Internet Surveillance

█ LARRY GILMAN

Internet surveillance is the monitoring of Internet data traffic for information useful to government authorities.

Targeted content may be illegal (e.g., child pornography), politically suspect (e.g., human-rights websites accessed by citizens living under authoritarian regimes), or evidential (e.g., e-mails or voice messages exchanged by suspects). Because the volume of information passing through the Internet is large, Internet surveillance generally requires a software component that scans for selected patterns of text, speech, addressing, or usage, and which flags items of interest for inspection by a human operator. Countermeasures against Internet surveillance include avoidance of the Internet as a means of communication, the establishment of Internet aliases that conceal users' identities, and encryption.

Levels of Internet surveillance. Internet surveillance may target individuals, local networks, or Internet traffic in bulk. Surveillance of individual users (or, rather, of individual electronic addresses, which may actually have more than one user) is analogous to traditional telephone wiretapping: a law-enforcement agency, intelligence agency, or other surveillant first gains physical access to one or more computers through which the Internet traffic of a suspect party passes. Using specialized hardware and software, the surveillant then scans all data traffic passing to and from the targeted party. Some or all of that traffic may be recorded by the surveillant for later use. All transmissions, recorded or not, are allowed to continue on to their intended destinations so that the surveillance remains secret.

Surveillance systems have been proposed recently that would scan Internet content and usage patterns in bulk, not user-by-user. For example, in December 2002 the President's Critical Infrastructure Protection Board released a report entitled "The National Strategy to Secure Cyberspace" ( http://www.whitehouse.gov/pcipb/ ). This report urged the creation of a centralized computer system to monitor the Internet. Such monitoring might, the paper said, be restricted to the analysis of network usage patterns (e.g., a wave of e-mails possibly indicating the spread of a new computer virus via the Internet), rather than being empowered to examine message content. Non-content information that might be gleaned by such a surveillance system includes the source and destination addresses of e-mails, the electronic addresses of websites visited by various persons, or the electronic addresses of persons visiting various websites. However, it would probably be impractical to build a high-level monitoring system that did not provide, at least potentially, access to individual users' information.

Uses and abuses. Many governments are interested in Internet surveillance, whether to fight crime and terrorism, monitor the political speech of their citizens, or both. For example, immediately after the terrorist attacks of September 11, 2001, the British government asked British Internet service providers (ISPs) to temporarily record all their users' Internet traffic, hoping that clues to the attacks might be preserved. Various authoritarian governments block access to certain websites or spy on users to enforce political conformity, including the governments of Laos, Myanmar, Saudi Arabia, Syria, the United Arab Emirates, and Yemen. China monitors public Internet use for political keywords such as "June 4" (the date of the 1989 prodemocracy protests in Tiananmen Square, which the Chinese government violently suppressed), and maintains "public security bureaus" around the country to monitor Internet traffic. As of February 2003, China has jailed at least 33 people for forbidden Internet use of a political nature, including downloading of articles from foreign pro-democracy websites. In the U.S. and many other countries it is illegal for the government to spy on citizens' nonviolent political activities, whether via Internet surveillance or by other means; however, there is evidence that these laws have been tested in the past and, some experts argue, might be broken even more readily using powerful, impossible-to-detect Internet surveillance tools such as are already in use or technically feasible. The topic of Internet surveillance is thus fraught with political controversy.

In 2002, for example, the U.S. Defense Advanced Research Projects Agency (DARPA)—the same branch of the Pentagon that created the beginnings of the Internet—proposed an ambitious Internet surveillance system termed Total Information Awareness (TIA). TIA would, according to DARPA, not only allow access to the content of virtually the whole Internet, but would enable the government to integrate that information with data gained by virtually any other means: wiretaps, criminal and other public records, on-line shopping habits, credit-card use, auto-mated tollbooth data, cell-phone calling records, and so on. TIA bids for information omniscience.

However, the TIA proposal met instant protest from across the political spectrum, and in January 2003 the U.S. Senate voted restrictions on its development and deployment. Development of TIA cannot, the Senate has said, continue unless the president certifies that halting it "would endanger the national security of the United States." (As of this writing, the president has not yet made any such certification.) The political future of TIA is therefore doubtful; there is, however, little doubt about its technical feasibility.

In a similar vein, the U.S. National Security Agency (NSA), whose official mission is eavesdropping on communications outside the U.S. and across its borders and which has a bigger budget than the Central Intelligence Agency, is thought by some analysts to already have a system ("Echelon") that can scan Internet message traffic for nonencrypted keywords. Since other governments certainly possess such software, there cannot be any technical obstacles to its development by the NSA; however, as of February 2003 the existence of Echelon remains unconfirmed.

In the meantime, the U.S. Federal Bureau of Investigation (FBI) routinely employs the Carnivore program for Internet surveillance of individuals. Carnivore, whose use has been publicly acknowledged by the FBI since June 2000, is classified as a "high-speed packet sniffer" (a term explained below). It is part of a larger surveillance toolbox called the Dragonware Suite. Dragonware is comprised of three software tools: Carnivore, Packeteer, and Coolminer. No public information about Packeteer and Coolminer is available, but some experts assert that these programs organize the information collected by Carnivore and analyze it for various patterns (probably under the guidance of human users).

What "Carnivore" does. Binary information streaming over the Internet is organized into "packets." Each packet is a collection of bits containing both message content and information about where it has come from and where it is going to. Data to be transmitted over the Internet are thus not sent as a continuous stream of 1s and 0s over dedicated channels, but as a blizzard of tiny, independent messages (packets) that may follow different paths to their final destination. They are reassembled at the receiving party's ISP before final transmission to the user over a dedicated line (e.g., a telephone line). A packet sniffer examines ("sniffs") every packet being handled by an ISP to see if its source or destination are on a target list of electronic addresses. The packet sniffer may be set either to simply record all packets meeting these criteria or to further examine each packet to see if its content matches court-mandated search guidelines (e.g., mention of bombs, drugs, insider trading). If a packet's content does not match search-order guidelines, it is not recorded. Alternatively, the packet sniffer may ignore content altogether, recording only routing information (source and destination addresses).

Use of Carnivore is governed by the Electronic Communications Privacy Act of 1994 (ECPA) and by the federal law governing wiretaps, the Wire and Electronic Communications Interception and Interception of Oral Communications Act (also known as Title III). These laws state that officials need to obtain a search warrant from a court in order to look at stored digital data such as e-mails held in memory by an ISP or the contents of a user's hard drive. They also state that a court order must be obtained before a program such as Carnivore can be used to monitor communications in real time (e-mails in transit, for example). There are several kinds of court orders authorizing Internet surveillance, each allowing different information to be collected: (1) a content wiretap allows the recording of all information in packets that meet certain criteria (e.g., mention of a specific activity or person); (2) a trap-and-trace wiretap allows the FBI only to record information about destinations and websites visited, not content; (3) a pen register wiretap, like a trap-and-trace in reverse, determines where e-mail received by the suspect party has come from, what the electronic addresses are of parties that access the suspect's website, and so forth. Again, a pen register wiretap is not authorized to record content.

Controversy. Like almost any technical tool, Internet surveillance can be used for both legitimate and illegitimate purposes. Unfortunately, all official organizations, in all countries, declare that they are legitimate and that the individuals they surveil are dangerous criminals. In the U.S., the FBI and DARPA defend Internet surveillance tools like Carnivore and TIA by pointing out that they are only supposed to be used as authorized by a federal court (in the case of Carnivore) or to preserve national security (in the case of the proposed TIA program). According to the FBI, "The ability of law enforcement agencies to conduct lawful electronic surveillance of the communications of its criminal subjects represents one of the most important capabilities for acquiring evidence to prevent serious criminal behavior." John Poindexter, head of the Information Awareness Office (part of DARPA), which is developing TIA, says that the U.S. needs TIA because "[w]e must be able to detect, classify, identify, and track terrorists so that we may understand their plans and act to prevent them from being executed."

Critics such as the American Civil Liberties Union argue that what the FBI and the intelligence agencies are supposed to do is not always the same as what they have done; there is a long public record of potentially illegal political surveillance of U.S. citizens by U.S. police and government organizations. Therefore, critics argue, certain tools—especially those that would make it possible to filter the Internet transactions of thousands or millions of people simultaneously—should not even be developed, whereas those with lesser capabilities, such as Carnivore, should operate under more severe restrictions than they presently do.

█ FURTHER READING:

PERIODICALS:

Lee, Jennifer. "Guerilla Warfare, Waged with Code." New York Times. October 10, 2002.

Markoff, John, and John Schwartz. "Bush Administration to Propose System for Monitoring Internet." New York Times. December 20, 2002.

McCullagh, Declan. "FBI Agents Soon May Be Able to Spy on Internet Users Legally Without a Court Order." New York Times. September 14, 2001.

ELECTRONIC:

Poindexter, John. "Overview of the Information Awareness Office." Defense Advanced Research Projects Agency. August 2, 2002. < http://www.fas.org/irp/agency/dod/poindexter.html > (Jan. 28, 2003).

SEE ALSO

Cyber Security