In a windowless room deep within a telephone company's metropolitan switching center, employees of the NSA are huddled around a monitor and keyboard, watching the flow of data through the communication carrier's network of switches and routers.
Below the fold, a somewhat breezy primer on surveillance, data mining, encryption, and freedom.
The monitor and keyboard are attached to a computer running commercially available software designed to intercept and analyze internet traffic and to collect it for further analysis. The computer is tapped into an OC-192 fibre optic line, currently transporting nearly 10 gigabits of data per second, the equivalent of 180,000 56Kbps dial-up lines or 6600 1.5Mbps DSL/cable connection (give or take, what with compression and overhead). These NSA agents are drinking from the firehose.
"Hey, PhillieGal just posted a pootie pic to DailyKos," one NSA analyist remarks. He takes a sip from a cup of lukewarm coffee that was sitting next to the console.
"Lemme see, lemme see," the other chimes in. "Awwwww...cute."
"Yeah, really," the first analyist adds. "Let's see what's happening on FreeRepublic."
It's been all over the news: warrantless surveillance of phone calls and internet traffic, lists of domestic call records that may or may not have been given to/taken by the Federal Government, a Justice Department probe stymied by withheld security clearances, and members of the press targeted for call record tracking, all in the name of a never-ending war on an abstract concept called "terror".
I'm a network and systems administrator for a company that provides these services to businesses in the SME sector (Small to Medium Enterprise) in Massachusetts. And though my biggest concern is the unconstitutional violation of my civil and privacy rights, I'm also somewhat fascinated with the technical side of these issues.
I carry a laptop when I'm out in the field. It's a two-year-old Toshiba Satellite, nothing special. It's got more than the usual amount of RAM, but other than that it's nothing you couldn't get from Best Buy or MicroCenter (I bought mine from the latter for $900). However, on this laptop I have certain network tools that I use to analyze network and wireless traffic, and to identify potential security vulnerabilities.
Packetyzer and Ethereal let me do packet sniffing, the ability to inspect every bit and byte of data that travels over a network (note: I'm not going to link to the tools I use; if you're curious you can google the names of these programs). This is useful for pinpointing troublesome nodes. If a networked printer is sending IPX or AppleTalk broadcast messages on a network with no Novell or Macintosh systems present, turning these protocols off on the printer will save a small amount of bandwidth. But if you log in to a mail server, I'll also get your login and password, along with all of the mail you download, unless your server supports encryption.
Netstumbler is another tool I use to find rogue wireless access points. An employee might set up a wireless access point so he can use his wireless-equipped laptop from his couch or conference table instead of his desk, where the Ethernet cable is located. If this access point is unencrypted or uses weak encryption, the security of the entire network is compromised and potentially vulnerable. There are other tools available, particularly on the Knoppix STD distribution that allow me to collect encrypted wireless packets and crack the key at my leisure. My laptop is running Windows XP, but I can pop in a bootable CD and be running the Knoppix Linux distro in minutes.
Finally, nmap and NetworkView allow me to do two things: identify open ports on a particular computer (ports are openable connections on a computer that allow other computers to connect and run remote services; an example is port 80, which allows connection to a web server) and identify all the computers on a given network. The first is used to test for vulnerabilities, the second to find unauthorized hosts on a network.
Now, the current issues surrounding NSA surveillance and data mining boil down to two items: first, the NSA has offices in certain telco switching facilities where they tap phone and data traffic. Second, domestic call records may have been tendered to the NSA or some other TLA government agency that would allow traffic analysis of calling patterns.
"Wiretap" is somewhat of an archaic term. In the olden days, when analog phone switches were the industry standard, one would perform surveillance by attaching alligator clips to a particular circuit in a phone company central office. The phone system differs from the internet in that an end-to-end virtual circuit is established between caller and callee. With the internet, there's no end-to-end; packets (the molecules of information from client to server and back) take a myriad of routes. The elements of a DailyKos page, text, images, etc., might take a number of routes before being assembled into a rendered web page by your browser.
Nowadays, the phone system is more like the internet. There are still end-to-end virtual circuits, but tapping is much easier now that the carrier switches that handle phone calls are all digital. They've been designed to make tapping a trivial matter. After all, it saves the telco money spent on assigning a tech to implement the tap.
Taps require warrants, but call records do not. In the analog days, a pen register was used to record the phone numbers called and received by a particular station. This is the domestic data that's being collected by the NSA.
This data is the meat of traffic analysis. Let's go back to WWII for a good example of same. The Kriegsmarine (German Navy) used Enigma machines to encrypt the traffic from U-Boats in the Atlantic to Kriegsmarine HQ. But the Royal Marine used radio direction finding to hunt these subs. And eventually the Enigma codes were broken using "cribs": it was a given that the phrase "Heil Hitler" would be part of the transmitted message, and since many of the messages were weather reports, common weather terms were used to break the code (along with some of the first computers ever, based in Bletchley Park in England...thank you Alan Turing).
Say you send an unbreakable encryped message from you to a friend. The routing information can't be encrypted (the routers that pass your message don't have your key), so those NSA agents know that a message was sent from Point A (Fallujah) to Point B (Muncie, Indiana). That message goes back to Ft. Meade (the NSA is supposedly the biggest consumer of supercomputers on the planet) for decryption, while Muncie, Indiana goes to threat level Red.
Of course, if you're a smart terrorist, you post a picture of Osama in bra and panties to alt.binaries.picures.transvestites with a hidden message embedded using steganography.
So, we have direct intercepts using the Narus systems, we have traffic analysis of AT&T's 312 terabyte CDR (Call Detail Record) database.
One last thing to discuss: encryption. For sensitive communications, I use PGP but setting it up and generating keys is not for the novice user. And still, interested parties can see where my messages come from and go to. They just can't read the message, and with a 512-bit key they never will (absent some breakthrough in quantum computing). Sure, there's Tor and Freenet, but they're not quite ready for primetime.
Want to know more? Go here or check out Bruce Schneier's site.
Bottom line: you can hide the meat of your message, but by using the internet or the public phone system your point-of-origin and destination will be public information, available without a warrant.
Oh, well, there's always pigeons.
Karlo Takki
Hyannis, MA