foo.be/_posts/2014-03-02-Eavesdropping_of_Internet.markdown

45 lines
5 KiB
Markdown
Raw Permalink Normal View History

2016-05-05 13:11:53 +00:00
---
layout: post
title: "Eavesdropping of Internet - What Can We Do? A Revolution?"
date: 2014-03-02 18:52:21
categories: infosec
---
# Eavesdropping of Internet - What Can We Do? A Revolution?
Alexandre Dulaunoy <a@foo.be>
**version 1 - 2014-03-02**
In the past months, facts have been accumulating about the existence of constant eavesdropping on Internet. Not only targeted eavesdropping but the general and large scale interception of electronic communications. The various revelation from the selected leaks from Edward Snowden is maybe just the tip of the iceberg (the perspective of a single national intelligence entity based in the US and their direct partners).
- What about the other intelligence organisations (e.g. just the check the list of operational (and known) intelligence agencies[^1])?
- What about the private organizations (e.g. ISP targeted advertising doing interception like Phorm[^2]?
- Or any organized groups doing eavesdropping of electronic communications for various reasons (e.g. News international was the most notorious[^3]).
[![Driving From B to G]({{ site.baseurl }}/assets/interception.jpg)](https://www.flickr.com/photos/adulau/10381598453/)
What is currently proposed? Stacking new laws? Signing new agreement between intelligence agencies? Creating a new motion for resolution like [EU did for Echelon in 2001](http://cryptome.org/echelon-ep-fin.htm). And nothing changed? Eavesdropping is even much more active than it was ten years ago.
A solution is maybe mentioned in the [Unabomber manifesto](http://www.washingtonpost.com/wp-srv/national/longterm/unabomber/manifesto.text.htm). The solution seems to be a bit radical after a first reading.
>"130. Technology advances with great rapidity and threatens freedom at many different points at the same time (crowding, rules and regulations, increasing dependence of individuals on large organizations, propaganda and other psychological techniques, genetic engineering, invasion of privacy through surveillance devices and computers, etc.). To hold back any ONE of the threats to freedom would require a long and difficult social struggle. Those who want to protect freedom are overwhelmed by the sheer number of new attacks and the rapidity with which they develop, hence they become apathetic and no longer resist. To fight each of the threats separately would be futile. Success can be hoped for only by fighting the technological system as a whole; but that is revolution, not reform."
>-- <cite>[INDUSTRIAL SOCIETY AND ITS FUTURE](https://archive.org/stream/IndustrialSocietyAndItsFuture-TheUnabombersManifesto/IndustrialSocietyAndItsFuture-theUnabombersManifesto_djvu.txt) Ted kaczynski</cite>
Fighting the threats might be futile like creating new laws that intelligence agencies will subvert[^4]. It is clearly not the path we would like to try again. A revolution in technology can have different forms but against the case of interception from electronic communication, we have already the [cypherpunk](http://www.activism.net/cypherpunk/manifesto.html) created in late eighties. The movement did some important achievement by providing a good ground of free cryptographic tools and removing the legal boundaries of using cryptography[^5].
Now why all the internet users or private organizations are not adopting cryptography after the recent revelations? Just because the threat seems so distant for them that they don't bother to adopt cryptography. What would be the way to "force" everyone to use more crypto? Is there a technique to move the threat closer to all the Internet users? Maybe and it's a kind of revolution:
> *Legalize and promote eavesdropping on electronic communication for everyone.*
My point is the following. If the number of eavesdroppers increase and the number of public techniques are publicized, it will render the threat more real to the users. Then it will increase the people to use countermeasures to protect their electronic communication. Knowing your enemies and his techniques is a source to gain better information on how to design more resilient system to interception.
This is maybe a wrong path but until now, the other solutions were unsuccessful.
[^1]: [List of (known) intelligence agencies](http://en.wikipedia.org/wiki/List_of_intelligence_agencies)
[^2]: [Phorm - interception and advertising](http://www.fipr.org/080423phormlegal.pdf)
[^3]: [News International phone hacking scandal](http://en.wikipedia.org/wiki/News_International_phone_hacking_scandal)
[^4]: [FISA updated to match the interception practices](http://en.wikipedia.org/wiki/Foreign_Intelligence_Surveillance_Act_of_1978_Amendments_Act_of_2008)
[^5]: Cypherpunks deplore regulations on cryptography, for encryption is fundamentally a private act. The act of encryption, in fact, removes information from the public realm. Even laws against cryptography reach only so far as a nation's border and the arm of its violence. Cryptography will ineluctably spread over the whole globe, and with it the anonymous transactions systems that it makes possible.