BIG BROTHER IS ON-LINE: Public and Private Security in the Internet
By Javier Bernal ([email protected])
University of Lincolnshire & Humberside
The growth of the Internet has caused a big development in global communications. Now, the Electronic Mail is taking a great importance, helping personal contacts. Thanks to this service, there are many users sending and receiving much information, sometimes personal data. Obviously, nobody wants their privacy stolen.
Electronic Mail is variously referred to as e-mail, email (sometimes abbreviated EM), electronic messaging (and hence as EMS, for electronic messaging system), and is classified by some authors as a subset of Computer mediated communications (or CmC). Electronic mail is part of suite of technologies made possible by networking computers. It uses computer text editing and communication tools to provide a high speed message service. Corresponding through electronic mail has been available to some academicians for over 25 years, but today it is likely for somebody with a computer and a modem to have their own mailbox.
Electronic Mail was designed in American Universities some years ago, like a simple kind of message delivery. Hence, the data flow is not protected. The Internet is formed by several thousands of computer networks, belonging various and different entities. The email messages travel through the net thanks many diverse mail servers, with the possibility of leaving copies of those in each one.
This way, the Internet has become in a medium where flow private information that could be desirable for too many people, including governments.
We are moving toward a future when the western nations will be criss-crossed with high capacity fibre optic data network linking together all our increasingly ubiquitous personal computers. Electronic mail is gradually replacing conventional paper mail. Email messages are very ease to intercept and scan for interesting key words. This can be done routinely, automatically and undetectable on a grand scale.
A representative from the United States Department of justice said that societies had to balance freedom with security, private security with public security. No surveillance at all would be fine, said Scott Charney, "if everyone were law abiding, but they are not". The word "they" include people which Net enthusiasts cynically dub the "Four Horsemen of the Infocalypse": terrorist, drug dealers, paedophiles and organised crime.
The surveillance schemes of governments try to find a justification for their existence thanks to those kinds of offences. The widespread use of information technology is increasing the power and influence of states: these uses may be viewed as a weapon against criminals, but history shows that they will be used ultimately as a tool of authority against the ordinary citizen. Now, the individual is subject to increased monitoring, regulation and control. How Simon Davies said "History demonstrates that information in the hands of Authority will inevitably be used for unintended and often malevolent purposes."
Government Intelligence agencies are delighted with the potential of the Internet and Computer mediated communications. The Net and the electronic message interchanges can contain vast amounts of sensitive information. Because of the ordered convergence of this information, it will be easy for the agencies to extract masses of data without the requirement of a warrant.
Will be easy? The truth is that is already a reality. There are many agencies here and overseas that have a special interest in snooping on the Net.
ECHELON: BRUSA AND UKUSA SECRET AGREEMENTS
Rumours have abounded for several years of a massive system designed to intercept virtually all email and fax traffic in the world and subject it to automated analysis, despite laws in many nations (including this one) barring such activity. The laws were circumvented by a mutual pact among five nations. It is illegal for the United Kingdom to spy on its citizens. Likewise the same for the United States. Under the terms of the UKUSA agreement, Britain spies on Americans and America spies on British citizens and the two groups trade data. Technically, it may be legal, but the intent to evade the spirit of the laws protecting the citizens of those two nations is clear.
The system is called ECHELON, and had been rumoured to be in development since 1947, the result of the BRUSA and UKUSA treaties signed by the governments of the United States, the United Kingdom, Canada, Australia and New Zealand.
Designed and co-ordinated by United States National Security Agency (NSA), the ECHELON system is used to intercept ordinary e-mail, fax, telex, and telephone communications carried over the world's telecommunications networks. Unlike many of the electronic spy systems developed during the Cold War, ECHELON is designed primarily for non-military targets: governments, organisations, businesses, and individuals in virtually every country. It potentially affects every person communicating between (and sometimes within) countries anywhere in the world.
ECHELON is not designed to eavesdrop on a particular individual's e-mail or fax link. Rather, the system works by indiscriminately intercepting very large quantities of communications and using computers to identify and extract messages of interest from
the mass of unwanted ones. A chain of secret interception facilities has been established around the world to tap into all the major components of the international telecommunications networks. Some monitor communications satellites, others land-based communications networks, and others radio communications. ECHELON links together all these facilities, providing the United States and its allies with the ability to intercept a large proportion of the communications on the planet.
The computers at each station in the ECHELON network automatically search through the millions of messages intercepted for ones containing pre-programmed keywords. Keywords include all the names, localities, subjects, and so on that might be mentioned. Every word of every message intercepted at each station gets automatically searched whether or not a specific telephone number or e-mail address is on the list.
The five intelligence agencies that constitute the UKUSA agreement are the National Security Agency (or NSA, from the USA), the Government Communications Headquarters (GCHQ - United Kingdom), the Government Communications Security Bureau (GCSB - New Zealand), the Communications Security Establishment (CSE from Canada), and the Defence Signals Directorate (DSD in Australia). This alliance, which grew from co-operative efforts during World War II to intercept radio transmissions, was formalised into a written agreement in 1948 and aimed primarily against USSR. The agencies are today the largest intelligence organisations in their respective countries. With much of the world's business occurring by fax, e-mail, and phone, spying on these communications receives the bulk of intelligence resources. For decades before the introduction of the ECHELON system, the UKUSA allies did intelligence collection operations for each other, but each agency usually processed and analysed the intercept from its own stations.
Those computers in spy stations are known as the Echelon dictionaries. However, computers that can automatically search through traffic for keywords have existed since at least the 1970s, but the ECHELON system was designed by NSA to interconnect all these computers and allow the stations to function as components of an integrated whole.
The only public reference to the Dictionary system anywhere in the world was in relation to one of these facilities, run by the GCHQ in central London. In 1991, a former British GCHQ official spoke anonymously to Granada Television's World in Action about the agency's abuses of power. He told the program about an anonymous red brick building at 8 Palmer Street where GCHQ secretly intercepts every telex which passes into, out of, or through London, feeding them into powerful computers with a program known as "Dictionary."
The journalist Nick Hager discovered thanks to several interviews with more than 50 people concerned with New Zealands Signal Intelligence Agency, that there is a network of spy stations around the globe. Inside it, "the thousands of simultaneous messages are read in real time as they pour into each station, hour after hour, day after day, as the computers find intelligence needles in telecommunications haystacks".
Similarly, British researcher Duncan Campbell has described how the US Menwith Hill station, near Harrogate, in North Yorkshire (Great Britain) taps directly into the British Telecom microwave network, which has actually been designed with several major microwave links converging on an isolated tower connected underground into the station.
Menwith Hill Station was established in 1956 by the US Army Security Agency (ASA). Inside the closely-guarded 560 acre base are two large operations blocks and many satellite tracking dishes and domes. Initial operations focused on monitoring international cable and microwave communications passing through Britain. In the early 1960s Menwith Hill was one of the first sites in the world to receive sophisticated early IBM computers, with which NSA automated the labour-intensive watch-list scrutiny of intercepted but unenciphered telex messages. Since then, Menwith Hill has sifted the international messages, telegrams, and telephone calls of citizens, corporations or governments to select information of political, military or economic value to the United States.
Every detail of Menwith Hill's operations has been kept an absolute secret. The official cover story is that the all-civilian base is a Department of Defence communications station. The British Ministry of Defence describe Menwith Hill as a "communications relay centre." Like all good cover stories, this has a strong element of truth to it. Until 1974, Menwith Hill's Sigint specially was evidently the interception of International Leased Carrier signals, the communications links run by civil agencies -- the Post, Telegraph and Telephone ministries of eastern and western European countries. The National Security Agency took over Menwith Hill in 1966. Interception of satellite communications began at Menwith Hill as early as 1974, when the first of more than eight large satellite communications dishes were installed.
All telecommunications traffic to and from Europe and passing through Britain is intercepted at the base, including private telephone calls, faxes, emails and other communications. Much of the information is collected, processed and relayed back to the United States automatically. A great deal of this information comes from spy satellites and the base has a number of large white golf balls or kevlar "radomes" containing satellite receiving dishes.
In the early 1980s James Bamford uncovered some information about a world-wide NSA computer system codenamed Platform. There is little doubt that Platform is the system that links all the major UKUSA station computers in the ECHELON system. According to an internal working paper from Scientific and Technological Options Assessment Programme (STOA) of the European Parliament on intrusive technology practices by governments, the Echelon system uses artificial intelligence aids like Memex. All target information from Europe are transferred via the strategic hub of London, and then by satellite to Fort Meade in Maryland. Whilst there is much information gathered about potential terrorist, there is a lot of economic intelligence, notably intensive monitoring of all the countries participating in the GATT negotiations.
The report states that:
" [...] espionage is espionage. No proper Authority in the USA would allow a similar EU spy network to operate from American soil without strict limitations, if at all. Following full discussion on the implications of the operations of these networks, the European Parliament is advised to set up appropriate independent audit and oversight procedures and that any effort to outlaw encryption by EU citizens should be denied until and unless such democratic and accountable systems are in place, if at all [..]".
At the heart of the discussion in Europe are two schools of thought concerning police crime fighting philosophy and the shift away from reactive to proactive policing. Traditional police work consisted of apprehending a suspect after a crime has been committed. The police prepare the evidence and the legal system evaluates the merits. If the evidence supports the possibility that a crime might have been committed and the defendant is the one who might be guilty of the crime, a trial takes place where the defendant has a chance to defend and the State has the opportunity to prosecute based on the evidence.
Proactive policing is pre-emptive. In other words, the crime is stopped before it is committed. Or, if the crime is committed, the State can reconstruct evidence gained before the commission of the crime. Proponents of pro-active policing believe that society is better served by focusing its attention and resources on a minority of society to protect the free society institutions against the threat from the criminal elements of that society. The opponents of pro-active policing believe that, if left unregulated, police agencies could be used to suppress civil liberties and unpopular opinions. Governments may pressure agencies to monitor opposition groups to gain intelligence on their tactics. Such practices can be rationalised as protecting the free institutions of the State. As governments become less popular, they w ill be tempted to increase their surveillance to suppress the opposition.
SURVEILLANCE ON THE NET IN OTHER COUNTRIES
In Russia, the State Security Service, known as the FSB, the main successor to the KGB, is planning all-encompassing surveillance of Internet communications. Andrei Sebrant of GlasNet, one of Russia's leading Internet Service Providers(ISP) states, "There is no concept of privacy anywhere in the Russian Constitution, so strictly speaking, there's nothing illegal about this." The idea is to force each ISP in Russia to install a "black box" that connects all ISP services to the local FSB office through fibre-optic cable. This would enable state-sponsored snoopers to collect and examine all e-mail, as well as all data on web surfers including their net surfing habits.
In European Union, instead STOA critiques to Echelon surveillance system, another kind of state watching project is ready. The EU, in co-operation with the FBI of the USA, is launching a system of global surveillance of communications to combat "serious crime" and to protect "national security," but to do this they are creating a system which can monitor everyone and everything. The EU will be able to trawl the airwaves for "subversive" thoughts and "diss ident" views and, with its partners, across the globe. The Council of the European Union and the FBI in Washington, USA has been co-operating for the past years on a plan to introduce a global telecommunications tapping system:
"The legally authorised interception of telecommunications is an important tool for the protection of national interest, in particular national security and the investigation of serious crime. [...] Modern telecommunications systems present the risk of not permitting the lawful interception of telecommunications if they have not been adapted, at the standardisation and design stage, to allow such interception [..]".
Source: "Interception of communications," report to COREPER, ENFOPOL 40, 10090/93, Confidential, Brussels, 16.11.93. ; Council General Secretariat to COREPER/COUNCIL, ENFOPOL 166, 12798/95, Limit, 14.12.95.
The FBI invited US allies to come to its see, in Quantico. Law enforcement and security agency representatives met there, calling themselves the "International Law Enforcement Telecommunications Seminar" (ILETS). Seen in retrospect, the title "seminar" is a black joke. Acting in secret and without parliamentary knowledge or government supervision, the FBI through ILET S has since 1993 steered government and communications industry policy across the world. In the shadows behind the FBI stood the NSA (National Security Agency), whose global surveillance operations could only benefit if, around the world, users were systematically to be denied telecommunications privacy in the information age.
The countries who came to Quantico in 1993 were traditional US intelligence allies like Canada, the UK and Australia. There was also a core Euro group interested in developing extended surveillance systems - Germany, France, the Netherlands, Sweden (and the UK). Other representatives came from Norway, Denmark, Spain and even Hong Kong. The FBI tabled a document called "Law Enforcement Requirements for the Surveillance of Electronic Communications," written in July 1992. In June 1993, EU ministers meeting in Copenhagen agreed to poll member states on the issues raised by the FBI and by ILETS. After discussions in Europe later in 1993, ILETS met in Bonn early in 1994. By now Austria, Belgium, Finland, Portugal and Spain had joined the 19 member group. The expert committees drew up "requirements" to intercept the Internet. During July 1998, ILETS experts met in Rome: The result was ENFOPOL 98. A document which purpose was to "clarify the basic document in a manner agreed by the law enforcement agencies as expressing their common requir ement"
The most chilling aspect of the ILETS and ENFOPOL story may not even be the way in which the US-led organisation has worked in the dark for more than 6 years to built snooping trapdoors into every new telecommunications system. Their determination to work in the dark, without industry involvement or legal advice, without parliamentary scrutiny or public discussion, has blinded them to the idea that not all "law enforcement" is a public good.
The Enfopol 98 document was revealed by Telepolis, the European Online Magazine It caused the change of the original purposes, approximately, borning in April 1999 the document called ENFOPOL 19. This proposal still concerns "interception of telecommunications in relation to new technologies": ENFOPOL 19 suggests that some tapping systems could operate through a "virtual interface." This would mean installing special software at Internet access points, controlled remotely by government security agencies.
It is important to note that, at the moment, ENFOPOL is not a reality (unlike ECHELON), but merely a proposal drawn up by a working group for police collaboration. But at the same time, ENFOPOL is not an isolated concept completely detached from reality. Many of the statements, the listed requirements and even the language used resemble legal draft papers and bills recently made public or already put to work in countries like Germany and Austria. In both countries, the original bills which had asked for Internet service providers (ISPs) to give security forces back door access to customer information had to be watered down after an outcry in public, mainly organised by lobby groups of ISPs and telecommunication operators. The similarity of the ENFOPOL proposals and these surveillance bills in Austria and Germany tell us that key employees within European police forces are trying to pull the net more closely together to create a harmonisation of European surveillance laws.
Police statements often refer to the danger of lagging behind while organised crime and terrorism are exploiting high-technology and when national borders are opening up. But their own declared goals are not served better when at the same time all privacy rights are taken away from individuals. Furthermore, the way in which all this is done suggests a mental regress into "big brother" thinking. Politicians and civil servants are making top-down decisions, far away from the public. A democratic debate has barely taken place so far.
CONCLUSION: SOLUTIONS FOR THE CITIZENSHIP PRIVACY
Every new technology in history has always first been introduced and (ab)used by the established powers, in support of their activities, particularly war and policing, and as an instrument of controlling public opinion and suppressing alternative thought and action. At the same time, every new medium has always and can always also be used as an instrument of liberation, better communication, alternative thought and action. Print was the first important example, the computer is the last.
Even though, or rather because the computer nets are and will be used by the existing controlling powers, they must and will also be used by an increasing number of people against the powers, and no amount of electronic surveillance will stop that -apart form the fact that while surveillance is a reality and no computer net are completely immune against it.
The PGP programme author,
Zimmermann, said "If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defence contractors, oil companies, and other corporate giants. But ordinary people and local and alternative political organisations mostly have not had access to affordable ways of protect their privacy.[...] Privacy is a right like any other. You have to exercise it or risk losing it." Maybe, the only exit will be the use of cryptography, "the electronic envelope" that turns our electronic postcards into real private letters.