Monday, October 22, 2007

Nothing to Hide or Much to Lose

When people question police authority to search them without probable cause, eavesdrop on their phone conversations, or data mine their lives via private databases filled with government and private data, the law enforcement and politically conservative argument is, "If you have done nothing wrong, then you have nothing to hide". By their own argument then, why is the government trying to make eavesdropping on international phone calls and Internet traffic permanent and secret? Why is the government asking that the telecoms be granted immunity from prosecution for helping the government eavesdrop on their own customers? Sounds like the telecoms and the government have something to hide. None of this sounds like responsible government or business to me, yet few people seem outraged.


I think its a complicated and new field John which is always going to be frustrating.

The fight against Islamic terrorism is both foreign and domestic in the US and in most other Western countries (like Australia).

Foreign and domestic calls are mixed up digitally so even attempts to just track foreign calls will impinge on the domestic. Active carrier and ISP cooperation (eg running software programs and allowing hardware backdoors) is important or worse things than invaded privacy will happen - noting some bombings averted by wiretaps in London, Germany and France etc.


We had FISA which was designed to address the need for eavesdropping while hopefully preventing the abuses that went on with the Nixon Administration. The telecoms have lawyers who should be knowledgeable in communications law and they should be able to tell what's allowed and what's not allowed when the government requests records and such. If the government made legitimate requests, then the telecoms have nothing to worry about. If the telecoms were coerced, they have some slack there I suppose. But if they didn't do due diligence, didn't question any requests, and willingly did as requested without the proper paperwork as required by law including the use of National Security Letters, then they are probably in trouble. There should be a way for them to defend some actions in court if they were given a National Security Letter, but blanket immunity opens the door to even more abuses, less transparency, and the beginnings of a police state. There were more terrorist incidents going on during the 1960s and 1970s. The only difference was that terrorists hadn't thought of using the planes themselves as weapons. The question democracies need to ask themselves is how much freedom do we give up if we choose to fight these thugs? If we have no measure of the abuses as well as the successes of eavesdropping, then how can we make effective policy decisions and laws that will stop terrorism without those laws encompassing other areas of our lives. Eavesdropping doesn't just happen to terrorists and likely they glean all sorts of intelligence that can be used by various law enforcement agencies for other crimes as well. Just because a tenth of a per cent of bad people use phones, cell, and sat phones doesn't justify blanket monitoring of all phones does it? The police have ways to narrow down their requests. I suppose I am concerned about motives and mission creep. Once you give people a tool they can use without any oversight, you are opening up the possibility that that tool will be abused.

I didn't even address the technical aspects. If the calls are VOIP, voice over IP, every IP packet header will have a session ID number, a source and destination address, etc. Each packet is like a sequentially numbered envelope with a sender and receiver address. This is how packets are routed and reassembled at their destinations. Now, if the datastreams from the transocean cables and such are being sniffed, every packet is going into some sort of database to be searched at a later time. How long that data is retained, or stored is also of interest. You would want to narrow down what you collect to save storage space and increase your signal to noise ratio, but if money and storage isn't a problem, then filtering might not be considered. Capturing all the data entering and leaving an organization gives you a vast amount of data. Too much for any human to assimilate, but it allows one to reconstruct whole events after they have happened. The problem is finding those specific events in all that data.

Scale up the problem to a country such as the US. Say 3 billion people are connected to the global Internet via computer, PDA, and cell phone. Let's say you have 500,000 insurgents or potential insurgents to worry about. That's 0.000166 of the connected population. Roughly 1 in 6,000 people/calls. If the insurgents are primarily Middle Eastern, and localized geographically, the frequency of interception will go up quite a bit, but if say 100 make it to the US as sleepers, then the frequency of interception will drop a thousandfold to 3.33EE10^-7. Your efficiency drops to 1 in 3,000,000 people/calls assuming that the bad guys use their phones at the rate of the national average. Try to pick that out, especially if they are smart and call a European number that then forwards to a Middle Eastern number, or worse, they use a hacked PBX at the local Police department to call the Middle East. Are military, government, and law enforcement numbers automatically filtered from the database as false positives? Of course, you are going to focus on the Middle East, especially Pakistan to increase your chances of intercepting the bad guys. But then you have to have Arabic translators listen to the recordings unless they have a computer translate in real time and the talkers aren't using a code like the Navajo did during WWII. It's a mess.

So, I guess what I'm saying is that it seems that FISA should be able to handle the eavesdrop requests at least on our end. Why the need for blanket wire taps unless people are being very sloppy and there's no filtering or crosschecking of the numbers to eliminate false positives?

Post a Comment

Links to this post:

Create a Link

<< Home

This page is powered by Blogger. Isn't yours?