On Twitter: @JamesFirth and @s_r_o_c (post feed)

Got a tip? tip@sroc.eu



Tuesday, 2 July 2013

So the entire internet is tapped - let's put the power to good use and keep spies too busy to do evil

The frightening thing about the revelation that practically the entire internet is tapped is not the capacity for governments to enforce the law (crime, terrorism) but for them to use this power to affect the democratic process by e.g. spying on political opponents to fish for dirt.

So now we know the entire internet is bugged let's call for the government to use this power for good, in the hope that doing good will keep them too busy to do evil.

After all, we are constantly told the state needs these powers to keep us safe from cyber-criminals, terrorists and paedophiles.

Let's start with the so-called darknet.  If we believe press fodder its full of crime.

The darknet is basically a collection of websites whose server location is hidden.  Instead of talking directly to the IP address of the website's server, users are forced to talk to an intermediary which shields the visitor from the website's real location and vice-versa.

Because practically all internet end-points in the UK and US are monitored, it is relatively trivial to flush-out darknet servers in these jurisdictions.

Even though many "hidden" service providers claim to take steps to hide traffic signatures, there's only so much any service can to do disguise what is, in effect, an end-to-end pipe.

You wiggle one end and watch all possible other ends for movement.

Step 1: our security services start by identify target sites on the darknet...  The ones offering to supply guns, hit-men, child abuse images, etc.

Step 2: hit each of  these target websites with a series of page requests at specially-timed intervals - a signature pattern of visitation that is unlikely to happen too often in the real world.  Intelligence analysts can then create a filter to look for this signature amongst a pre-filtered list of connections which are identified as carrying some form of hidden traffic.

Step 3:  the short list of internet connections suspected of hosting illegal content from step 2 should be enough suspicion to obtain a targeted surveillance warrant and perform more extensive evidence gathering - visiting each darknet site with another signature pattern of visits whilst actively monitoring the suspected connection -  to prove (or disprove) that the connection is being used to host illegal content.

Step 4: enough evidence now to obtain a physical search warrant and seize the server and build a case against the owner.

Note here an interesting moral dilemma: in some ways surveillance is less intrusive than traditional policing.

Up to step 2 can be performed without looking at the content of communications, analysing only the so-called meta- or communications-data.

But by looking at the content data of the identified short list in step 3 before booting down doors at 6am saves any innocent party wrongly implicated by step 2 the inconvenience of a police raid and having all computer equipment confiscated for up to a year or so as police forensics crawl through their backlog.

I've since argued against legislation to allow mass monitoring of the internet in the UK, however it looks like we already got there without legislation.

Since I believe there's no realistic prospect of a reversal of the surveillance state in the near future - I'm resigned to the state grabbing what it can - we may as well start using the tools for good; and, at the same time, pushing for safeguards to prevent the power being used for nefarious purposes.

In fact given the revelations of late I'm thinking it might now be better to call for the legislation I previously opposed in order to have an open debate about limits and safeguards for an activity that until very recently went on entirely in secret.

@JamesFirth

No comments:

Post a Comment

Comments will be accepted so long as they're on-topic, do not include gratuitous language and do not include personal attacks or libellous assertions.

Comments are the views of the commentator and not necessarily the view of the blog owner.

Comments on newer posts are not normally pre-moderated and the blog owner cannot be held responsible for comments made by 3rd parties.

Requests for comment removal will be considered via the Contact section (above) or email to editorial@slightlyrightofcentre.com.