Everybody has heard of the threat “hackers” and “crackers” pose to people using the Internet. Those who use the Internet to conduct business are aware their credit card numbers or personal e-mail may be intercepted by net-savvy crooks bent on disrupting trade or stealing from bank accounts. Security companies spend millions of dollars broadcasting this message and the media has been quick to pick up the hype. Other security concerns receive little attention, and no one is spending any money to make you aware of them. It’s not just crooks, you see, who are interested in what happens online. Governments around the world understand the power of communication harnessed via the Internet, and want the opportunity to see that data.
Carnivore: Gnawing at civil liberties.
The FBI maintains a project originally dubbed “Carnivore” because of its ability to get the “meat” of interesting or suspicious communications. As of August 2000 Carnivore had 20 black boxes (independent computers) that could be hooked up to networks and copy all data of interest. The boxes are portable and can be quickly transferred from place to place. The FBI insists the system only targets individuals it has a court order to watch, and “its bark is worse than its bite.” However, nothing technical stands in the way of the FBI monitoring data from any Internet Service Provider–especially after the FBI successfully lobbied the US Congress in 1994 to require telephone companies to make their digital networks readily snoopable. The Communications Assistance for Law Enforcement Act requires telecommunications carriers to modify their existing networks and to deploy new generations of equipment. This makes it easier to “hear” what a target is doing, according to the American Civil Liberties Union. If you’ve ever interacted on the Internet with someone using an American ISP (virtually everyone who uses the Internet has), your communications during this interaction could have been monitored and stored.
In 2000 the ACLU and the Electronic Privacy Information Center requested documents under the U.S. Freedom of Information Act regarding Carnivore. According to the ACLU, the documents clearly indicate that “Carnivore can intercept virtually every type of Internet transmission. This ranges from Internet telephone conversations to e-mail to Web activity… The report confirms this capability. Carnivore is in fact capable of collecting all communication over the segment of network being surveilled.”
The ACLU also denies that the legal obligation to get a court order is a suffient barrier. “Despite repeated assertions to the contrary from the FBI, the report concludes that Carnivore has no effective auditing function that would expose and prevent abuses.” The FBI maintains it needs a system like this to stop terrorism and domestic lawbreakers. However, according to the Security Focus Web site (a security company with a Calgary branch), “The scary part is whoever is running the box can simply punch in another name and start grabbing someone else’s e-mail. Due process is effectively gone.” Carnivore has been upgraded since then, and now goes under the less threatening DSC1000, which the FBI admits stands for nothing.
The National Security Agency and project Echelon:
The American government, according to the ACLU and several other liberty watch organizations, conducts extensive eavesdropping overseas under the banner of project Echelon. This happens outside of the normal confines of the American Constitution, as Constitutional protections are not granted to non-Americans. It is part of a global surveillence system run by the NSA and Britain’s Government Communications Headquarters, and is now over 50 years old, according to ZDNet news service. The system includes stations run in the U.S., Britain, Canada, Australia and New Zealand. As communications moved onto the Internet, capturing technology also neccessarily migrated.
Echelon Watch, a group run by the ACLU and Free Congress Foundation, says “Echelon attempts to capture staggering volumes of satellite, microwave, cellular and fibre-optic traffic, including communications to and from North America. This vast quantity of voice and data communications are then processed through sophisticated filtering technologies.” This includes Internet traffic.
Recently, French companies and nationals accused the NSA of using Echelon to unfairly win business deals for American corporations, essentially by spying on their telecommunications. In March 2000, former Central Intelligence Agency director James Woolsey admitted that America steals secrets. As far back as the 1960s, two NSA defectors claimed at a press conference: “We know from working at NSA [that] the United States reads the secret communications of more than 40 nations, including its own allies… Both enciphered and plain-text communications are monitored from almost every nation in the world, including the nations on whose soil the intercept bases are located.”
U.S. Senator Frank Church and an NSA investigtion committee member in post-Watergate U.S. warned: “I know the capacity is there to make tyranny total… we must see to it that this agency… operate[s] within the law and under proper supervision, so that we never cross over that abyss.” If the U.S. is willing to risk the wrath of its allies by stealing secrets for its own companies, how far will they go to ferret out “potentially subversive” activities of private citizens?
U.S. Encryption Policy
The U.S. Government officially considers encryption (scrambling electronic records and messages so thoroughly that even spy agencies cannot crack them) to be a form of munitions. Some useful encryption methods cannot be legally exported out of North America. Various groups, including the FBI, have long lobbied for special keys giving them access to certain kinds of encyrpted data. This makes protected e-mail as easy to read as a postcard in the mail. Projects such as Carnivore and Echelon show that complex relationships exist between U.S. Government departments and U.S. telecommunications companies. A good deal of well-founded paranoia exists regarding how law enforcement agencies monitor computer-based activities.