Skip to main content

There's been considerable discussion of the impact of the "Protect America" Act on civil rights, security, privacy, and other legal/political areas. Less-explored, but perhaps as important, is the technical impact. Building and operating the infrastructure required to support its provisions will have consequences, no doubt many of them unintended. A soon-to-be-published paper explores some of those consequences.

The paper is entitled "Risking Communications Security: Potential Hazards of the Protect America Act".  Its authors are a who's who of data security: Steve Bellovin of Columbia, Matt Blaze of UPenn, Whitfield Diffie and Susan Landau of Sun, Peter Neumann of SRI, and Jennifer Rexford of Princeton.

The paper may be found here in PDF format.  It is scheduled to be published in the Jan/Feb 2008 issue of the IEEE Journal on Security and Privacy.

It's a very readable paper -- in part because it explains terminology as it goes, and in part because it uses many examples to illustrate the concepts it explores.  So don't expect an abstract, mathematical treatise; expect something that looks at the issues in a very practical way.

The authors begin by noting:

Building surveillance technologies into communication networks is risky.  The Greeks learned this lesson the hard way; two years ago, they discovered that legally installed wiretapping software in a cellphone network had been surreptitiously enabled by parties unknown, resulting in the wiretapping of more than 100 senior members of the government for almost a year.

They go on to cite other, similar examples and note that their focus is not on civil liberties (explored elsewhere) but on the security issues involved in setting up and running an operation of this nature.  Their point, if I might try not to slight them too badly by condensing it to a phrase, is that there are a lot of ways this can go badly wrong and end up reducing security...rather than increasing it.

One of the authors, Matt Blaze, has also commented in his blog and I suggest reading his comments as a prelude to the paper. He writes, in part:

As someone who began his professional career in the Bell System (and who stayed around through several of its successors), the push for telco immunity represents an especially bitter disillusionment for me. Say what you will about the old Phone Company, but respect for customer privacy was once a deeply rooted point of pride in the corporate ethos.

My suggestion is that after reading it, that you consider bringing this paper to the attention of your elected representatives.  It's important that they understand that there are risks involved in any effort like this - it's not at all guaranteed to be a complete "success" even for an Orwellian definition of "success".   I think...I hope...that even the most ardent supporter of a surveilled society would pause for moment once they realized that -- and of course those of us who don't think that's a good idea even in the abstract need to be just as aware of the risks.

Originally posted to RiderOnTheStorm on Tue Jan 29, 2008 at 09:00 PM PST.

EMAIL TO A FRIEND X
Your Email has been sent.
You must add at least one tag to this diary before publishing it.

Add keywords that describe this diary. Separate multiple keywords with commas.
Tagging tips - Search For Tags - Browse For Tags

?

More Tagging tips:

A tag is a way to search for this diary. If someone is searching for "Barack Obama," is this a diary they'd be trying to find?

Use a person's full name, without any title. Senator Obama may become President Obama, and Michelle Obama might run for office.

If your diary covers an election or elected official, use election tags, which are generally the state abbreviation followed by the office. CA-01 is the first district House seat. CA-Sen covers both senate races. NY-GOV covers the New York governor's race.

Tags do not compound: that is, "education reform" is a completely different tag from "education". A tag like "reform" alone is probably not meaningful.

Consider if one or more of these tags fits your diary: Civil Rights, Community, Congress, Culture, Economy, Education, Elections, Energy, Environment, Health Care, International, Labor, Law, Media, Meta, National Security, Science, Transportation, or White House. If your diary is specific to a state, consider adding the state (California, Texas, etc). Keep in mind, though, that there are many wonderful and important diaries that don't fit in any of these tags. Don't worry if yours doesn't.

You can add a private note to this diary when hotlisting it:
Are you sure you want to remove this diary from your hotlist?
Are you sure you want to remove your recommendation? You can only recommend a diary once, so you will not be able to re-recommend it afterwards.
Rescue this diary, and add a note:
Are you sure you want to remove this diary from Rescue?
Choose where to republish this diary. The diary will be added to the queue for that group. Publish it from the queue to make it appear.

You must be a member of a group to use this feature.

Add a quick update to your diary without changing the diary itself:
Are you sure you want to remove this diary?
(The diary will be removed from the site and returned to your drafts for further editing.)
(The diary will be removed.)
Are you sure you want to save these changes to the published diary?

Comment Preferences

  •  Rider, thanks. We get so wrapped up (12+ / 0-)

    in the breathtakingly unconstitutional nature of these "laws" and the philosophical problems generally, that we sometimes overlook the physical fact that this shit just doesn't work, doesn't work right, or in fact works in precisely the opposite manner as was advertised.

    A nice slap in the face with some refined titanium refreshes the logical parts of the mind. Well done for bringing this to our attention. :)

    Where are we going, and why am I in this handbasket?

    by Xan on Tue Jan 29, 2008 at 09:05:55 PM PST

    •  Sometimes things work precisely as described. (4+ / 0-)
      Recommended by:
      Mike Erwin, Randgrithr, Lujane, LiquidC

      That was the issue with the Digital Rights Management rootkit problem.

      The rootkit let the music company hide the software that prevented the user from ripping the music off the CD at CD quality by preventing the computer system from noticing any file with a certain prefix on the filename.

      For the purpose, it worked perfectly.

      The problem was that it hid any file with that prefix, including World Of Warcraft hacks and, eventually, viruses and other assorted nasties.

      I remember that there were reports online soon afterwards that some businesses were banning all audio CDs, not just those from that one music company, from the workplace because the risk was too great that important systems or vital (or proprietary) information would be affected by something that could be snuck onto the systems via that rootkit's cover if an employee stuck an audio CD in a computer and inadvertently installed the rootkit.

      Even if the rootkit had only hidden certain precisely named files in a certain predetermined location on the hard drive, someone somewhere would have probably found a way to masquerade something malicious in that precisely defined spot.

      It did precisely what it was intended to. And it was still a nightmare.

      I support the Writer's Guild of America strike.

      by Cassandra Waites on Tue Jan 29, 2008 at 09:56:32 PM PST

      [ Parent ]

    •  Aye. (2+ / 0-)
      Recommended by:
      Lujane, Cassandra Waites

      It's no secret that a lot of our legislators aren't exactly tech-savvy.  

      It is almost as if they don't realize that when such a system as this becomes active, anyone is able to be eavesdropped on; including themselves.

  •  Thank you (4+ / 0-)
    Recommended by:
    wardlow, Lujane, SmileySam, kyril

    I'm going to read it in full and then see about taking your advice of sharing it with my reps.

  •  I would suggest a printout be faxed (4+ / 0-)
    Recommended by:
    Ckntfld, wardlow, Lujane, kyril

    by as many of us as possible before FISA is voted on, faxed to every Senator and Rep. you can think of.

    Great catch Rider !

    "Democracy Is The Best Revenge" Benazir Bhutto

    by SmileySam on Tue Jan 29, 2008 at 09:32:01 PM PST

  •  Many thanks (1+ / 0-)
    Recommended by:
    Randgrithr

    Excellent essay, have just sent the link to my two Senators (Feinstein who needs it and Boxer who probably doesn't need it herself but can use it to persuade her colleagues). This is exactly the kind of ammo we need -- objective facts -- to counteract the fear surrounding "terror" so Dems can look clearly at concerns and dangers to make their decision, rather than be spooked by being called "soft on terror."

    You've done us a service.
    ___________________________________________
    Get on board California's single payer bill, SB 840!

  •  They tried this several years ago. (0+ / 0-)

    Bellovin, Blaze, Cerf, et. al. wrote a similar paper on the implications of implementing CALEA in 2006, but it didn't end up affecting anything. ISPs and CLECs were mandated to implement CALEA anyway, as far as I am aware.

    Thanks for the heads up, though.

    I also refer to potential system-wide security issues in my diary on the subject.

    Anyone who fails to see the historical parallels between Blackwater & the Nazi SS, or the DHS & the Gestapo, needs a serious reality check.

    by Randgrithr on Wed Jan 30, 2008 at 02:42:46 AM PST

  •  Thanks (0+ / 0-)

    for posting about this paper.  

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site