Republican playbook for 2006 elections leaked

A 91-page document describing the Republican strategy for the 2006 elections has been leaked and is available online (PDF). The document was obtained by The Raw Story website, which has published a summary:

The document, signed by Senators Rick Santorum (R-PA) and Kay Bailey Hutchison (R-TX), reveals plans to focus Republican Senatorial campaigns on three themes.

Next week, Republicans will tout efforts to "secure America's prosperity" through a variety of programs. Plans for small business health insurance pooling, spending reductions, increased domestic oil drilling, and "permanent death tax reform" are all to be pushed at the state level.

Mid-month, Republicans are expected to shift gears, focusing voter's attention instead on a variety of values-based initiatives. "Democrats oppose preserving a clear definition of marriage, are blocking child custody protections, and have obstructed the confirmation of fair judges," the document reads. "Republicans are committed to protecting these traditional values by fostering a culture of life, protecting children, banning internet gambling and upholding the rule of law."

Stem cell bills, though vetoed by President Bush are also to be championed by Republicans, even as they promote a law preventing "fetus farming," a practice lawmakers believe could one day result from stem cell research. Strangely, a section touting various types of stem cell funding set to be promoted by Republicans is followed by another section, headlined, "Setting The Record Straight: President Bush's Stem Cell Policy Is Working."

Also included in the Republican values push will be the Child Custody Protection Act, which would make "it a federal crime to circumvent state parental involvement laws by taking a minor across state lines for an abortion."

Republicans then plan to spend the month's remaining two weeks promoting the party's efforts in regard to homeland security.

Approval of Attorney General Alberto Gonzales' plan for new, court-martial-like trials for terror detainees seems to be a priority, as are funding for the US-Mexico border fence, employee background checks for port security workers and improvement of the national emergency alert system.

The section seems more concerned, however, with defending the Republican record on security, promoting positive statements by the Iraqi Prime Minister, and combating Democratic criticism. For instance, terror suspect surveillance is listed as a priority, and "liberal newspaper" reports about NSA wiretap programs are criticised, but future programs are not listed among other proposed laws.

Hat tip to Jack Kolb on the SKEPTIC mailing list.

Extending CALEA to VoIP: a bad idea

The Information Technology Association of America (ITAA) has issued a report on “Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice over IP” (21-page PDF) by Steven Bellovin, Matt Blaze, Ernest Brickell, Clinton Brooks, Vinton Cerf, Whitfield Diffie, Susan Landau, Jon Peterson, and John Treichler. This report comes at a time when the FCC and courts have already ruled that VoIP and facilities-based broadband providers must provide lawful interception capabilities under CALEA for VoIP services that are “interconnected” with the publicly-switched telephone network (PSTN).

The report effectively argues that in order to extend CALEA compliance to VoIP, “it is necessary either to eliminate the flexibility that Internet communications allow—thus making VoIP essentially a copy of the PSTN—or else introduce serious security risks to domestic VoIP implementations. The former would have significant negative effects on U.S. ability to innovate, while the latter is simply dangerous.”

The report gives a good basic explanation of VoIP (which comes in a variety of possible flavors), an explanation of pre-CALEA wiretapping and current CALEA wiretapping (including cellular telephone wiretapping and roving wiretaps), and then describes the similarities and differences between the Internet and the PSTN.

It then describes the issues of security raised by applying CALEA to VoIP and the risks to innovation created by applying CALEA to VoIP.

Two of the key problems for applying CALEA to VoIP are:

• VoIP mobility. A VoIP phone can be plugged in anywhere on the Internet, for non-facilities-based VoIP providers like Vonage. The network that connects the VoIP phone to the Internet—which is the one in a position to intercept the call data--need not be the network of the VoIP provider, or have any relationship with the VoIP provider.
• VoIP identity agility. A VoIP user can have multiple VoIP providers and easily switch between them from moment to moment. The owner of the Internet access network is not in a position to know who a VoIP user is purchasing VoIP services from. They are in a position to be able to intercept and detect what VoIP providers the user connects to directly, but not if the VoIP user is using encrypted traffic through proxies.

Further problems are caused by the fact that the communications between two VoIP phones is peer-to-peer, and the routing of a call at the IP layer can change in mid-call. Because of the former issue, the call contents may not traverse the VoIP provider's network, and thus it will not be in a position to intercept (unless it behaves like the PSTN, forcing the call contents to also come through its network, using SIP proxies/RTP relays). In order to truly be able to intercept all VoIP calls using VoIP as it is designed, there would have to be cooperation between the VoIP user’s access provider of the moment (which could be any Internet provider—a WiFi hotspot, a friend’s ISP, a hotel’s Internet connection) and the VoIP provider being used—but law enforcement may not be in a position to know either of these. The kind of cooperation required would have to be very rapid, with interception equipment and systems already in place and able to eavesdrop wherever the voice traffic may flow, upon appropriate request. This would require extensive coordination across every VoIP and Internet provider in the United States of a sort that doesn’t exist today. It would require extremely careful design and implementation to avoid creating vulnerabilities that would allow this incredibly complex infrastructure to be exploited by unauthorized users--but with so many parties involved, I think that's a pipe dream. This incident with cellular telephony in Greece shows what can already happen today with unauthorized parties exploiting CALEA technology.

And the FCC has ordered that it be in place by May 14, 2007. There’s no way that’s remotely possible--note that the FCC gave ordinary wireline telephone companies over a decade to implement CALEA in the PSTN, and it has been an extremely difficult and expensive process. At best, by the deadline facilities-based VoIP providers will be able to provide interception for call traffic that goes across their own networks, and apparently be forced to do that for all traffic (or else there would be a way to distinguish calls being rerouted for interception from all other calls). And if that's the only kind of VoIP that is permitted, VoIP innovation is stifled.

One company that has been pushing hard for these extensions of CALEA is Verisign. They have been doing so because they want to act as the one-stop-shop for U.S. law enforcement, setting up their own infrastructure to interconnect with all Internet and VoIP providers to provide everything from subpoena handling to wiretapping services under contract to the providers. This would effectively hand off wiretapping capability to a third party, working on behalf of the government, over which the individual providers would have little oversight.

For more on CALEA, see the Electronic Frontier Foundation's CALEA website. For more on the history and politics of wiretapping, see Whitfield Diffie and Susan Landau's excellent book, Privacy on the Line: The Politics of Wiretapping and Encryption.

UPDATE July 7, 2006: I've updated the above text in light of Charles' comment, to make it more accurate about interception by forcing VoIP calls to route through the VoIP provider's network.

More details on apparent NSA interception at AT&T

Salon.com has a new article on a room in an AT&T facility in Bridgeton, MO (a St. Louis suburb) that may be an NSA interception facility. The room is protected by a man trap and biometric security, and the AT&T employees who are permitted to enter it had to get Top Secret security clearances. The work orders for setting up a similar room in a San Francisco AT&T office, reported by former AT&T worker Mark Klein, came from Bridgeton.

The Electronic Frontier Foundation has an ongoing class-action lawsuit against AT&T over its involvement in illegal NSA wiretapping.

Late 1990s NSA program

The Baltimore Sun has reported on a shelved 1990s NSA program to collect and analyze phone records which had the following features:

*Used more sophisticated methods of sorting through massive phone and e-mail data to identify suspect communications.

* Identified U.S. phone numbers and other communications data and encrypted them to ensure caller privacy.

* Employed an automated auditing system to monitor how analysts handled the information, in order to prevent misuse and improve efficiency.

* Analyzed the data to identify relationships between callers and chronicle their contacts. Only when evidence of a potential threat had been developed would analysts be able to request decryption of the records.

Perhaps this program was brought back after 9/11? If such records were maintained with phone number and caller information encrypted until needed, and decrypted only with appropriate legal authorization, would that enable Verizon and BellSouth to truthfully deny having supplied the records to the NSA? I don't think so, unless the system was in the possession of the phone companies and didn't release data to the NSA until legal authorization was obtained. But would such a system be objectionable? So long as the controls genuinely prevented abuse and legal authorizations were really obtained for each use, I don't think it would be. (Via Talking Points Memo.)

BTW, in a New York Times story in which Verizon denied turning over records to the NSA (which BellSouth has also denied), Tony Rutkowski of Verisign is quoted suggesting that the NSA may have collected long-distance phone records rather than local calls. The article notes that Verizon's denial seems to leave the door open to the possibility that MCI, which Verizon recently acquired, had turned over data. Verisign, it should be noted, has been attempting to develop a business where it acts as a third-party manager for subpoenas and wiretapping for phone companies. While the telcos have strongly attempted to block attempts by the government to expand its wiretapping capabilities into the VOIP and Internet arenas (in part on the grounds that the CALEA statutes do not cover them, and also because the infrastructure expense is placed entirely on the telcos), Verisign has supported the government's efforts, as these filed comments with the FCC make clear (red means support for expanded government wiretapping capability, blue means opposition).

You'll note that Verisign is uniformly supportive of the government, and of the three telcos that have come under fire for giving data to the NSA, two are uniformly opposed (BellSouth and SBC (now AT&T)) and one is partly opposed and partly supportive (Verizon). I'm happy to note that my employer, Global Crossing, is not only on record as opposed, but filed comments which addressed more of the issues than most of the other filers.

(UPDATE May 19, 2006: Apparently the 1990s program was called ThinThread.)

Details of AT&T cooperation with the NSA emerge

Details of AT&T's cooperation with the National Security Agency are beginning to emerge as a result of the Electronic Frontier Foundation's lawsuit against AT&T, as described by Wired:

AT&T provided National Security Agency eavesdroppers with full access to its customers' phone calls, and shunted its customers' internet traffic to data-mining equipment installed in a secret room in its San Francisco switching center, according to a former AT&T worker cooperating in the Electronic Frontier Foundation's lawsuit against the company.

Mark Klein, a retired AT&T communications technician, submitted an affidavit in support of the EFF's lawsuit this week. That class action lawsuit, filed in federal court in San Francisco last January, alleges that AT&T violated federal and state laws by surreptitiously allowing the government to monitor phone and internet communications of AT&T customers without warrants.

On Wednesday, the EFF asked the court to issue an injunction prohibiting AT&T from continuing the alleged wiretapping, and filed a number of documents under seal, including three AT&T documents that purportedly explain how the wiretapping system works.

According to a statement released by Klein's attorney, an NSA agent showed up at the San Francisco switching center in 2002 to interview a management-level technician for a special job. In January 2003, Klein observed a new room being built adjacent to the room housing AT&T's #4ESS switching equipment, which is responsible for routing long distance and international calls.

The account says that AT&T's Internet peering traffic, as well as voice traffic, is being intercepted:

"While doing my job, I learned that fiber optic cables from the secret room were tapping into the Worldnet (AT&T's internet service) circuits by splitting off a portion of the light signal," Klein wrote.

The split circuits included traffic from peering links connecting to other internet backbone providers, meaning that AT&T was also diverting traffic routed from its network to or from other domestic and international providers, according to Klein's statement.

The secret room also included data-mining equipment called a Narus STA 6400, "known to be used particularly by government intelligence agencies because of its ability to sift through large amounts of data looking for preprogrammed targets," according to Klein's statement.

This information goes well beyond what had already been determined about AT&T's gigantic call detail record (CDR) database, Daytona, that preserves a record of decades of telephone calls. That database included only the phone numbers and dates and times, not the actual content of the calls. This new information, by contrast, suggests the ability to actually intercept the content of voice calls and Internet data transmission.

AT&T's 1.9-trillion-call database

John Markoff has a story in the New York Times about AT&T's "Daytona" database, which has a record of 1.9 trillion calls from over the last several decades. The Electronic Frontier Foundation, which has filed a lawsuit against AT&T for cooperating with the NSA's warrantless interception program, asserts that this database has been used by the NSA for data mining.

"Checking every phone call ever made is an example of old think," he said.

He was alluding to databases maintained at an AT&T data center in Kansas, which now contain electronic records of 1.92 trillion telephone calls, going back decades. The Electronic Frontier Foundation, a digital-rights advocacy group, has asserted in a lawsuit that the AT&T Daytona system, a giant storehouse of calling records and Internet message routing information, was the foundation of the N.S.A.'s effort to mine telephone records without a warrant.

An AT&T spokeswoman said the company would not comment on the claim, or generally on matters of national security or customer privacy.

But the mining of the databases in other law enforcement investigations is well established, with documented results. One application of the database technology, called Security Call Analysis and Monitoring Platform, or Scamp, offers access to about nine weeks of calling information. It currently handles about 70,000 queries a month from fraud and law enforcement investigators, according to AT&T documents.

A former AT&T official who had detailed knowledge of the call-record database said the Daytona system takes great care to make certain that anyone using the database — whether AT&T employee or law enforcement official with a subpoena — sees only information he or she is authorized to see, and that an audit trail keeps track of all users. Such information is frequently used to build models of suspects' social networks.

The official, speaking on condition of anonymity because he was discussing sensitive corporate matters, said every telephone call generated a record: number called, time of call, duration of call, billing category and other details. While the database does not contain such billing data as names, addresses and credit card numbers, those records are in a linked database that can be tapped by authorized users.

New calls are entered into the database immediately after they end, the official said, adding, "I would characterize it as near real time."

(Via Bruce Schneier's blog.)

Illicit wiretapping of Greek politicians was done through legitimate code

Bruce Schneier reports on the technical details of how about 100 Greek politicians and offices, including the U.S. Embassy in Athens and the Greek prime minister, were illictly tapped. What was originally referred to as "malicious code" turned out to be eavesdropping code in Vodafone's mobile phone software that was present for law enforcement interception. The same kind of code is present in U.S. phone switches as required by CALEA. As Schneier points out, "when you build surveillance mechanisms into communication systems, you invite the bad guys to use those mechanisms for their own purposes."

The Secret FISA Court

Via Steve's No Direction Home Page:

Apparently presidential wiretapping is frowned upon--when it's done by Clinton.

Some of the reader comments are hilarious, viz.:

"Any chance of Bush rolling some of this back?"

"As quietly as possible (although it sometimes breaks out into the open, usually with the sound of gunfire and the death of innocents), a "shadow government" has been set up all around us my friend. It's foundation is not the constitution, but Executive Orders, Presidential Procalamations, Secret Acts, and Emergency Powers."

"This is wherein the danger lies in the precedent set by the Clinton criminal administration. God only knows who will be in power next, but there are no checks and balances anymore. This is exactly the SORT of thing I've been protesting all along. Libs just don't see this!"

Schneier and Paulos on automated wiretapping

Security and cryptography expert Bruce Schneier gave a talk yesterday to the ACLU Washington's membership conference at which he argued that massive automated wiretapping generates too many false alarms to be useful, as described in the Seattle Times. As a commenter on Schneier's blog notes, mathematician John Allen Paulos (author of Innumeracy and A Mathematician Plays the Stock Market, both of which I highly recommend), writing in a New York Times op-ed titled "Panning for Terrorists," makes the same point.

The problem is essentially the same one that makes it pointless to engage in programs of blanket drug-testing of grade school children or mandatory HIV testing in order to obtain a marriage license--the population being tested contains such a small number of people who meet the criteria being tested for, which means that even a highly accurate test returns vastly more false positives than true positives.

Paulos points out that a 99-percent-accurate sorting mechanism for detecting terrorist conversations, on a population of 300 million Americans that includes one-in-a-million with terrorist ties (300) will identify 297 of them, along with 3 million innocent Americans. That's 297 true positives and 3 million false positives, producing a new sample population that is .009% terrorists and 99.99% innocent Americans who may be wrongly investigated.

ACLU files lawsuit against warrantless wiretapping

The ACLU has filed a lawsuit against the NSA asking for an injunction against warrantless interception of communications to international destinations. The plaintiffs include James Bamford (author of The Puzzle Palace, Body of Secrets, and A Pretext for War), Christopher Hitchens, Greenpeace, Larry Diamond of the Hoover Institution, the Council on American-Islamic Relations, the National Association of Criminal Defense Lawyers, and others.

Bush advisor says president has legal power to torture children

John Yoo publicly argued there is no law that could prevent the President from ordering the torture of a child of a suspect in custody - including by crushing that child's testicles.

John Yoo is one of the primary legal advisors to George W. Bush, responsible for legal reasoning to justify torture, warrantless wiretapping, and virtually anything else the president feels is necessary. Here's the exchange with Yoo, from a December 1, 2005 debate in Chicago with Notre Dame professor Doug Cassel:

Cassel: If the President deems that he's got to torture somebody, including by crushing the testicles of the person's child, there is no law that can stop him?

Yoo: No treaty.

Cassel: Also no law by Congress. That is what you wrote in the August 2002 memo.

Yoo: I think it depends on why the President thinks he needs to do that.

More description and a link to an audio clip here.

SF Fox affiliate's Emily Litella moment

KTVU in San Francisco used this background image when discussing the NSA warrantless wiretap issue. (John Hazelton on the SKEPTIC list spotted this and got the screen capture.)

Mass computerized wiretapping

More on the implications of massive data-mining and computerized interception of voice calls, from FuturePundit and David Friedman.

FuturePundit asks the question, "Would you rather be watched by computers or people?" and suggests that the former is better--but fails to examine the question of whose computers are doing the monitoring and whether they can be trusted not to abuse it.

Bush's warrantless interception program

In a New York Times followup about the Bush-approved program to engage in interception of email and voice calls to international destinations without warrants approved by the FISA Court, it is stated that

The National Security Agency has traced and analyzed large volumes of telephone and Internet communications flowing into and out of the United States as part of the eavesdropping program that President Bush approved after the Sept. 11, 2001, attacks to hunt for evidence of terrorist activity, according to current and former government officials.

The volume of information harvested from telecommunication data and voice networks, without court-approved warrants, is much larger than the White House has acknowledged, the officials said. It was collected by tapping directly into some of the American telecommunication system's main arteries, they said.

[...]

What has not been publicly acknowledged is that N.S.A. technicians, besides actually eavesdropping on specific conversations, have combed through large volumes of phone and Internet traffic in search of patterns that might point to terrorism suspects. Some officials describe the program as a large data-mining operation.

[...]

Officials in the government and the telecommunications industry who have knowledge of parts of the program say the N.S.A. has sought to analyze communications patterns to glean clues from details like who is calling whom, how long a phone call lasts and what time of day it is made, and the origins and destinations of phone calls and e-mail messages.

This has led to some speculation that the reason the Bush administration didn't even try to get FISA Court approvals is because what is going on here is not wiretapping in the ordinary sense, but data mining along the lines of the "Total Information Awareness" program that was supposedly shut down by Congress after public protest.

Telecommunications companies, either voluntarily or under government duress, are apparently giving the government direct access to voice switches (and perhaps data switches or routers) to enable them to intercept any or all traffic passing through them, using automated tools to examine traffic patterns or content for "interesting" traffic.

Gary Farber has blogged on this at Amygdala. Noah Schactman at DefenseTech. Tim Sandefur has blogged on Robert Levy's criticism of the Bush administration's argument for warrantless wiretaps (FISA has a provision for warrantless wiretaps during the first 15 days after Congress declares war; thus if the September 18, 2001 Joint Resolution by Congress which authorized the President to use "all necessary and appropriate force" against the perpetrators of 9/11 counted as a declaration of war, warrantless wiretaps would only be allowed until October 3, 2001). Ed Brayton has more on that subject at Dispatches from the Culture Wars.

(Disclosure: I work in network security at a global telecommunications company which, to the best of my knowledge, is not participating in a program like what is described above.)

FISA Court: Rubber Stamp?

In a New York Times op-ed defending the president's warrantless wiretapping of international calls and emails, former Justice Department attorneys (under GHWB and Reagan) David Rivkin and Lee Casey write:

Furthermore, the FISA court is not a rubber stamp and may well decline to issue warrants even when wartime necessity compels surveillance.

It's not? Let's take a closer look (stats from EPIC by way of Talking Points Memo). The FISA court, established in 1978, had received 18,761 requests for warrants as of the end of 2004. How many were rejected? Four or five (sources disagree). Of the four which were definitely rejected (all from 2003), all four were partially approved upon reconsideration. And how many have been modified by the court from the original requests?

1978-1999: 0 (?)
2000: 1
2001: 2
2002: 2 (but the modifications were later reversed)
2003: 79 (of 1727 requests)
2004: 94 (of 1758 requests)

It looks to me like the FISA court was a rubber stamp at least until 2003, and quite arguably still is.

Rivkin and Casey go on to argue that Congress has no authority to regulate how the President exercises his wartime authority:

The Constitution designates the president as commander in chief, and Congress can no more direct his exercise of that authority than he can direct Congress in the execution of its constitutional duties.

Say what? Have they not read Article I, Section 8 of the U.S. Constitution, which explicitly gives Congress authority to regulate many aspects of military and wartime activity? I've italicized a key passage:

Congress shall have the power ...

To declare war, grant letters of marque and reprisal, and make rules concerning captures on land and water;

To raise and support armies, but no appropriation of money to that use shall be for a longer term than two years;

To provide and maintain a navy;

To make rules for the government and regulation of the land and naval forces;

To provide for calling forth the militia to execute the laws of the union, suppress insurrections and repel invasions;

To provide for organizing, arming, and disciplining, the militia, and for governing such part of them as may be employed in the service of the United States, reserving to the states respectively, the appointment of the officers, and the authority of training the militia according to the discipline prescribed by Congress;

... And

To make all laws which shall be necessary and proper for carrying into execution the foregoing powers, and all other powers vested by this Constitution in the government of the United States, or in any department or officer thereof.

Rivkin and Casey argue that the executive branch is given the power to collect intelligence information from foreign sources as it sees fit--but where in the Constitution is any such power granted to the executive branch? Their only citation is to Article II, Section 2:

The President shall be commander in chief of the Army and Navy of the United States, and of the militia of the several states, when called into the actual service of the United States

but there's no specific authority there about intelligence collection. They go on to argue that the President has the authority not only in virtue of this piece of the Constitution, but from

the specific Congressional authorization "to use all necessary and appropriate force" against those responsible for the Sept. 11 attacks "in order to prevent any future attacks of international terrorism against the United States."

But Congress is still limited by the Constitution, and the Bill of Rights still applies (or is supposed to, anyway) to every U.S. citizen.

One more abominably bad argument from Rivkin and Casey is that the Bush administration was warranted in bypassing the FISA court for reasons of efficiency and expedience:

Although the administration could have sought such warrants, it chose not to for good reasons. The procedures under the surveillance act are streamlined, but nevertheless involve a number of bureaucratic steps.

They don't bother to tell us what any of these "good reasons" are! Since the FISA court allows retroactive approvals (go ahead and tap, then get approval later), there is no issue of urgency as an argument against getting the approvals. The only reason I can see is to avoid any accountability.

Arguments that the FISA Court itself gave approval to being bypassed in 2002 are based on a misreading of a ruling by the FISA appeals court.

Enjoy Every Sandwich has a nice collection of Bush administration quotes and relevant law regarding wiretapping.

Bush attempts to suppress stories; Doug Bandow taking money from Abramoff

Howard Kurtz writes in yesterday's Washington Post that Bush has been attempting (without success in a few notable recent instances) to suppress stories about CIA prisons and wiretapping.

In the same article, he reports that Doug Bandow accepted payments of as much as $2,000 a story for pieces favorable to lobbyist Jack Abramoff's clients. He has resigned from the Cato Institute in the wake of the story, exposed by Business Week, issuing a statement that "I am fully responsible and I won't play victim ... Obviously, I regret stupidly calling to question my record of activism and writing that extends over 20 years. . . . For that I deeply apologize."

Peter Ferrara of the Institute for Policy Innovation is unapologetic about accepting similar payments; Jonathan Adler of the National Review reports that he was offered similar payments when he worked at a think tank but declined them. It's more evidence that think tank output tends to be generated by starting with paid-for conclusions and generating arguments and selecting evidence to support them--similar to Feith's selection of intelligence information to support the invasion of Iraq. Think tanks supported by particular interests simply aren't a good way of getting objective information.

More examples in Kurtz's piece.

And some good news: the PATRIOT Act reauthorization has failed

The Senate roll call vote is here. Unless a reauthorization passes, various provisions of the USA PATRIOT Act set to expire after three years will expire on December 31, 2005. These provisions include roving wiretaps, the ability to obtain certain kinds of business records without a court order, expansion of wiretap capabilities, certain kinds of sharing between agencies of information obtained via wiretap, etc. The specific details of what was in the Senate bill and the corresponding House bill may be found here (PDF).

Some of the pieces of these bills were beneficial, e.g., placing a sunset provision on the use of National Security Letters, which predated USA PATRIOT and which do not currently have an expiration date. Others extended provisions due to sunset on December 31, 2005 to 2006 or later years. (The ACLU has a lawsuit against the constitutionality of National Security Letters.)

The vote was 52-47; 60 votes were needed to end the filibuster. 2 Democrats and 50 Republicans voted yes, 41 Democrats, 5 Republicans, and one independent voted no.

Arizona: McCain and Kyl both voted yes.

UPDATE (March 25, 2007): The link for the ACLU's lawsuit on National Security Letters is stale, you can now find that information here.

Freedom Summit: Technological FUD

Sunday morning's first session was by Stuart Krone, billed as a computer security expert working at Intel. Krone, wearing a National Security Agency t-shirt, of a type sold at the National Cryptologic Museum outside Ft. Meade, spoke on the subject "Technology: Why We're Screwed." This was a fear-mongering presentation on technological developments that are infringing on freedom, mostly through invasion of privacy. The talk was a mix of fact, error, and alarmism. While the vast majority of what Krone talked about was real, a significant number of details were distorted or erroneous. In each case of distortion or error, the distortions enhanced the threat to individual privacy or the malice behind it, and attributed unrealistic near-omniscience and near-omnipotence to government agencies. I found his claim that the NSA had gigahertz processors twenty years before they were developed commercially to be unbelievable, for example. He also tended to omit available defenses--for instance, he bemoaned grocery store loyalty programs which track purchases and recommended against using them, while failing to note that most stores don't check the validity of signup information and there are campaigns to trade such cards to protect privacy.

Krone began by giving rather imprecise definitions for three terms: convenience, freedom, and technology. For convenience, he said it is something that is "easy to do," freedom is either "lack of coercion" or "privacy," and technology is "not the same as science" but is "building cool toys using scientific knowledge." While one could quibble about these definitions, I think they're pretty well on track, and that a lack of society intrusion into private affairs is a valuable aspect of freedom.

Krone then said that the thesis of his talk is to discuss ways in which technology is interfering with freedom, while noting that technology is not inherently good or evil, only its uses are.

He began with examples of advancements in audio surveillance, by saying that private corporations have been forced to do government's dirty work to avoid Freedom of Information Act issues, giving as an example CALEA (Communications Assistance for Law Enforcement Act) wiretaps. He stated that CALEA costs are added as a charge on your phone bill, so you're paying to have yourself wiretapped. He said that CALEA now applies to Voice Over IP (VOIP), including Skype and Vonage, and that the government is now tapping all of those, too. Actually, what he's referring to is that the FCC issued a ruling on August 5, 2005 on how CALEA impacts VOIP which requires providers of broadband and VOIP services which connect to the public telephone network to provide law enforcement wiretap capability within 18 months. There is no requirement for VOIP providers which don't connect to the public telephone network, so the peer-to-peer portion of Skype is not covered (but SkypeIn and SkypeOut are). This capability doesn't exist in most VOIP providers' networks, and there is strong argument that the FCC doesn't have statutory authority to make this ruling, which is inconsistent with past court cases--most telecom providers are strongly opposing this rule. The Electronic Frontier Foundation has an excellent site of information about CALEA.

Krone next talked about the ability to conduct audio surveillance on the inside of the home using 30-100 GHz microwaves to measure vibrations inside the home. This is real technology for which there was a recent patent application.

He raised the issue of cell phone tracking, as is being planned to use for monitoring traffic in Kansas City (though he spoke as though this was already in place--this was a common thread in his talk, to speak of planned or possible uses of technology as though they are already in place).
(This is actually currently being used in Baltimore, MD, the first place in the U.S. to use it.)

He spoke very briefly about Bluetooth, which he said was invented by Intel and other companies (it was invented by Ericsson, but Intel is a promoter member of the Bluetooth Special Interest Group along with Agere, Ericsson, IBM, Microsoft, Motorola, Nokia, and Toshiba). He stated that it is completely insecure, that others can turn on your phone and listen to your phone's microphone, get your address book, and put information onto your phone. While he's quite right that Bluetooth in general has major security issues, which specific issues you may have depend on your model of phone and whether you use available methods to secure or disable Bluetooth features. Personally, I won't purchase any Bluetooth product unless and until it is securable--except perhaps a device to scan with.

Next, Krone turned to video surveillance, stating that in addition to cameras being all over the place, there are now cameras that can see through walls via microwave, that can be used by law enforcement without a search warrant, which hasn't been fully decided by the courts yet. I haven't found anything about microwave cameras that can see through walls, but this sounds very much like thermal imaging, which the Supreme Court has addressed. In Kyllo v. U.S. (533 U.S. 27, 2001) it was ruled that the use of a thermal imaging device to "look through walls" constituted a search under the Fourth Amendment and thus requires a search warrant. Scalia, Souter, Thomas, Ginsburg, and Breyer ruled with the majority; Stevens, Rehnquist, O'Connor, and Kennedy dissented.

Krone briefly mentioned the use of "see through your clothes" X-ray scanners, stating that six airports are using them today. This technology exists and is in TSA trials, and was actually tested at a Florida airport back in 2002. A newer, even more impressive technology is the new Tadar system unveiled in Germany in mid-October 2005.

He addressed RFIDs, and specifically RFIDs being added to U.S. passports in 2006, and some of the risks this may create (such as facilitating an electronic "American detector"). This is a real threat that has been partially addressed by adding a radio shielding to the passport to prevent the RFID from being read except when the passport is open. As Bruce Schneier notes, this is not a complete safeguard. Krone also stated that there is a California bill to put RFIDs in cars, with no commercial justification, just to "know where everyone is and what they have with them at all times." I'm not aware of the bill he is referring to, but the use of transponders in cars for billing purposes for toll roads is a possible commercial justification.

He spoke about the laser printer codes that uniquely identify all documents printed by certain laser printers, which have been in place for the last decade and were recently exposed by the Electronic Frontier Foundation and reported in this blog (Krone mistakenly called it the "Electronic Freedom Foundation," a common mistake). He also briefly alluded to steganography, which he wrongly described as "the art of hiding information in a picture." While hiding a message in a picture is one form of steganography, what is characteristic of steganography is that it is hiding a message in such a way as to disguise the fact that a message is even present.

He then went on to talk about Intel's AMT product--"Advanced Management Technology." This is a technology that allows computers to be remotely rebooted, have the console redirected, obtain various information out of NVRAM about what software is installed, and to load software updates remotely, even if the system is so messed up that the operating system won't boot. This is a technology that will be extremely useful for large corporations with a geographically dispersed work force and a small IT staff; there is similar technology from Sun Microsystems in their Sun Fire v20z and v40z servers which allows remote access via SSH to the server independent of the operating system, which allows console port and keyboard access, power cycling of the server, etc. This is technology with perfectly legitimate uses, allowing the owner of the machine to remotely deal with issues that would previously have required either physically going to the box or the expense of additional hardware such as a console server.

Krone described AMT in such a way as to omit all of the legitimate uses, portraying it as a technology that would be present on all new computers sold whether you like it or not, which would allow the government to turn your computer on remotely, bypass all operating system security software including a PC firewall, and take an image of your hard drive without your being able to do anything about it. This is essentially nonsensical fear-mongering--this technology is specifically designed for the owner of the system, not for the government, and there are plenty of mechanisms which could and should be used by anyone deploying such systems to prevent unauthorized parties from accessing their systems via such an out-of-band mechanism, including access control measures built into the mechanisms and hardware firewalls.

He then went on to talk about Digital Rights Management (DRM), a subject which has been in the news lately as a result of Sony BMG's DRM foibles. Krone stated that DRM is being applied to videos, files, etc., and stated that if he were to write a subversive document that the government wanted to suppress, it would be able to use DRM to shut off all access to that file. This has DRM backwards--DRM is used by intellectual property owners to restrict the use of their property in order to maximize the potential paying customer base. The DRM technologies for documents designed to shut off access are intended for functions such as allowing corporations to be able to guarantee electronic document destruction in accordance with their policies. This function is a protection of privacy, not an infringement upon it. Perhaps Krone intended to spell out a possible future like that feared by Autodesk founder John Walker in his paper "The Digital Imprimatur," where he worries that future technology will require documents published online to be certified by some authority that would have the power to revoke it (or revoke one's license to publish). While this is a potential long-term concern, the infrastructure that would allow such restrictions does not exist today. On the contrary, the Internet of today makes it virtually impossible to restrict the publication of undesired content.

Krone spoke about a large number of other topics, including Havenco, Echelon, Carnivore/DCS1000, web bugs and cookies, breathalyzers, fingerprints, DNA evidence, and so on. With regard to web bugs, cookies, and malware, he stated that his defense is not to use Windows, and to rely on open source software, because he can verify that the content and function of the software is legitimate. While I hate to add to the fear-mongering, this was a rare instance where Krone doesn't go far enough in his worrying. The widespread availability of source code doesn't actually guarantee the lack of backdoors in software for two reasons. First, the mere availability of eyeballs doesn't help secure software unless the eyeballs know what to look for. There have been numerous instances of major security holes persisting in actively maintained open source software for many years (wu-ftpd being a prime example). Second, and more significantly, as Ken Thompson showed in his classic paper "Reflections On Trusting Trust" (the possibility of which was first mentioned in Paul Karger and Roger Schell's "Multics Security Evaluation" paper), it is possible to build code into a compiler that will insert a backdoor into code whenever a certain sequence is found in the source. Further, because compilers are typically written in the same language that they compile, one can do this in such a way that it is bootstrapped into the compiler and is not visible in the compiler's source code, yet will always be inserted into any future compilers which are compiled with that compiler or its descendants. Once your compiler has been compromised, you can have backdoors that are inserted into your code without being directly in any source code.

Of the numerous other topics that Krone discussed or made reference to, there are three more instances I'd like to comment on: MRIs used as lie detectors at airport security checkpoints, FinCen's monitoring of financial transactions, and a presentation on Cisco security flaws at the DefCon hacker conference. In each case, Krone said things that were inaccurate.

Regarding MRIs, Krone spoke of the use of MRIs as lie detectors at airport security checkpoints as though they were already in place. The use of fMRI as a lie detection measure is something being studied at Temple University, but is not deployed anywhere--and it's hard to see how it would be practical as an airport security measure. Infoseek founder and Propel CEO Steve Kirsch proposed in 2001 using a brainscan recognition system to identify potential terrorists, but this doesn't seem to have been taken seriously. There is a voice-stress analyzer being tested as an airport security "lie detector" in Israel, but everything I've read about voice stress analysis is that it is even less reliable than polygraphs (which themselves are so unreliable that they are inadmissible as evidence in U.S. courts). (More interesting is a "stomach grumbling" lie detector...) (UPDATE March 27, 2006: Stu Krone says in the comments on this post that he never said that MRIs were being used as lie detectors at airport security checkpoints. I've verified from a recording of his talk that this is my mistake--he spoke only of fMRI as a tool in interrogation.)

Regarding FinCen, the U.S. Financial Crimes Enforcement Network, Krone made the claim that "FinCen monitors all transactions" and "keeps a complete database of all transactions," and that for purchases made with cash, law enforcement can issue a National Security Letter, including purchases of automobiles. This is a little bit confused--National Security Letters have nothing specifically to do with financial transactions per se, but are a controversial USA PATRIOT Act invention designed to give the FBI the ability to subpoena information without court approval. I support the ACLU's fight against National Security Letters, but they don't have anything to do with FinCen. Krone was probably confused by the fact that the USA PATRIOT Act also expanded the requirement that companies whose customers make large cash purchases (more than $10,000 in one transaction or in two or more related transactions) fill out a Form 8300 and file it with the IRS. Form 8300 data goes into FinCen's databases and is available to law enforcement, as I noted in my description of F/Sgt. Charles Cohen's presentation at the Economic Crime Summit I attended. It's simply not the case that FinCen maintains a database of all financial transactions.

Finally, Krone spoke of a presentation at the DefCon hacker conference in Las Vegas about Cisco router security. He said that he heard from a friend that another friend was to give a talk on this subject at DefCon, and that she (the speaker) had to be kept in hiding to avoid arrest from law enforcement in order to successfully give the talk. This is a highly distorted account of Michael Lynn's talk at the Black Hat Briefings which precede DefCon. Lynn, who was an employee of Internet Security Systems, found a remotely exploitable heap overflow vulnerability in the IOS software that runs on Cisco routers as part of his work at ISS. ISS had cold feet about the presentation, and told Lynn that he would be fired if he gave the talk, and Cisco also threatened him with legal action. He quit his job and delivered the talk anyway, and ended up being hired by Juniper Networks, a Cisco competitor. As of late July, Lynn was being investigated by the FBI regarding this issue, but he was not arrested nor in hiding prior to his talk, nor is he female.

I found Krone's talk to be quite a disappointment. Not only was it filled with careless inaccuracies, it presented nothing about how to defend one's privacy. He's right to point out that there are numerous threats to privacy and liberty that are based on technology, but there are also some amazing defensive mechanisms. Strong encryption products can be used to enhance privacy, the EFF's TOR onion routing mechanism is a way of preserving anonymity, the Free Network Project has built mechanisms for preventing censorship (though which are also subject to abuse).

A 1952 history of U.S. communications intelligence declassified

The March 1952 document "A Brief History of Communications Intelligence in the United States" by Captain Laurance F. Stafford, USN (Retired) has been declassified by the National Security Agency and released to the public. It was originally classified TOP SECRET SUEDE. The document is a 24-page PDF. The document tells the history of COMINT prior to Pearl Harbor, beginning with the entry of the U.S. into WWI, when Herbert O. Yardley set up MI-8, the "American Black Chamber" to do cryptology work. On a quick scan I didn't see anything that wouldn't already be familiar in broad strokes to readers of James Bamford's The Puzzle Palace or Body of Secrets, though there may be some details not previously public, such as the number of staff working on cryptography.