[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) News on Interntational Forum on Surveillance by Design

------- Forwarded message follows -------
Date sent:      	Wed, 27 Sep 2000 07:22:03 -0400 (EDT)
From:           	"P.J. Ponder" <ponder@freenet.tlh.fl.us>
To:             	cryptography@c2.net
Subject:        	News on Interntational Forum on Surveillance by Design (fwd)

This (rather long) message was posted to the Internet Societal Task
Force (ISTF) discussion list.  The ISTF has recently formed a
workgroup on privacy and security which is referred to as PAPSPI. 
Some of the material discussed at the symposium on surveillance might
be of interest to this list.

---------- Forwarded message ----------
Date: Mon, 25 Sep 2000 19:22:13 +0100
From: Christian de Larrinaga <cdel@firsthand.net>
Reply-To: ISTF Discussion <istf-participants@lyris.isoc.org>
To: ISTF Discussion <istf-participants@lyris.isoc.org>
Cc: "Davies,SG" <S.G.Davies@lse.ac.uk>
Subject: News on Interntational Forum on Surveillance by Design

Simon Davies and his  colleagues at the London School of Economics
provided an excellent day on Friday. I outline a brief and subjective

I was pleased to be joined during the day by ISTF colleague the newly
appointed chair to the PAPSPI Jonathan Robin.

This was an authoritative day long overview and discussion of the
state of surveillance on the Internet and telecommunications networks
with a number of noted experts in the field giving presentations.

Areas discussed are in the programme (copied below), although the
running order varied on the day.

Particular attention at the start was paid to the global picture of
interceptions by security services deployment of the Echelon network,
the French equivalent nicknamed "frenchelon" etc and many programmes
by governments around the world to establish satelllite evesdropping
technologies, undersea cable taps, microwave interceptions etc.  This
moved into more detailed information on national initiatives such as
Carnivore and the "little black box" of the RIP Act.  Vint's and other
submissions on inspecting Carnivore was not available at the
conference and I did not get an opportunity to submit.

Jon Crowcroft of UCL and the IETF / IAB gave an overview of the role
of the IETF and dismissed the ability of the security services to
intercept anything like the amount of traffic that the Internet is
producing let alone store it.

Duncan Campbell asked Jon whether this in his view hindered the
potential for governments to intercept in a more targetted way, for
instance by filtering for key headers, then for keywords etc until
only a very small subset of the original data flow is actually
intercepted and then stored. Jon Crowcroft admitted that that scenario
was feasible although the placement of intercepts on the Internet may
be routed around.

There was also an interesting talk by encryption expert Dr. Ross
Anderson of Cambridge University on the security regime and
comparisons of analogue, UMTS, G3 cellular which appeared to indicate
that the encryption regime of such networks is open to interception,
although to varying degrees.

The standards work of ETSI in particular came in for a considerable
critique so much so that their use of the word "user"  being
synonymous with "security service".  Many ETSI standards documents
were presented which revealed the level of backdoors for interception
built into ETSI based standards. This contrasted very strongly with
the IETF response to such security service requests -  No. The
rationale that backdoors to technologies create security weaknesses.
ETSI standards are so defined that they provide multi user
interceptions on the basis that no two agencies simultaneously
intercepting traffic are allowed to be capable of knowing the other is
listening too!

It might be noted (but wasn';t at the conference) that ETSI is one of
the standards organisations recognised as a "global" standards
organisation by ICANN.

This was followed by an exposition by Gus Hosein of the LSE and Betty
Shave of the Dept of Justice (USA) on the European Union Cybercrimes
consultation. There are issues for privacy and security of Internet
users and a potential impact on exsting human rights legislation in

ISOC England will be making a submission on this when the new draft
comes through. I would be happy to see a joining of forces on this to
make this a larger perhaps ECC or ISOC submission.

I had the honour to sit next to the mutli imprisoned Boris Putsinov
who is still speaking out for citizens rghts and who later gave a talk
on the Russian SORM programme.

There were also up to date analyses on the Dutch and British
intiatives at internal interception laws. The Dutch in particular are
preparing new draft laws which look very intrusive if enacted.

The session ended with the sponsors providing a commercial view of how
technology is providing answers to interception attempts.

Starium presented their encryption phone which promises global
protection with built in triple DES encryption. Zero Knowledge
presented an overview of their  proxy network technology which
provides an untraceable anonymous Internet underlay.

My comment

We continue to face a short term future of organised paranoia on the
part of governments and organisations.  Their determination to have
access to the information flows and data stores of our emerging
hyperspatial society is focussed on fear. Fear of losing control of
society, and society becoming subject to criminal behaviour.  This is
leading agencies to commit actual crimes by intercepting material to
which they are not allowed access. Sometimes this is inadvertent,
caused by ignorance and inappropriate technology models and sometimes
it is blatant and deliberate.

The idea of "privacy" is then subsumed by the need of the greater
good. We only have privacy until we turn up in a filter, or  until our
webserver is interrogated and indexed.

But answers are not being given to questions such as who is
responsible?, how do you seek redress? what sanctions can one have on
those who misuse intercepted material? What makes a fair and workable
law?  Indeed laws such as the UK RIP Act have been placed on the
statute book in defiance of technological reality, as well as privacy.

It is in anonymity that privacy can be protected and where technology
plays a role.  We are at the beginning of an arms race between privacy
activists and security agencies. I don't think this is a comfortable
long term situation. We need to find a societal resolution.

For ISTF and PAPSPI we have a challenge ahead which is to focus on the
need for privacy as a fundamental need for a successful business world
and for society globally.

It is clearly going to be difficult to convince government legislators
around the world of the relationship between a prosperous successful
safe society and the ability of its members to have privacy but it
needs to be done. We also need to point out to western governments
that their actions are being watched by other less sophisticated
governments who use the precedence to enact highly repressive

The first step is in us having access to information as to what is
happening and for this I am indebted to SImon Davies and colleagues at
the LSE for organising this event. The US Dept of Justice in
particular should be commended for attending. ALthough the Home Office
of the UK did not and this was a pity.  The second is to get to work.

best regards,

Christian de Larrinaga

International Forum on Surveillance by Design
A one day public meeting on the development of global surveillance
strategies for law enforcement and national security

The Old Theatre
The London School of Economics
Houghton Street
London  WC1A 2AE

9.15 Chairman's welcome and introduction
9.25 Setting the landscape of engagement. A overview of the main
players and key initiatives: Tony Bunyan (Statewatch) 9.45 Developing
the Telephone System Chair: Steve Wright (Omega Foundation) An
overview of global National Security arrangements: Wayne Madsen
(EPIC), Duncan Campbell (IPTV) The International Law Enforcement
Telecommunications Seminar: Tony Bunyan (Statewatch)

11.00 (De)Constructing Mobile Phone Security
Mobile phone fraud: Ross Anderson (Cambridge University)
European Telecom Standards and 'lawful interception'" in the age of
UMTS: Erich Moechel (Quintessenz, Austria)

11.30 BREAK
12.00 International collaboration
Chair: Barry Steinhardt (American Civil Liberties Union)
G8 and Council of Europe action: Betty Shave (US DoJ), Gus Hosein
(LSE) Global Protocols: Jon Crowcroft (IETF)

1.00 LUNCH
2.00 National initiatives
The Russian SORM system: Boris Pustinsev (Citizens Watch, Russia) The
Regulation of Investigatory Powers Act: Ian Brown (UCL) The
Netherlands interception arrangements: Maurice Wessling (Bits of

3.15 BREAK
3.45 Fighting for privacy
Chair: Ian Brown
Secure telephony: Eric Blossom (Starium)
Secure Internet communications: ZeroKnowledge
Privacy Risks of PKI: Stefan Brands (ZeroKnowledge)
Unlawful conduct and the FBI Carnivore system: Kurt Wimmer (Covington
and Burling)

4.45 Industry action
Chair: Gus Hosein
Peter Harter (Securify)
Stephanie Perrin (ZeroKnowledge Systems)

Christian de Larrinaga

------- End of forwarded message -------