1 / 33

Electronic Surveillance in the Snowden Age

Electronic Surveillance in the Snowden Age. Prof. Stephen B. Wicker School of ECE Cornell University. Nothing New Here! Mass Data Collection in 1876.

adonai
Télécharger la présentation

Electronic Surveillance in the Snowden Age

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Surveillance in the Snowden Age Prof. Stephen B. Wicker School of ECE Cornell University

  2. Nothing New Here!Mass Data Collection in 1876 • Congressional committee investigating real estate fraud seizes three-quarters of a ton of telegraph messages from the Atlantic and Pacific Telegraph Company • “Unconstitutional and indecent”! • New York Times, June 24, 1876 • Cites potential for blackmail

  3. Wiretaps Running Wild The practice of wiretapping or listening-in goes back as far as 1895. Originally it was done in a loose way on verbal request, and no record was made of it... Two years ago I decided that there ought to be some check to prevent its use becoming wild … it would do irreparable damage to the company. 1916 Testimony of John Swayze, General Counsel of the New York Telephone Company

  4. Mass Data Collection - 2014 • The NSA collects “metadata” on calls of every cellular subscriber in the United States • Edward Snowden: “the public needs to decide whether these programs and policies are right or wrong.”

  5. Why does the Government do this? Because it can… • Technical Issues • Centralized vs. End-to-End Architecture • Fateful Design Decisions • Legal Issues • 3rd Party Doctrine • Failure to account for new technology • Solutions • End-to-End Architecture • Unlicensed Spectrum • Open Source Devices

  6. TECHNICAL ISSUES:1876 - A Centralized Architecture • The first telephones were very simple • All of the brains resided in the network

  7. 2014 – Same Basic Approach Second Avenue Exchange, NYC Phones can dial and ring Services are controlled by the network

  8. Alternative:The End-to-End Architecture • Brains at the endpoints • A function or service should be carried out within a given layer only if it is needed by all clients of that layer, and it can be completely implemented in that layer.

  9. Real Differences… • Telephone 800 numbers • The network converts and connects • The handset never knows the real number • Internet Domain Names • The host uses DNS to resolve domain name • The host gets the real IP address and connects

  10. The Impact of Architecture on Innovation • Barbara van Schewick, Internet Architecture and Innovation • Centralized architecture • Innovation is more difficult • Can’t access equipment on which to run your software/interconnect your hardware • Only recourse: Try to sell your idea to a service provider… • End-to-end architecture • Easier to innovate • Deployment, testing done on local machines

  11. Impeding Innovation?The Carterphone Decision • AT&T attempts to block telephone connection to wireless modem • Acoustic connection • FCC gets its right (1968) • Opens door to FAX machines and modems

  12. Cellular Technology • An old idea (~1948), delayed by the FCC • Innovative use of spectrum • Add-on to existing infrastructure

  13. Cellular Convergence • ~ 6 billion cell phones in use today. • All major forms of modern electronic communication on one platform. • Texting (SMS), Email, Web-Browsing, iPod/Podcasts/Music, Games, Location-Based Services… • Major platform for speech of all types.

  14. Cellular is a Surveillance Technology • How do we route incoming calls to mobile users? • Cellular registration messages several times a minute. • What kind of data?

  15. LEGAL ISSUES:Content vs. Context • Metadata: data about data. Not very clear… Let’s use content and context instead. • Postal mail analogy: • Suppose you write and mail a letter to your Mother • The information in the letter itself is the content. • The information on the envelope is the context. • Your address • Mom’s address • Postmark • Location • Date • Context data is data about the context in which communication takes place.

  16. The Key Case (1976, 7-2):Miller v. United States • The facts: • Miller was a modern-day bootlegger – didn’t pay his taxes! • Bank records (checks, deposit slips) used to obtain warrant • No reasonable expectation of privacy in records held by third party • Applied Harlan test from Katz case • Justice Powell: The checks are not confidential communications, but negotiable instruments to be used in commercial transactions. All of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business. [Emphasis added]

  17. Application to Telephony:Smith v. Maryland (5-3, 1979) • The facts: • Smith was harassing a woman whose home he had robbed • Police placed a pen register at central office • Record numbers dialed by Smith • No violation of 4th amendment • Justice Blackmun: First, we doubt that people in general entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must "convey" phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed. • There is no expectation of privacy in the context of a communication

  18. The 3rd Party Doctrine • “… knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information.” Orin Kerr, “The Case for the Third- Party Doctrine,” Michigan Law Review, 2009 • The context information used by the network to facilitate communication is “knowingly revealed.” • Phone numbers, e-mail addresses, cellular location data (sort of), …

  19. Doctrine Embedded in Electronic Communications Privacy Act • Title I: Electronic Communications in Transit • Probable cause/Rule 41 Warrant • Title II: Stored Electronic Communication • “Specific and articulable facts" showing that the information is “relevant and material to an ongoing investigation” • Title III: Pen Register/Trap and Trace Devices • Certification that the information to be obtained is “relevant to an ongoing criminal investigation.

  20. Section 215 of the USA PATRIOT ACT • Amends ECPA • The FBI may require: • … the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities… • On this basis, the NSA collects all cellular phone records generated in the United States • The detailed legal justification is a secret

  21. Context Data Has Become Increasingly Revealing • By itself: • Networks of friends, acquaintances, medical, legal, supposedly anonymous sources… • Location data particularly revealing • In conjunction with other data: • Correlation attack: de-anonymize what would otherwise be anonymous

  22. Context Data in Context • Bob calls his wife on his cellphone. • “I’ll be home in an hour” • Content requires a warrant • Bob is calling from his mistress’ house • Context does not require a warrant • Which does Bob find the most revealing?

  23. The Societal Impact of Privacy Invasion • What’s the downside? • Frequent response: I have nothing to hide… • Others have thought this through a bit more deeply

  24. Jeremy Bentham (1748 – 1832) • English jurist, philosopher • Advocate of utilitarianism • Legal positivist – considered natural rights to be “nonsense on stilts” • Proposed the Panopticon as a means for reforming penal system.

  25. The Panopticon • A proposed prison in which the cells were arranged radially about a central tower. • The cells were backlit so that a guard in the tower could always see the prisoners, but the prisoners could never see the guards. “A new mode of obtaining power of mind over mind, in a quantity hitherto without example.”  Jeremy Bentham, The Panopticon Writings

  26. Michel Foucault and Societies of Discipline • Characterized the impact of the Panopticon's pervasive and undetectable surveillance as assuring “the automatic functioning of power” • Results in “docile bodies” - ideal for the regimented classrooms, factories, and military of the modern state “Hence the major effect of the Panopticon: to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power. ”  Michel Foucault, Discipline and Punish

  27. The Cellular Panopticon • The cellphone is the greatest platform for personal expression ever devised. • Surveillance channels the use of cellular technology into the innocuous and mundane.

  28. Enough is Enough • No public discussion of policy • Secret legal interpretations • Exploitation of technologies developed by others • Just because they can… • Destroying faith in service providers, Google, FaceBook, …

  29. Another Way • Surveillance-free cellular is attractive and feasible: • Unlicensed Spectrum • End-to-End Architecture • Public Key Crypto • Open-Source Development

  30. Unlicensed SpectrumCellular use of WiFi • Cellular service providers already offload data and voice through WiFi connections • Unlicensed Mobile Access (UMA)/GAN • Supports handoffs and incoming “calls”! • Can be exploited by unlicensed cellular devices

  31. End-to-End Cellular • Handset controls access, handoffs • Listens to nearby access points and towers, picks accordingly • Session Initiation Protocol (SIP) signaling used to request new IP addresses when needed • Handset controls channel selection • Code/Time Slot/Frequency • Contention resolution? • The individual controls his or her personal information • Interesting problems remain to be solved • End-to-end architecture leaves room for many, many problem solvers

  32. Transparent Equipment Design:Open Source Development • 1983 - Richard Stallman and GNU • General Public License (GPL) • 1991 – Linus Torvalds and Linux • There are Linux-based cellular handsets • They use Linux only for running application software • We need to get deeper (lower layers) • Complete open-source handset development would prevent inclusion of hidden software like Carrier IQ

  33. Conclusions • There is a growing market for cellular privacy • Technical solutions are available • Transparency and discussion can leave a role for law enforcement…

More Related