9/23/2004

1984 never came

It's amazing how paranoid people are about the Internet and government. Every time I hear the profoundly stupid idea about how the "Government," (but what really is meant is the American government) is scanning all Internet traffic for key words so they can find terrorists, I want to get up on my soap box and give a lecture on how the Internet works.

Usually, I can't resist the urge and I go off on a tangent for a few minutes.

Unless you work for the FBI, or the NSA or the CIA, or are already a criminal with a record, it is extremely unlikely that anyone from the US government is taking the time to scan your PC for secret terrorist messages. They certainly are NOT monitoring all possibly traffic coming in and out of your machine. If you aren't living in the US, it is even less likely that everything coming in and out of your PC is being monitored. I am 100% certain that if you send a message to a friend in Alberta and it never leaves CA net that it is NOT going to some mythic server in the Whitehouse or Pentagon for scanning.
It's just not how the Internet works.
It never was.
It is extremely unlikely that it ever will be.
Stop worrying folks.
Big Brother is not watching you.
He's got better things to do with his time.
Like play golf.

4 comments:

Anonymous said...

Actually, monitoring of Internet traffic (and other communications) is occurring. The FBI has a system called Carnivore (ref: http://www.epic.org/privacy/carnivore/, http://www.fbi.gov/congress/congress00/kerr090600.htm, http://www.fbi.gov/congress/congress00/kerr072400.htm) which is specifically designed to monitor e-mail traffic. Now, regardless of what they say publicly, the system exists, and its capabilities are real, and are also scalable (it's software, so if you stick it on a server that's beefy enough, it can be installed at the ISP level or higher). They don't need to monitor private machines (unless they're looking for something specifically incriminating like child porn) because they can just scour at the ISP level and above.

Monitoring of electronic communications in general is done by a system (that "doesn't officially exist") called ECHELON (http://www.echelonwatch.org/, http://www.fas.org/irp/program/process/echelon.htm). ECHELON is a multinational sigint (signals intelligence) system with several points-of-presence around the world.

Both are real. The full capabilities of each aren't fully known. Projects of this scale do require a lot of cooperation from backbone operators and Internet exchange points, but these government agencies can get it. This isn't tinfoil hat stuff, it really does exist.

In general, privacy is becoming an increasingly important issue. Take the case of automobile black boxes, for instance. They're there to record about 3 seconds of data leading up to airbag deployment. In an accident, investigators can tell how fast you were travelling, if the brakes were applied, etc. It's very easy to extend that system by linking it up with GPS. And this is what insurance companies will love. They can tell where you drive (some roads have more accidents, some neighbourhoods are more dangerous), how fast you drive, etc., and set your insurance rates accordingly. Wouldn't that be nice?

How about RFID? Tag range is pretty short, but what if somebody goes through your garbage and finds out what you have been buying? Marketing companies would love that. They could do more targeted marketing based on your purchases. RFID could be used to track where you go if tag readers are made commonplace. This data could be aggregated. That means less privacy for you.

There's a slippery slope here, and the U.S. government in particular is just itching to slide down it if they haven't already in some cases.

- Herman

Ruth said...

I have read up on both ECHELON and Carnivore (mostly on account of the conversation that lead me to post this particular entry).
The point is that neither one is set up to monitor all possible Internet communication. It simply can't be done; it's not how routers work. If packets are not routed through servers running either one of these programs (assuming they are single programs and not several programs put together to make some complex system) then they aren't going to be scanned. Generally speaking, routers are not set up to send copes if packets to another server (although it would not be impossible) and they are rarely, if ever, set up to scan incoming packets to determine their contents. The overhead is too high. Usually, only the destination header is read.
Also, while the US could twist the arm of American-based ISP's, they would be significantly less successful in other countries.
If you do some searching on the web, most references to ECHELON are from 2000 or older. All of them refer to it as a Cold War project. The most recent informaiton accuses the US of using it to give American companies and edge of their European competitors.

I don't deny that privacy is an important issue. It certainly is. However, I don't think the biggest threat is from government; they can't get their act together enough to run the country, there's no way their spying on me. A much bigger threat comes from corporations and criminals. Multinationals certainly do track your spending habits in order to determine proper advertising techniques and identity theft is a real problem. Instead of worrying about whether or not the government is reading your email, make sure you shred all your reciepts (and especially those with credit card numbers on it).

Anonymous said...

My intention was not to suggest that ECHELON or Carnivore can monitor 100% of electronic communications. I know how the Internet works (I am a computer and (soon-to-be) network engineer, after all). It's a hierarchical system, though, and many US-centric telecomm companies control the NAPs comprising the backbone of the Internet.

A lot of Internet traffic gets routed through US networks as well, even if it originates from overseas...e.g. if somebody is using services from an American provider, like a Hotmail e-mail account or something, the databases are distributed and replicated around the world. Additionally, ten of the thirteen DNS root name servers are located in the US. So again, US network providers play a huge role in the Internet.

Processing of IP datagrams need not be done in real-time, which I agree would impose too much overhead. But there is no reason why these could not be copied (or just randomly sampled) at the NAP level for later analysis. Some ISPs that were "encouraged" by the FBI to install the Carnivore system on their networks reported that the device is more or less a self-contained black box.

You are right that the US would have more difficulty twisting the arms of network providers in other countries, but because American multinationals operate NAPs and POPs overseas, it's not as much of a stretch as you'd think. I'm not convinced that projects like ECHELON are dead. In fact, I spoke to a CSE recruiter at McMaster in early 2003 who indicated that this type of surveillance is still a major initiative. I did hear the same reports that the system was being used in part to conduct industrial espionage.

I think that perhaps the point *is* that the government can't get their act together enough to run the country. They are incompetent, don't understand the technical issues, invade our privacy, bend to corporate interests to criminalize benign acts and then either arrest/hold private citizens against their will (either physically or figuratively with "cease-and-desist" orders), or allow corporations to do so.

I am "scared" of the (U.S.) government, but only to a point. I've posted some rants in my journal about the American government (including specific officials like John Ashcroft) and corporations like the RIAA. My real problem with the government, though, is that are the enablers allowing companies to do whatever the heck they want.

- Herman

Ruth said...

I am forced to agree with you on the opinion that the goverment can't get it's act together in most cases and is not as comprised of as many technically competent people as it should be. This is as true in Canada as it is in the US.

Listed on BlogsCanada Blogarama - The Blog Directory Powered by Blogger FeedBurner Blogging Tories
Southern Ontario Conservatives