Infrastructure vulnerabilities

Governments want to spy on their citizens for all sorts of reasons. Some countries do it to help solve crimes or to try to find “terrorists” before they act.

Others do it to find and arrest reporters or dissidents. Some only target individuals, others attempt to spy on everyone all the time.

Many countries spy on the citizens of other countries: for reasons of national security, for advantages in trade negotiations, or to steal intellectual property.

None of this is new. What is new, however, is how easy it has all become. Computers naturally produce data about their activities, which means they’re constantly producing surveillance data about us as we interact with them.

Corporations are doing it for their own purposes; collecting and using this data has become the dominant business model of the internet.

Less discussed is how many of these same surveillance techniques are used by other - smaller and poorer - more totalitarian countries to spy on political opponents, dissidents, human rights defenders; the press in Toronto has documented some of the many abuses, by countries like Ethiopia, the UAE, Iran, Syria, Kazakhstan, Sudan, Ecuador, Malaysia, and         China.

That these countries can use network surveillance technologies to violate human rights is a shame on the world, and there’s a lot of blame to go around.

IMSI catchers are fake mobile phone towers. They allow someone to impersonate a cell network and collect information about phones in the vicinity of the device and they’re used to create lists of people who were at a particular event or near a particular location.

IP intercept systems are used to eavesdrop on what people do on the internet. Unlike the surveillance that happens at the sites you visit, by companies like Facebook and Google, this surveillance happens at the point where your computer connects to the internet. Here, someone can eavesdrop on everything you do.

This system also exploits existing vulnerabilities in the underlying internet communications protocols. Most of the traffic between your computer and the internet is unencrypted, and what is encrypted is often vulnerable to man-in-the-middle attacks because of insecurities in both the internet protocols and the encryption protocols that protect it.

There are many other examples. What they all have in common is that they are vulnerabilities in our underlying digital communications systems that allow someone - whether it’s a country’s secret police, a rival national intelligence organisation, or criminal group - to break or bypass what security there is and spy on the users of these systems.

These insecurities exist for two reasons. First, they were designed in an era where computer hardware was expensive and inaccessibility was a reasonable proxy for security. The second reason is that governments use these surveillance capabilities for their own purposes. The FBI    has used IMSI-catchers for years to investigate crimes.

That we allow people to remain insecure and vulnerable is both wrongheaded and dangerous.

Earlier this month, two American legislators - Senator Ron Wyden and Rep Ted Lieu - sent a letter to the chairman of the Federal Communications Commission, demanding that he do something about the country’s insecure telecommunications infrastructure.

Wyden and Lieu make the point that fixing these vulnerabilities is a matter of US national security, but it’s also a matter of international human rights. All modern communications technologies are global, and anything the US does to improve its own security will also improve security worldwide.

 

This piece has been excerpted from: ‘Infrastructure vulnerabilities make surveillance easy’ 

Courtesy: Aljazeera.com