to security are
high indeed. It is to this subject I now turn, beginning with an introduction
to communications networks and their security, continuing with a brief
foray into U.S. wiretap law, then moving to the security risks that arise from
building surveillance into communications infrastructures.

I have three telephones on my desk: a slim beige push-button model with
redial and speed-dial buttons purchased in the late 1990s, a squat black
1950s "Modern Telephonei1 with letters along the dial and a real bell
inside, and a stripped-down Nokia cell phone. One phone is for my work
line, one for my home line, and one for travel. Yet despite the diversity of
devices and the half century that separates their manufacture, all work over
the same network, commonly called the Public Switched Telephone
Network or PSTN. While everyone knows that Alexander Graham Bell
invented the telephone,' his more important work was the development
of the network.

A telephone by itself is not worth much; its value lies in its ability to
connect its user with others.' The Internet's broad functionality stretched
the meaning of communications network. This chapter describes the
history and technology of the Internet with two purposes in mind: explaining how it is that the network supports such a broad set of applications,
and developing an understanding of why securing the network is so hard.

2.1 The Telephone Network

The first device to rely on a networked system was the telegraph. The
telegraph functioned very differently from the telephone. For one thing,
the telegraph was not for use by unskilled people; only experts (who knew
Morse code among other things) could use the system.' As a result, although
telegraphs were quickly taken up by businesses and other institutions,5
they were not for home use. Nonetheless the networks for the two communications systems are similar.

Both are also similar to a network with a completely different purpose:
the railroad. Such a similarity should not be surprising; the telegraph was
not only modeled on the railroad, in many parts of the world early telegraph
networks and railway systems were inseparable.' Telegraph wires traveled along railroad rights of way, railroad stations served as telegraph offices,'
and the telegraph was used to let stations up the line know when the train
would be in.

Telegraph networks were "decentralized": networks with hubs or clusters and with some, but limited, connectivity between the hubs.' Decentralized networks look like railroad connections between major cities and
the suburbs. There are railway connections between a city and its suburbs,
and between the cities, but typically there are no direct connections
between one city's suburbs and another's. For example, all routes from
Cold Spring Harbor, a Long Island suburb, to Boston require travel via New
York City.

Decentralized systems, however, provide some redundancy of routes.
To travel from New York to Boston, one could take the direct way through
New Haven, or a completely distinct routing, perhaps through Albany and
Springfield. (You might do the latter if the railroad bridge at New London
were out.) A centralized system provides no redundancy; it is like a hotel
switchboard. Everything-calls from one guest room to another, to the
restaurant, front desk, concierge, and so on-is routed through the centralized switch. Figure 2.1 shows a centralized railway network and a decentralized subway network.