I have about five topics to share this month. All loosely about privacy, a complicated issue that would take a book length essay to really do justice. But, here are the basics:
Information: Who wants it?
The services-information gathering sector of the economy is probably close to being the majority of the economy. A scary thought. Information is today's gold.
Advertisers love information. If they can target their products to those that are most likely to buy, it increases profits and decreases cost. Information about who you are, what you need/like, how old you are, how many are in your household, how old is everybody, what do they all need/like, what are your fears, where do you like to go, etc. can help target what you are likely to buy and what you will not buy.
Criminals love information. What do you own? When are you out of the house? What kind of security do you have?
Crime fighting organizations love information. What illegal activity might you be involved in? What illegal activity are you likely to commit later?
Business loves information. Got any hot tips? How is your business doing? What is your credit history? What are you investing in?
Information: How do you get it?
Five basic sources:
1. Credit history - anybody can check your history and credit expenditures without you knowing.
2. Criminal records - Always a public record to reveal your weaknesses.
3. Internet - Do you know how much info about you is available on the Internet? Read a spammed E-Mail I got.
4. Shopping records - Ever use one of those super saver cards at the supermarket? How about joining a membership store like Costco or Sam's Club? Everything that you buy using these cards is stored on a computer somewhere, and can be (but it not always is) sold to advertisers. Ever subscribe to a magazine only to get subscription offers for 10 other magazines in the same category? Not just for advertisers, Federal prosecutors have already filed subpoenas at stores looking for people who buy ingredients for "crystal meth" using their savings cards.
5. Phone records - not really available publicly, yet. Just this month the 10th Circuit Court of Appeals opened a door to a possible new source of privacy invasion. US West (one of the baby bell phone companies) brought a case to the court arguing that existing federal protections of individual privacy violated its own First Amendment right to solicit business by not allowing it to use internally information it already compiles on customers, such as types of phone service. The Court ruled in favor of US West. The FCC which is appealing the ruling, claims the decision is broad enough to open the door to wide spread invasions of privacy. Think about it: Do you really want the world to know how often you call your doctor? mechanic? pizza delivery? liquor store? order pay-per-view?
This of course was not the intention of the court case, according to US West spokesperson, "It would be extremely difficult, bordering on impossible, to take local calling data and translate [it] for marketing purposes." Still it is not technically impossible, and if there is a will, and a profit margin, someone will find a way.
So, just how much can someone with enough time, money, and "know how" find out about you using perfectly legal sources? It is rather scary, especially if the info gets in the wrong hands.
NSA: Masters of data collection
One of the larger collectors of all of this data is the National Security Agency (NSA). The agency is so secretive that for the first 27 years of operation, their existence was never revealed publicly. For the most part, their work serves an important purpose -- to gather intelligence necessary for the security of the free world. For every terrorist bombing that happens in the world, there are at least a few that get thwarted due to actions by the intelligence community.
Still if you are worried about someone knowing virtually everything about you, this is an organization that has the resources and virtually unlimited "know how". Not only that, they are privy to numerous resources not listed above. Their capabilities are not exactly up to that portrayed in the movie Enemy of the State (many of the technologies described in the movie are physically impossible, even the government has to obey the laws of physics). However, there are parts of this that are surprisingly true.
Take for example the ability to listen to phone calls. The NSA now has the capability to listen in on most every phone line in the world. According to two recent publicly published reports An Appraisal of the Technologies of Political Control, and Interception Capabilities 2000. The US Government, with cooperation from the rest of the major English speaking countries (Canada, Australia, Great Britain and New Zealand), has set up a vast computer and telecommunications network called Echelon. It is made up of the direct monitoring of any wired communications that pass through the above mentioned countries, plus stationary radio listening posts on the ground to monitor radio traffic over the oceans, plus mobile listening posts maintained by the armed forces stationed in the world's hot spots (the intelligence community loves it when we send troops abroad), plus an untold number of ears in the sky listening to everything bouncing off the ionosphere. All of this data flows over a private network to Fort Meade Maryland where supercomputers search the data for key phrases like "terrorist bomb", then record that conversation for later analysis.
There are exploitable flaws, it is impossible to monitor every communication, so they are just randomly selected (pointed in the direction of likely sources, of course.) Coverage of the world is still not complete, lines running through most of Asia and Africa are not available, yet. And there have been some embarrassing security breaches, like when one of the satellites crashed in China last year, more or less intact. (Now China may have the capability to monitor the satellite network and get the same info as the US).
Should anybody be worried about this "big brother" spying on you? Only if you have anything to hide. If you are not a major drug dealer, a head of a corporation with military contracts, work for the government in a position dealing with sensitive information, purchasing components that might be used as a bomb, or an immigrant from a nation the US is not on friendly terms with, you probably have nothing to worry about. Unless you fit the profile, the government has better things to do than spy on you, so don't get paranoid.
Echelon: What is it good for?
The mere existence of Echelon breaks numerous treaties and international laws. Nevertheless, most of the western governments knew of its existence for years and chose to turn a blind eye due to the fact that it was the USA doing it, and the obvious security benefits that come from its existence.
Earlier this year those blind eyes opened when the above mentioned reports revealed other uses nobody imagined. The reports claim that the NSA has been routinely intercepting sensitive traffic relating to bids, takeovers, mergers, investments and tender offers, all for U.S. economic benefit. A Congressional investigation into the use of Echelon in winning an airplane manufacturing bid for Boeing over France's Airbus has ended with the NSA more or less pleading the fifth amendment.
The misuse of available technology is a common ethical theme in Science Fiction lore. These guys ought to watch more Star Trek and read more Asimov. Apparently there is a culture of "above the law" and above common decency within the agency, mostly due to the fact that they are already breaking laws just by existing. This is very scary from a privacy standpoint. Weeding out corporate espionage is one thing, weeding out espionage with the backing of the government is a completely different thing.
Can Phone scramblers stop Echelon?
Short answer: NO. About a year and a half a go in my Mercury Rising essay, I wrote that there are virtually no unbreakable codes. At least a few people wrote back saying that a one-time pad (a file of random letters, or binary numbers that are added or XORed to the decoded message) is virtually unbreakable without access to the pad. In theory, this is true. The encryption code I described in that essay is similar to a one-time pad in that the pseudo randomness can be found in the complex algorithm and in the file used to create it. There are three problems. True randomness is hard to come by, and any flaw in the randomness can be exploited. Second, it is unpractical to come up with a new random one-time pad that can be accessed by sender and receiver for each and every message. Third, not only do you have to get the message from sender and receiver, you also have to get the one time pad from sender to receiver, and that ends up being a security risk. Neal Stephenson's latest novel Cryptonomicon describes how each of these flaws can be exploited.
Now in getting past Echelon, so that you can have secure live two way phone conversations, you have to use scrambler technology that is far less secure than the one-time pad mentioned above. With the right resources it is possible to descramble any phone line (or wireless communication) almost as fast as it is scrambled. And the NSA, almost certainly has the resources. These resources come in two forms: federal laws and mathematical laws.
Federal law says that any form of security encryption that can be exported must include a "back door" that can be used by the government. For example, every home security system has a secret unchangeable code that can be used to disable the security system. It varies for each make and model. Law enforcement has access to these codes for emergencies, search warrants, etc. Sounds downright fascist of them, but it is necessary for tracking of criminal behavior.
Recently it was revealed that such a back door exists in all of the Microsoft Windows operating systems. A Canadian company called Cryptonym announced the finding of a second key labeled NSAKEY in the part of the operating system that confirms a valid security system. NSA neither confirmed or denied its existence. Microsoft said it was put there to meet federal export requirements, but denied ever actually giving the key code to the NSA. Similar back doors can be found in every commercial phone scrambler used in the US. All the NSA needs is to figure out which phone scrambler you are using.
The other resource is Mathematics. Computer people talk about "top down" versus "bottom up", they are usually referring to approaches for compiling programs or storing data, but it is also a valid distinction in cryptography.
During W.W.II Germany used an encryption code called Enigma. They were convinced it was unbreakable because from a "top down" perspective there were 10 to the 114th power different encryption schemes. And since the code changed daily, they though it impossible to break on a daily basis. Mathematician Alan Turing, after seeing a captured Enigma machine figured out a way to descramble using a "bottom up" approach. He could systematically rule out the vast majority of possible encryption keys within an hour. The possible codes left could be tried and eliminated usually by the end of the day.
The convenience of live two way communication over a scrambled phone limits the kinds of encryption/decryption algorithms that can be used to those that are vulnerable to the same "bottom up" tricks. Voice conversation looks like this digitally:
Scrambled noise looks like this:
In order to break a scrambled message, you can eliminate those algorithms and codes that will turn the scrambled message into an even more scrambled mess. The ones left can be tried until one turns into what the computer recognizes as digital speech. With a powerful enough computer, this descramble could take only seconds. Furthermore, if you want to get Echelon's attention just go ahead and scramble your conversations.
There are very complicated scrambling techniques that are much harder to decode, they don't use standard digital encryption or decryption. One is a camouflage approach where your radio transmissions just sound like background noise. Another is a multiline (or multifrequency) approach that uses many phone lines or frequencies (say 10 or so). Then, you change which phone line (or frequency) you are on every fraction of a second. The sender and receiver must synchronize to stay on the correct line. This is pretty secure, unless the phone tapper has access to all 10 lines or frequencies (which Echelon probably does).
International Cryptography Freedom - Links to sources on cryptography and security
The Darker Side of Echelon - Article about the downed satellite in China
Cryptonym - Source of the NSAKEY rumor. Includes source code for deleting the key on Windows NT 4.0
Electronic Privacy Information Center - Source of lots of articles about privacy including info about the US West court case.
Cryptonomicon - Cool 900 page novel about encryption by Neal Stephenson that inspired me to write all this.
The Code Book - New Non-Fiction book on the history of cryptography.