University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science January 2008 Risking Communications Security: Potential Hazards of the Protect America Act Steven M. Bellovin Columbia University Matthew A. Blaze University of Pennsylvania, [email protected] Whitefield Diffee Sun Microsystems Susan Landau Sun Microsystems Peter G. Neumann SRI International Follow this and additional works at: https://repository.upenn.edu/cis_papers See next page for additional authors Recommended Citation Steven M. Bellovin, Matthew A. Blaze, Whitefield Diffee, Susan Landau, Peter G. Neumann, and Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act", . January 2008. Copyright 2008 IEEE. Reprinted from IEEE Security and Privacy Magazine, Volume 6, Issue 1, January 2008, pages 24-33. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to [email protected]. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. This paper is posted at ScholarlyCommons. https://repository.upenn.edu/cis_papers/368 For more information, please contact [email protected]. Risking Communications Security: Potential Hazards of the Protect America Act Abstract A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents. Keywords protect America act, US wiretap law, civil liberties, surveillance, wiretapping Comments Copyright 2008 IEEE. Reprinted from IEEE Security and Privacy Magazine, Volume 6, Issue 1, January 2008, pages 24-33. This material is posted here with permission of the IEEE. Such permission of the IEEE does not in any way imply IEEE endorsement of any of the University of Pennsylvania's products or services. Internal or personal use of this material is permitted. However, permission to reprint/republish this material for advertising or promotional purposes or for creating new collective works for resale or redistribution must be obtained from the IEEE by writing to [email protected]. By choosing to view this document, you agree to all provisions of the copyright laws protecting it. Author(s) Steven M. Bellovin, Matthew A. Blaze, Whitefield Diffee, Susan Landau, Peter G. Neumann, and Jennifer Rexford This journal article is available at ScholarlyCommons: https://repository.upenn.edu/cis_papers/368 Communications Security Risking Communications Security: Potential Hazards of the Protect America Act A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents. STEVEN M. n August 2007, United States’ wiretapping of Greece and BELLOVIN law changed: the new Protect America Act Italy make clear Columbia permits warrantless foreign-intelligence wire- that the same issues occur internationally. University tapping from within the US of any communi- Ications believed to include a party located outside Background MATT BLAZE it. US systems for foreign intelligence surveillance The combination of data sources may make this sur- University of located outside the United States minimize access to veillance more powerful—and create more risk—than Pennsylvania the traffic of US persons by virtue of their location. was intended. We start with background on legal and The new act could lead to surveillance on an unprec- policy issues, then technical concerns; this extensive WHITFIELD edented scale that will unavoidably intercept some background is necessary because architecture matters DIFFIE AND purely domestic communications. A civil liberties a lot, and in subtle ways. SUSAN LANDAU concern is whether the act puts Americans at risk of Sun spurious—and invasive—surveillance by their own Legal and policy issues Microsystems government, whereas the security concern is wheth- US wiretap law has a long and complex history. (See er the new law puts Americans at risk of illegitimate the sidebar, “US wiretap law,” for a summary; other PETER G. surveillance by others. work has more details.3) Briefly, there are different NEUMANN Building surveillance technologies into commu- standards and procedures for criminal versus national SRI nication networks is risky. The Greeks learned this security wiretaps; in the latter case, so-called Foreign International lesson the hard way; two years ago, they discovered Intelligence Surveillance Act (FISA) warrants can be that legally installed wiretapping software in a cell- issued for specific circumstances: JENNIFER phone network had been surreptitiously enabled by REXFORD parties unknown, resulting in the wiretapping of • any person in the US communicating via wire (the Princeton more than 100 senior members of the government for word “wire” includes fiber optics); University almost a year.1 Things are not much better in Italy, • a US person (including US citizens, permanent where a number of Telecom Italia employees have residents, and US corporations)4 in the US whether been arrested for illegal wiretapping (with attempts communicating via wire or radio; and at blackmail).2 • any person in the US communicating via radio with In this article, we focus on security, not civil liber- people, all of whom are also in the US5 (the rules ties. If the intercept system is to work, it is important are, in fact, even more complicated, but this is suf- that the surveillance architecture not decrease the se- ficient for our purposes). curity of the US communications networks. Although we are writing about a US law and its consequences Warrants are generally not needed to intercept radio for the security of US communications, the examples communications. 24 PUBLISHED BY THE IEEE COMPUTER SOCIETY n 1540-7993/07/$25.00 © 2007 IEEE n IEEE SECURITY & PRIVACY Communications Security The Protect America Act (Public Law No. 110-55) happens at a radio, a fiber splitter, a tap on a wire, or a dropped the warrant requirement for communica- tap in a telephone switch. Collection is the process of tions (over any medium) of US persons located in the recording signals for consideration. Recorded signals United States with persons “reasonably believed to be can be kept briefly or for very long periods. located outside the United States.”6 Modern commu- Processing is shorthand for selecting the informa- nications technology—mobile phones, WiFi, and the tion you want (and filtering out what you don’t). As Internet—often make it difficult to discern whether in any learning process, if you can find information communication is from a location inside or outside at all, you often have too much of it and must extract the US, so the question is on what basis communica- what interests you from what doesn’t. This is where tions will be collected. In other words, there is an im- the choice of architecture is significant, both in terms portant distinction between the requirements of the of minimizing data collection and in determining law and what can be done with available technology. how the combination of data sources is used. We re- Much of the motivation for changes to FISA arises turn to this point later. from the geography of the world’s communications Increasingly, communications are IP-based. The infrastructure combined with recent changes to tele- Internet is the interconnection of many networks, communications technology. The US is a major hub and these connections occur in various ways. For the in our communication-centered world, giving the largest networks, these form at peering connections: National Security Agency (NSA), which is the US interconnections between administratively separate signals intelligence agency, significant opportunities domains (such as ISPs). for access to transit traffic. International communications enter the US by There are numerous reasons for US centrality in satellite, terrestrial microwave, older copper cable, the world’s communications systems. One is cost: the and newer fiber optic cable. There are roughly 25 US is the world’s leading economy, and fiber optic cable heads in the US. (This is an estimate based on cables—how modern wired communications travel— Telegeography’s “Global Communications Cable and have been built installed between the US and overseas. Satellite Map 2002,” which shows four cable heads With their economies of scale, these cables enable US on the Atlantic Coast and five on the Pacific. There providers to underbid regional carriers—for example, are at least an additional five each coming terrestrially much of South America transits its traffic through from Canada and Mexico.) At the cable head, incom- Miami. Another reason is politics, which can lead to ing signals split in several ways. First, the signals are strange communication paths. For many years, com- sent
Details
-
File Typepdf
-
Upload Time-
-
Content LanguagesEnglish
-
Upload UserAnonymous/Not logged-in
-
File Pages12 Page
-
File Size-