In one of those snide comments that only people worth hundreds of millions of dollars are capable of making with any credibility, Scott McNealy, CEO of Sun Microsystems, dismissed the whole privacy controversy with: “Get over it.
Glib? Cynical? Prophetic?
Any faint hope that the right to privacy would survive the digital era has now been shattered by “Interception Capabilities 2000,” a new report to the European Parliament’s Science and Technology Options Assessment Panel.
“IC2000” is an eye-popping report; its shock value has been diminished only by the publication last year of “Appraisal of the Technologies of Political Control,” another STOA study that touched on the main subject of this new analysis: communications-interception capabilities.
Let’s cut to the chase: “Comint (communications intelligence) equipment currently available has the capability, as tasked, to intercept, process and analyze every modern type of high-capacity communications system to which access is obtained, including the highest levels of the Internet. … The scale, capacity and speed of some systems is difficult to fully comprehend. Special-purpose systems have been built to process pager messages, cellular mobile radio and new satellites.”
The institutional backbone of this global vacuum cleaner is the intelligence agencies of the Anglo-Saxon world. The U.S. National Security Agency and its British counterpart, GCHQ, agreed in 1947 to coordinate global communications intelligence gathering. Similar agencies in Canada, Australia and New Zealand later joined the arrangement, which is known as ECHELON.
During the Cold War, Soviet communications were the chief target: Land lines, sea lines, cable, radio, microwave and satellite communications were tapped or intercepted. Naturally, attempts to target the bad guys sucked up a lot of other extraneous information. Most of it was discarded.
Nowadays, that stuff has other uses. The Soviets are gone, and intelligence agencies are looking to justify their existence. One lucrative option is commercial espionage: helping businesses struggling with the demands of globalization. IC2000 provides examples of communications intercepts used to further business interests: NSA transcripts detailed attempted bribes of a Saudi official by Airbus executives; the NSA also listened to talks between Japanese officials during the 1995 auto negotiations with the U.S.
For all the talk of a telecommunications revolution, intelligence collection has kept pace. As the report notes, “The U.S. can, if it chooses, direct space collection systems to intercept mobile communications signals and microwave city-to-city traffic anywhere on the planet.”
(An acquaintance who worked at NSA figures the agency will stay ahead of the game: Much of today’s cutting-edge technology was introduced there decades ago.)
The Internet is part of the sweep. The U.K. Defense Evaluation and Research Agency has a 1-terabyte database that contains the last 90 days of Usenet messages. The report quotes a former NSA employee as saying that by 1995 the agency had installed “sniffer” software to collect traffic at nine major Internet exchange points.
Everything gets swept up; the hard part is separating valuable material from phone calls to Uncle Sid and Aunt Betty. To do that, engineers developed “Dictionary” computers that processed information by looking for keywords.
One machine can handle 1,000 simultaneous voice channels and automatically extract fax, data and voice traffic. IC2000 explains that “an analyzer can record, playback and analyze at data rates up to 2.488 Gbps, 16 times faster than the largest backbone links in general use on the Internet, larger than the telephone capacity of any current communications satellite, and equivalent to 40,000 simultaneous telephone calls.”
It gets better.
Also during the Cold War, the NSA managed to establish a relationship with Crypto AG, which provided code and cipher systems to governments. Since the company was Swiss, it was assumed to be neutral and its products could be trusted. Not exactly.
The NSA had contacts within the company and managed to rig its innards so that the agency could read all the traffic that used the machines.
That heady success led to equally ambitious — and successful — efforts to compromise other software. The agency went to Microsoft, Netscape and Lotus and “the companies agreed to adapt their software to reduce the level of security provided to users outside the U.S.”
Lotus built a trapdoor into its Notes system that helped the NSA. A company spokesman explained to a Swedish newspaper that “the difference between the American Notes version and the export version lies in degrees of encryption. We deliver 64-bit keys to all customers, but 24 bits of those in the version that we deliver outside of the U.S. are deposited with the American government.”
According to IC2000, similar gimmicks are in the Microsoft and Netscape Web browsers: “Each uses a standard 128-bit key. In the export version, this key is not reduced in length. Instead, 88 bits of the key are broadcast with each message; 40 bits remain secret. It follows that almost every computer in Europe has, as a built-in standard feature, an NSA work-factor reduction system to enable NSA (alone) to break the user’s code and read secure messages.”
What are our options? Encrypt — or go low-tech. As the IC2000 report explains, “Perversely handwritten fax messages may be a secure form of communication.” The first option doesn’t feel too reassuring after hearing about the browser trapdoors; the second is unlikely.
Privacy: Consider it gone.