Surveillance or Security?
Digital communications are the lifeblood of modern society. We “meet up” online, tweet our reactions millions of times a day, connect through social networking rather than in person. Large portions of business and commerce have moved to the Web, and much of our critical infrastructure, including the electric power grid, is controlled online. This reliance on information systems leaves us highly exposed and vulnerable to cyberattack. Despite this, U.S. law enforcement and national security policy remain firmly focused on wiretapping and surveillance. But, as cybersecurity expert Susan Landau argues in Surveillance or Security? , the old surveillance paradigms do not easily fit the new technologies. By embedding eavesdropping mechanisms into communication technology itself, we are building tools that could be turned against us.
Such attacks have already happened. Law-enforcement wiretapping capabilities built into the Greek Vodafone network were subverted and used to listen in to communications at the highest levels of the Greek government; a system built for wiretapping Internet-based communications was shown to have serious flaws that would allow a similar subversion. Landau argues that in embarking on an unprecedented effort to build surveillance capabilities deeply into communications infrastructure, the U.S. government is opting for short-term security and creating dangerous long-term risks.
Landau describes what makes communications security hard, warrantless wiretapping and the role of electronic surveillance in the war on terror, the economic threats posed by electronic spying, and the risks created by embedding wiretapping into communications networks. How can we get communications security right? Landau offers a set of principles to govern wiretap policy that will allow us to protect our national security as well as our freedom.
About the Author
Susan Landau is a privacy analyst at Google. She was previously a Distinguished Engineer at Sun Microsystems, and has been a faculty member at the University of Massachusetts at Amherst and at Wesleyan University.
Landau has been a Guggenheim fellow, a fellow at the Radcliffe Institute for Advanced Study, and is a fellow of the American Association for the advancement of Science and the Association for Computing Machinery.
Table of Contents
- Surveillance or Security?
- Surveillance or Security?
- The Risks Posed by New Wiretapping Technologies
- Susan Landau
- The MIT Press
- Cambridge, Massachusetts
- London, England
- © 2010
- Massachusetts Institute of Technology
- All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from the publisher.
- For information about special quantity discounts, please email special_sales@mitpress .mit.edu
- This book was set in Stone Sans and Stone Serif by Toppan Best-set Premedia Limited. Printed and bound in the United States of America.
- Library of Congress Cataloging-in-Publication Data
- Landau, Susan Eva.
- Surveillance or security? : the risks posed by new wiretapping technologies / Susan Landau.
- p. cm.
- Includes bibliographical references and index.
- ISBN 978-0-262-01530-1 (hardcover : alk. paper) 1. Telecommunication—Security measures—United States. 2. Wiretapping—United States. 3. Data encryption (Computer science)—Government policy—United States. 4. Electronic surveillance—Political aspects—United States. 5. Computer crimes—Risk assessment—United States. I. Title.
- TK5102.85.L36 2011
- 10 9 8 7 6 5 4 3 2 1
- This book is dedicated to Daniel, Emmy, and Ellie.
- Author’s Note ix
- Preface xi
- Acknowledgments xv
- 1 Introduction 1
- 2 Communication Networks and Their Architectures 13
- 3 Securing the Internet Is Difficult 37
- 4 Wiretaps and the Law 65
- 5 The Effectiveness of Wiretapping 97
- 6 Evolving Communications Technologies 123
- 7 Who Are the Intruders? What Are They Targeting? 145
- 8 Security Risks Arising from Wiretapping Technology 175
- 9 Policy Risks Arising from Wiretapping 203
- 10 Communication during Crises 225
- 11 Getting Communications Security Right 233
- Epilogue 255
- Notes 257
- Bibliography 339
- Index 345
“Landau's well-researched writing is a superb resource for the citizen who wants to be an informed participant in the civil rights debate that is succinctly summarized in the title.”—Hilarie Orman, IEEE Cipher
“An extremely important book. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner This book is the definitive text on the topic and it is a title that needs to be read.”—Ben Rothke, Slashdot
“Susan Landau has taken an exceptionally complex but vital subject and presented it in a clear and compelling way. The ability of a citizen to securely communicate with her peers lies at the heart of the rule of law. Landau demonstrates the necessity of protecting that right amidst the technological changes that can greatly alter the balance of power between citizens and governments.”
—Jonathan Zittrain, Professor of Law and Professor of Computer Science, Harvard University; author, The Future of the InternetAnd How to Stop It
“By carefully explaining the ways in which excessive surveillance can undermine security, this informative and provocative book turns on its head the traditional--and misleading--assumption that national security and civil liberties must always be balanced against each other, as if they were mutually exclusive objectives on opposite sides of the scale. Landau demonstrates a rare and extremely valuable combination of both technical expertise and policy savvy, and the material is presented in way that is accessible for the general public yet specific enough to guide policymakers in Congress and the Executive branch--for whom it should be required reading. I have been working in the national security arena for over 25 years, and following cybersecurity issues for nearly 15 years, and still found in this book fresh insights and new information that will make a valuable contribution to the important policy debates at the intersection of privacy and security.”
—Suzanne E. Spaulding, Bingham McCutchen, LLP; former Assistant General Counsel, C.I.A.; former Executive Director, National Commission on Terrorism
“Governments have been trying to control the Internet since the early 1990s, when they realized that it would change everything and they didn't understand how. Much of the 1990s was spent on the Crypto Wars, as governments tried to control surveillance online. One of the veterans, Susan Landau, gives us a perspective on where the battle lines are now and where surveillance is likely to go in the future.”
—Ross J. Anderson, Professor of Security Engineering, University of Cambridge
2012 Surveillance Studies Book Prize awarded by the Surveillance Studies Network.