The surveillance arms race
Just what is excessive?
Computers, Freedom, and Privacy Surveillance breeds more surveillance. That seems to be the primary message from the first day of this year's Computers, Freedom, and Privacy conference, held this week in Montreal.
The theme of the conference is "autonomy", one of those vanishing luxuries.
Lawyer Eugene Oscapella uses the war on drugs as an example. This effort provides the justification for all sorts of surveillance, from surprise school sweeps covering kids all the way down to kindergarten, to sending sniffer dogs through hotel rooms (besides airports, bus stations, and ferries), to dawn raids by police in full body armour and carrying machine guns. And the official explanation given after a failed bust? Policing is not an exact science.
Is flying over a house with a forward looking Infra-Red camera, as in the case of R v Tessling, invasive?
Since 2001, however, the war on drugs has been fuelling the War on Terror via the claim that terrorists are funded by the drug trade - and also by getting people used to being watched and searched. "The normalisation of extraordinary powers."
Some of that watching is being done by your own devices, as Simson Garfinkel explained in a discussion of computer forensics. Mobile phones are not standardised, so there is tension between law enforcement agencies, which want everything to be easy to read, and mobile phone companies, which may regard the inner workings of their designs as proprietary information. One English company has, however, come up with a scheme for reading mobile phone data directly from the SIM, bypassing the inconveniences of incompatible plugs and operating systems entirely.
Forensics breeds anti-forensics, so tools keep being developed to evade detection, disrupt the collection of information, and waste the examiner's time. For more, see the forensics wiki.
One interesting sideline: Garfinkel debunked the widespread belief that it's impossible to erase data from a hard drive in a single pass. On modern hard drives, he said, there's no evidence that you can't, and the National Institute of Standards (NIST) said in 2006 that a single pass is sufficient. But people just don't believe it.
Just as people also don't believe that the apparently contentless, impersonal information about who they contact and when is often actually more valuable to law enforcement than the content everyone tries so hard to protect. Using traffic data (such as the location data from mobile phones, or the pattern of calls or email correspondence) George Danezis figured that you could infer status, relationships, and much else. Computational sociology suggests that surveilling around six per cent of nodes can - if you pick the right six per cent - give you information about nearly 100 per cent of the entire network. Selection is the key, and traffic data makes it possible to pick that correct six per cent.
This is, of course, not how law enforcement has been working in the UK or elsewhere. Instead, they tend to take the Humphrey Appleby view that they must know everything, and so we get laws requiring data retention. If it doesn't work, we'd better do more of it. ®
Sponsored: Network DDoS protection