Surveillance Said to Trump Privacy in Communications Systems
Few European firms build privacy-enhancing technologies (PETs) into their data technology infrastructures, although data protection law encourages it, officials said. “The state of deployment of most privacy-enhancing technologies is not brilliant,” George Danezis, a fellow in computer security and industrial cryptography at the Katholieke U. Leuven, Netherlands, said: “I'm struggling to think of a company… that is really rolling them out.” In fact, he said, far from designing such elements into their networks, many communications companies opt to install surveillance capabilities or crippled security systems.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Privacy enhancement tools traditionally are defined as software programs Internet users can employ to hide their true identities, said an April U.K. Information Comr.’s Office guidance. In “PETs: Your New Best Friends,” the office redefined them as “any technology that which exists to protect or enhance an individual’s privacy.”
Surveillance, not privacy protection, is incorporated into GSM, WiFi and VoIP systems, Danezis said. Surveillance capabilities occupy 2 categories -- absence of, or crippled security features, and those facilitating lawful-in-theory interception, he said. In the 1980s, when GSM debuted, it used weak cryptography and a security system disabled to let the technology be used outside Europe, Danezis said. The encryption only protects a communication in the air, leaving voice and data moving on mobile operators’ backbones clear and interceptable at will, he said. In 2001, media queries found national govts. to be lobbying standards bodies to build interfaces into networking equipment to permit easy diversion of data for interception, he said.
WiFi “is slightly less of a scandal,” Danezis said. As with other 1990s-era products incorporating cryptography, WiFi routers were required to provide security at 2 levels high for domestic use and lower for export overseas. The export version is “trivial to break;” the stronger version, also insecure, can be hacked “quite efficiently,” he said.
VoIP vs. CALEA
These days most VoIP protocols don’t use encryption, Danezis said. Skype advertises that it does, but doesn’t give the public details it could use to gauge the system’s impregnability, he said. Moreover, the FCC has ordered VoIP providers to comply with the Communications Assistance for Law Enforcement Act (CALEA). “Huge” reluctance to build encryption into VoIP comes from all sides, Danezis said. Security boosts developers’ workload, and their products’ cost. Communications services providers now need to comply with CALEA and allow for interception. Police agencies have strong incentives to fight deployment of hardened encryption solutions, as do foreign intelligence agencies, he said.
“No one forces anyone to do anything, but they make sure that the standards that have been traditionally set by very large telcos never provide appropriate security properties,” Danezis said. But that’s changing as VoIP standards are set by Internet standardization bodies such as the Internet Engineering Task Force, he said.
The FCC application of CALEA to VoIP has ramifications abroad, said Susan Landau, Sun Microsystems Labs engineer. The law mandates that digitally-switched telephone networks be wiretap-accessible, she said: “There is no one way of doing voice over the Internet. The remarkable thing about the Internet is the flexibility of its architecture.” The only way to get 100% wiretapping capability is to “subvert network protects,” Landau said. Building surveillance into networks will help bad guys as well as good, Landau said. Since Internet protocols govern the entire Internet, CALEA’s impact on VoIP will be universal, putting Internet security and privacy at risk worldwide, she said.
‘Virtually No Interest in PETs’
Some firms are rolling out the technologies. Microsoft uses PETs globally in-house and for consumers, said Caspar Bowden, chief privacy officer for Europe, the Middle East & Africa. IBM, Yahoo and others use PETs to encrypt e-mail or let consumers prove attributes such as age without revealing more personal data, Danezis said.
Tor, an anonymous Internet communication system, uses open source software to enable reporters to correspond in confidence with sources, and keep websites from tracking users and their families. This month, a N.Y. Times report discussed Zfone, a free Windows software that excrypts computer-to-computer VoIP communications.
But lack of awareness and enthusiasm have kept PET from seeing more widespread use, experts said. “I have seen virtually no interest in deploying PETs from U.K. companies,” Bowden said. He attributed that to weak U.K. data protection law, “which not only fails to provide incentives for use of PETs, but actually was deliberately crafted with large loopholes to leave certain kinds of data without legal protection.”
Neither users nor authorities understand PETs and users don’t want to buy them, said Ian Brown, senior research mgr. at the Cambridge-MIT Institute. During the .com boom, firms pitched PETs but sales tanked, he said. Zfone’s inventor released Pretty Good Privacy for e-mail in 1991 “and that is still only used by a small percentage of the population,” despite the software being free, Brown said.
Most firms want data on customers so they can charge more, said Ross Anderson, of the Cambridge U. Computer Lab. But there are exceptions. Phone firms and ISPs generally don’t want to know what clients are saying; filtering content could cost them their common carrier status and make them liable, he said. And communications services providers building defenses against child porn will be sued by music labels for stopping benign downloads, he said: “Everyone else will follow and the cost and complexity will become insupportable.” Industry zeal for guarding client privacy is being whittled at by data retention requirements and the U.S.’s push for access to VoIP traffic, Anderson said.
Stronger PETs Under Development
Unbreakable encryption systems now in existence could enhance communications, Danezis said, by providing: (1) End- to-end confidentiality. (2) Integrity that keeps anyone from fiddling with content. (3) Authentication of the parties communicating. And two more security properties are also possible. Forward secrecy allows secret material used to decrypt a communication to be destroyed forever, Danezis said. And plausible deniability prevents anyone from proving any part of a communication to a 3rd party.
Danezis’s team is developing strong, inexpensive PETs to enhance security. One will thwart attempts at traffic analysis -- “Alice can call Bob, but no 3rd party can tell that Alice and Bob are talking to each other,” he said. An “unobservability” PET will hide the fact that Alice is active in a particular network. “Location privacy” will mean no 3rd party, even a mobile service provider, will know Alice is at a given location. “We can guarantee some important security properties for users, and we are working on securing others,” Danezis said: “None of these technologies have been satisfactorily deployed yet.”