LCA: Jacob Appelbaum on surveillance and censorship
We live, Jacob said, in a surveillance society. We don't really live in
independent states anymore; instead, we live in different surveillance
cones on a surveillance planet. Increasingly, the world resembles the Panopticon, a prison
![[Jacob Appelbaum]](https://static.lwn.net/images/conf/2012/lca/JacobAppelbaum1-sm.jpg)
designed in 1786. Anybody who thinks otherwise need only look at, for
example, the widespread warrantless wiretapping of US citizens with AT&T's
help under (at least) the Bush administration. We are, indeed, being
watched.
There are a number of coping strategies that we all adopt in the face of this kind of surveillance, starting with the specious claim that "I have nothing to hide." The fact that the attendees decided to put clothes on before going to the conference that morning (a decision your editor, at least, much appreciates) demonstrates otherwise. Or we say that yes, people are watching, but bad things will never happen to us personally. Which is a fine position until something does happen.
The problem with this kind of surveillance structure, according to Jacob, is that "it attracts assholes." Once this machinery is put into place, it will be put to bad uses regardless of its original intent. For example, the "Echelon" spy network was put into place as part of the cold war, but it was also alleged to be used to, for example, funnel information to Boeing to be used to win aircraft orders.
Many (or most) countries allow for "lawful" interception of some communications by governments without a warrant. Traffic data for phone calls or text messaging, for example, falls under this umbrella. It's said not to be "content" that requires a warrant to access, but it still tells a story about a person and will be abused by governments. We need to make it harder for governments to get at this data.
But it gets worse. The switches at the core of the phone system and the Internet all have governmental backdoors built into them. Sometimes those backdoors are more widely used than intended; Jacob recommended reading The Athens Affair, an IEEE article about the use of surveillance backdoors to spy on the Greek government (and many others). These backdoors are an attractive target, to the point that the operators of these systems should think hard about what their lives are worth; the man in charge of planning the Greek Vodafone-Panafon network died suspiciously as the compromise of that network was discovered.
Jacob played a video advertisement for the "FinFly" device, meant to be installed in an Internet provider's equipment rack. The FinFly is a highly capable man-in-the-middle attack device, able to pick out traffic associated with specific targets, record it, and even install malware on the target's systems. This device, sadly, is built on top of the Backtrack-Linux distribution. Among its customers was the former government of Egypt, which used it against pro-democracy activists there. Jacob does not want to live in a world where governments can do things like that.
FinFly is just the beginning; there is a whole range of products designed to meet the needs of the surveillance state. Quite a bit of information about this particular area of commerce can be found in the Spyfiles release from WikiLeaks. There is a lot of money to be made in surveillance equipment, but the companies involved should be held culpable for the uses to which that equipment is put.
Pervasive surveillance allows the government to put together a picture about almost anybody. That picture is based on facts, but may still not be true. But it is useful for the purposes of control, enforcement of power structures, and harassment. Jacob knows that latter aspect well, having been detained several times, threatened with jail, and subjected to seizures of his electronic equipment.
Along with surveillance goes censorship - the determination by people in power that there are things they do not want others to know. Practices like Internet filtering are designed to promote ignorance and retain power. It's done in lot of different ways. There is the famous great firewall of China, which, he said, is more of a spider web catching those who try to stray beyond the boundaries. In the US, censorship is accomplished through "legal threats and illegal tactics." In Lebanon, the national firewall uses a version of squid - a good thing, Jacob said, since they haven't gotten around to patching it for a long time. In Syria, off-the-shelf products are used. And so on.
Not all censorship is equal, and it is often easy to bypass. But censorship, combined with surveillance, often leads to self-censorship. The net was not built to make us fear our own state, but that is what is happening. When a company like Google is frightened by a law like SOPA, we should all be scared; Richard Stallman's The Right to Read was not meant to be a manual. History has shown us over and over again that people with power will turn into thugs. The Stanford prison experiment also demonstrated that quite clearly. With so much experience in this area, why is it that we keep repeating the experiment?
![[Jacob Appelbaum]](https://static.lwn.net/images/conf/2012/lca/JacobAppelbaum2-sm.jpg)
The good news, according to Jacob, is that we have the power to change
things. And, in particular, we can challenge surveillance and censorship
with anonymity. The American revolution was fueled by anonymous pamphlets
that could be circulated without their authors ending up in prison. We
need the ability to distribute anonymous pamphlets in this century as well.
So what can we do? We need to reframe the issues so that freedom and openness come first. We need to observe - and report on - surveillance and censorship on the net. We should write more free software and get more people to use it, and everybody writing software should be thinking about their users' freedom and security. Free software needs to be free as in freedom, though; "open source for business" is not the same thing. He looks forward to the day when the only binary blob running on his system is the government rootkit.
Tor is one piece of the puzzle, certainly, but there are others. Jacob mentioned TextSecure, which allows encrypted text messaging between Android phones, as an important piece of freedom-related technology. He also called out FreedomBox, the GNOME project, the Ada Initiative (what does freedom mean, he asked, if half of our population is oppressed?), and the Electronic Frontier Foundation.
In the end, he said, it comes down to freedom for everybody - no exceptions. But that is not how the surveillance state works. Securing that freedom will require a dedication to open standards, open designs, free software, free hardware, and decentralization. We can, he said, push back the surveillance state and create for ourselves an accountable government and freedom for all.
[Your editor would like to thank the LCA 2012 organizers for assisting with
his travel to the event.]
| Index entries for this article | |
|---|---|
| Security | Privacy |
| Conference | linux.conf.au/2012 |
Posted Jan 26, 2012 6:05 UTC (Thu)
by gmaxwell (guest, #30048)
[Link]
He also called out OTR: Off-the-Record Messaging (http://www.cypherpunks.ca/otr/), a transport neutral IM encryption system with excellent usability properties as in important privacy tool, he even demoed it.
I thought this fit in well with the point he made about Free Software projects being able to enable features which empower the users, because one of the free software desktop groups has been pretty hostile towards OTR, instead promoting XMPP based XTLS certificate authenticated encryption in their own chat system. The XMPP/XTLS solution has all the wrong security and usability properties and as a result doesn't usefully empower the user.
I hope this point found the right audience at Linux.conf.au and will cause some people to reconsider their positions.
Posted Jan 26, 2012 6:08 UTC (Thu)
by gmaxwell (guest, #30048)
[Link]
Posted Jan 26, 2012 15:26 UTC (Thu)
by lacos (guest, #70616)
[Link] (10 responses)
This is a horrible idea. The community has been fighting this idea for years. See for example software that can be used to decrypt/rip DVDs. Or BitTorrent, which is technically able to distribute large amounts of data without regard to copying terms. Or even the Tor network, which can be used to protect political dissent, but also for nefarious things that violate human rights. Or see the eternal "kitchen knife" example.
It's only a tool. The "how" and the "what for" depend on the end-user.
... Second, regarding Tor itself, Tor needs exit nodes to function. I'm not insane to associate my residential IP address with *possibly* criminal activity.
Posted Jan 26, 2012 15:40 UTC (Thu)
by corbet (editor, #1)
[Link] (8 responses)
If I finally follow through on my childhood ambition to open up a roadside pipe bomb stand, can I really then say that I have no responsibility for what the end user does with my products? If I make equipment designed for wholesale spying by oppressive regimes - and I market and sell it to those regimes - is my position really different to the point that one should not even raise the question?
Posted Jan 26, 2012 16:20 UTC (Thu)
by cdmiller (guest, #2813)
[Link]
A concerned activist might be able to go after suppliers who violate the GPL with the surveillance equipment they sell...
Posted Jan 26, 2012 16:26 UTC (Thu)
by felixfix (subscriber, #242)
[Link] (2 responses)
Explosives are only tools, used extensively in mining for instance. No matter how well protected, it is sometimes stolen and used to rob banks or blow up cars. Would you ban all explosives? Would you charge those whose explosives were stolen with the crimes committed?
Guns have many uses; estimates range up to 2.5 million times a year in the US when someone uses a gun to deter crime, such as home burglaries or gay bashing, and my own limited experience with friends and neighbors thinks this might be low, altho it's anybody's guess how many of these deterred crimes would have actually happened. Those hoplophobes who hate guns would sue gun manufacturers when a gun is used for evil; but they ignore the good uses.
Cars are used in crimes, so are phones, bicycles, airplanes and boats, and we may as well get silly and throw in shoes and clothing and even food. Does anyone really need a car which can go as fast as 90% of the cars sold today? Should we take the really fast cheap ones, the "muscle" cars, off the market as being too commonly used for crimes such as speeding?
Governments make noises from time to time of banning pre-paid cell phones because they are hard to track and too often (by government standards) used by criminals. Should we ban all those?
Cash is awful, for government spying ends. The classic criminal tool is not guns or fast cars; it is a briefcase full of cash. You never see bad guys paying each other with checks or credit cards. Arguably cash is the most common crime tool and enabler. Should we ban cash?
Posted Jan 26, 2012 17:33 UTC (Thu)
by corbet (editor, #1)
[Link] (1 responses)
Assuming the latter, doesn't it make sense to ask which side of the line a device like FinFly stands on?
Again, I am aware of the dangers of this discussion. To have some government decree that free software and general-purpose computers are tools for hacking and infringement that should be banned is not even remotely unimaginable. I hope I don't have to say that I would be opposed to anything along those lines. But we'll not head off that prospect by refusing to discuss the culpability of those who make tools that are explicitly designed and marketed for illegal and immoral purposes. Indeed, I fear that there is a good chance that we could make it more likely.
Posted Jan 26, 2012 17:43 UTC (Thu)
by felixfix (subscriber, #242)
[Link]
Posted Jan 26, 2012 17:50 UTC (Thu)
by lacos (guest, #70616)
[Link]
Provided there are no other uses, you could consider them some kind of "weapon". Weapons are strictly regulated. So, regulate all these tools strictly as well. Tie them to a warrant or other authorization that's required for sting operations.
If someone in law enforcement pulls the trigger, there's an investigation afterwards. The manufacturer is *never* investigated; their responsibility probably ends with sticking to the sanctioned distribution channels. And there are cases when use of "lethal force" (ie. use of the "tool") is justified, even when the only purpose of the tool is to do harm.
If this process (or legal framework), which I did a horrible job to describe, works for *real* weapons, it should be good enough for wiretaps. If companies can manufacture arms and governments can sell them abroad, I don't think it would be *proportionate* to hold surveillance equipment manufacturers *more* responsible for 3rd party use of their products, especially if their distribution channels are strictly regulated.
Posted Jan 26, 2012 20:36 UTC (Thu)
by dlang (guest, #313)
[Link]
Posted Jan 26, 2012 21:28 UTC (Thu)
by cmccabe (guest, #60281)
[Link] (1 responses)
The question you have to ask before passing any law-- or making anything a crime-- is what the real-world consequences will be. Having laws that are overly broad like "you should be a good person" doesn't lead to more good people; it just leads to abuses of the law.
Making the writers of software responsible for every bad thing the users did would not lead to more moral people; it would just lead to fewer software writers.
Personally I find David Brin's ideas about the transparent society pretty interesting. I don't think the clock can be turned back on at least certain forms of surveillance.
Posted Jan 26, 2012 22:11 UTC (Thu)
by corbet (editor, #1)
[Link]
Posted Jan 30, 2012 6:28 UTC (Mon)
by obi (guest, #5784)
[Link]
I find it difficult to accept how people are able to put their individual conscience/ethics/morals/standards on hold when working for a company, in the name of "being professional". I don't think a business should be excused for doing a faustian deal so to speak, just because it's work.
So my takeaway is that while the tools are indeed neutral and inherently amoral, it's only right that the companies and governments that use them are scrutinized and held to a high standard.
That's how I read the line:
Posted Jan 26, 2012 15:31 UTC (Thu)
by mjthayer (guest, #39183)
[Link] (6 responses)
The problems of government surveillance of private communication are pretty clear. I wonder though whether or to what extent LWN readers think that technological surveillance for purposes of law enforcement can be acceptable?
Posted Jan 26, 2012 15:37 UTC (Thu)
by felixfix (subscriber, #242)
[Link] (5 responses)
It's the same as people who distribute software with licenses forbidding it being used for military purposes. The US Coast Guard rescues boaters and swimmers, but it also intercepts drug and people smugglers, and all is done with military tech. Police forces uses military equipment, not only for drug raids, but to rescue kidnap hostages.
The world can't be divided up like that.
Posted Jan 26, 2012 18:44 UTC (Thu)
by RobSeace (subscriber, #4435)
[Link] (4 responses)
I think it's not the USE you need pay attention to so much as the INTENT of the authors... If they write a tool clearly DESIGNED for evil and market it as such, then I have no problem going after them... We go after people who write viruses and botnets, don't we? But, we don't, and we shouldn't, go after people who write general purpose tools with no ill intent, which just happen to end up being used for evil... Things like tor and freenet quite likely end up used more often for illegal (and often downright evil) purposes than they are for good, but that doesn't mean they were intended for such use or marketed for such use... Now, if they were instead called "Lawbreaker" and "ChildPornNet", and their blurbs talked about how great they were for hiding your illegal activities and protect you from getting caught, THEN I'd say go after them...
Of course, that may lead to authors keeping things at a nudge-nudge, wink-wink level of promoting, but not really, illegal uses of the tool... And, I'm just fine with that... To be honest, stuff like nmap, nessus, metasploit, etc. kind of fall into this category... Yes, they all have perfectly legit uses, but I think the authors know quite well they're not always being used by the good guys, and I'm not sure they really mind that much... But, I think they're great tools, and wouldn't want to see them ever go away... However, if they were more open in marketing them as "illegal hacking tools" instead of "authorized pen-testing tools", I'd have more of a problem with them... *shrug*
Posted Jan 26, 2012 18:58 UTC (Thu)
by felixfix (subscriber, #242)
[Link] (3 responses)
The world is too full of bureaucrats quibbling over these kinds of details as it is. Look at the recent US Supreme Court quibble over police attaching a GPS tracker to a car and monitoring to for 4 weeks. The standard ought to be that if I can't do it to the police, they can't do it to me without a warrant. Instead, the judges quibble over whether the car was parked on the street, in a driveway, in the garage, what the difference is between brief and long term and whether that even matters, and whether the attachment itself is a search or seizure or both or neither.
That kind of quibbling is fine for lawyers arguing theoreticals, but it's a losing proposition for real world practicality.
Posted Jan 26, 2012 19:45 UTC (Thu)
by RobSeace (subscriber, #4435)
[Link] (2 responses)
Well, you can start with how their marketed... In the alcohol example, are the sellers saying, "Use this to treat your wounds", or "Use this on the sabbath to celebrate the lord", or "Use this to get drunk off your ass! Woohoo!"? It's pretty simple, really... (Not that I think this is at all a good example, since I find none of those 3 uses objectionable, and none of them should ever be illegal...)
If someone says, "Buy this security camera to protect your property", or "Buy this camera to monitor your baby", that's one thing... However, if they say, "Buy this camera to illegally spy on women in the bathroom! It's specially designed to be hidden from view, so your victims will never notice it!", that's very different, and their intent is quite clear...
I'm not saying we even try to go after the vague cases... There need not be any debating over intent... If they're not directly and actively marketing it for nefarious uses, then leave them alone... But, if they ARE, why not go after them?
Posted Jan 26, 2012 20:42 UTC (Thu)
by dlang (guest, #313)
[Link] (1 responses)
and marketed by who? by the creator to the wholesaler, from the wholesaler to the retail store? or from the store to the consumer?
what if the same product is marketed in multiple ways?
if you just go by marketing, then just about all cars would be banned as the advertisements show them driving at illegal speeds (or does fine print in the advertisement satisfy you, and what does that do to your 'marketing test'?
Posted Jan 26, 2012 21:14 UTC (Thu)
by RobSeace (subscriber, #4435)
[Link]
Then, it's the equivalent of marketing something as a generic tool with no specific marketed use, which if perfectly fine... (Again, I still really hate this example, because it's sort of implying there's any "wrong" use of alcohol, which I strongly disagree with...)
> what if the same product is marketed in multiple ways?
Then, how about you go after the ones specifically encouraging the illegal uses and marketing it for those specific uses? If someone repackaged "metasploit" say, as "ScriptKiddiesHelper", and actively marketed it to script kiddies for the express use of illegally cracking into hosts, I'd have no problem with them being stopped or even arrested, since they're actively promoting illegal behavior... That doesn't mean they should go after metasploit itself, however!
Remember, the example that started all this from the article was about a company that was specifically marketing a device to repressive governments that allows them to spy on their citizens and place malware on their machines... I don't think there's anything wrong with going after them... They are obviously soulless scum... But, that doesn't mean whatever software they're using underneath for this nefarious use should be gotten rid of... For instance, it says they're at least using Linux; but, Linux itself isn't marketed for such use...
> if you just go by marketing, then just about all cars would be banned as
I do think such commercials are pretty stupid, really... But, I don't know if you can say they're really marketting the cars for illegal use, either... Even without the fine-print disclaimers, excessive speed isn't necessarily always illegal... On the Autobahn, on a race track, on a private road, you can go any speed you like... Not to mention, most people see speeding as one of those 'minor' semi-crimes, like jaywalking, which everyone does and no one really cares about... It's not seen as "evil" or immoral, really...
Posted Jan 26, 2012 18:04 UTC (Thu)
by debacle (subscriber, #7114)
[Link] (1 responses)
Does anybody know where to get a binary (apk) for trying it out? I found a link to Google market, but I don't have/want an account there. For "real life use" it's certainly better to use the source from github anyway.
Posted Jan 27, 2012 19:35 UTC (Fri)
by rillian (subscriber, #11344)
[Link]
Posted Jan 27, 2012 1:18 UTC (Fri)
by giraffedata (guest, #1954)
[Link] (2 responses)
I'll stand by my claim that I have nothing to hide. The only reason I put on clothes, aside from warmth, is out of consideration for others.
But even to the extent that I do value privacy, I feel oppressed enough by crime that I would give up more privacy than I already have if it means the criminals also give it up and are thereby less able to victimize me. And I believe it usually does.
If, for example, there were two airports - one with full body scanning, rifling through bags, and checking of databases and one without - I would fly out of the former.
Posted Jan 27, 2012 10:25 UTC (Fri)
by fb (guest, #53265)
[Link] (1 responses)
If, for example, there were two airports - one with full body scanning, rifling through bags, and checking of databases and one without - I would fly out of the former.
I think you ought to ask the same question to someone whose looks or background, makes that person one who in practice gets to always be randomly selected for special screening. (I am obviously assuming you are not frequently "randomly" selected for such).
Perhaps you are comfortable with such police state airport because you are confident that should there be abuse, it would be very unlikely to be against you?
Posted Jan 27, 2012 16:20 UTC (Fri)
by giraffedata (guest, #1954)
[Link]
No, because I am hypothesizing a system where I suffer the same invasion of privacy as everyone else. And incidentally, I do think such a system is possible.
Posted Jan 27, 2012 2:45 UTC (Fri)
by ras (subscriber, #33059)
[Link] (1 responses)
Australian is currently engaged in a huge project to replace the last mile of its telecoms infrastructure. Currently it is copper wires that were designed to carry 4 KHz analogue for about 5 kilometres max. It is being replaced with fibre currently running at 3 Gbps or so, which can run 15 kilometres. This will means our current telephone exchanges will become landfill, and all our analogue voice will become VOIP - SIP in fact. The exchanges are being replaced with something called a Point of Interconnect (POI), which is fancy name for a building containing a cluster of routers and switch terminating the fibre. If you want to look at it in a different way, whereas today the internet runs over infrastructure built for the telephone network, under the NBN the telephone network will run on top of infrastructure designed from the ground up to carry IP packets.
The relevance of all this is all of the 120 POI's will have a LEA (Law Enforcement Agency) rack. The LEA rack will be able to look at every bit flowing through the POI, should they so wish. Since just about all information Australian's send and receive will flow through the POI's, this means the LEA's will have access to everything Australian citizens do electronically. Clearly they won't need an ISP's permission or cooperation to tap all into any of it. In fact it will be unlikely anybody but the LEA's will even be aware of the extent of their taping.
No one runs about publicising this, but equally no great effort is made to hide it either. Certainly you don't need to take photographs to prove it is happening. Unlike the NSA / AT&T taps, it is common knowledge in certain circles in Australia. The reason it hasn't raised much comment is it just more of the same - most exchanges in Australia have LEA racks now. Every line serviceman knows it, because if a customer complains about line quality and they see what could be a LEA they have a procedure to follow which includes not telling the customer what the cause of their problems is. So the change the NBN brings isn't regulatory, its just technological.
Nonetheless that technological change is large. Whereas before when someone wanted to tap something a work order had to be raised for a far away location, now it just requires an instruction from a central location to flip a few bits. Whereas before it required some effort to get the resulting data from the interception point to the LEA, now it can just flow from relatively few connection points (the 120 POI's), and can be sent over internet trunks that connect them. In other words the effort needed to put in a tap will drop, the amount of data they can collect will go up, and the number of people who will be aware or what is going on will drop. And in all cases, the size of the change will be orders of magnitude.
Yes, the telecom's infrastructure Australia is currently going through a inflection point which means we Ozzie's will be afflicted with the effects of this before most. But given the rate of technological change everywhere, I can't imagine the rest of the world will be too many years behind. This isn't an Australia specific thing.
So the thing that disappointed me from Jacob's talk was for all the alarm it arose in some, the "get photographs" comment was indicative of Jacob missing the shear scale of the change in the level of surveillance that is about to engulf us. Taking photographs won't alter it, or slow it, or even reveal more information about it than we already have now. I find it a little alarming that one of more strident commentators we have on the subject seems to have underestimated the scope of what he is commenting on.
Posted Jan 27, 2012 5:05 UTC (Fri)
by gmaxwell (guest, #30048)
[Link]
There is something visceral about photographs that turn these abstract concepts into something real for a lot of people. Not just "here is a hypothetical risk" and "watch out for black helicopters" but "this is real, it represents an enormous investment, and here is proof".
Even when the facts and figures, even the designs, are readily available, its really the photographs that make it real for people. This is why no notable networking kit vendor sells products using datasheets without pictures of the gear— even though the pictures are mostly irrelevant since you'll hardly see it once installed.
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
I understand where you're coming from here, but... If it's "only" a tool designed to be installed at ISPs, intercept communications, and inject malware into target users' systems, to what other uses could it be put?
Only a tool
Only a tool
Only a tool
Is the example contrived? Is it really more black-and-white than "if it's a tool, it's OK to make regardless of its intent"? If you say "tools are tools, no exceptions" you have to accept examples like that. Either the pipe bomb stand is OK, or there are some "tools" whose existence you are unwilling to tolerate.
Only a tool
Only a tool
Only a tool
> communications, and inject malware into target users' systems, to what
> other uses could it be put?
Only a tool
There's a difference between being legally culpable and morally responsible.Only a tool
I agree on that difference. I honestly don't know if Jacob was saying that manufacturers of surveillance equipment should be legally sanctioned for their acts. "Culpable" ("guilty" or "blameworthy") does not necessarily imply that. Saying that somebody shares the blame for an evil act is not the same as sending in the SWAT team.
Only a tool
LCA: Jacob Appelbaum on surveillance and censorship
"... but the companies involved should be held culpable for the uses to which that equipment is put."
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
> religious alcohol, and recreational alcohol? How do you differentiate baby
> monitors and spycams? How do you differentiate debugging tools, routers,
> firewalls, and censorship / spying?
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
> the advertisements show them driving at illegal speeds (or does fine
> print in the advertisement satisfy you, and what does that do to your
> 'marketing test'?
LCA: Jacob Appelbaum on TextSecure
LCA: Jacob Appelbaum on TextSecure
LCA: Jacob Appelbaum on surveillance and censorship
... the specious claim that "I have nothing to hide." The fact that the attendees decided to put clothes on before going to the conference that morning
But even to the extent that I do value privacy, I feel oppressed enough by crime that I would give up more privacy than I already have if it means the criminals also give it up and are thereby less able to victimize me. And I believe it usually does.
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship
Perhaps you are comfortable with such police state airport because you
are confident that should there be abuse, it would be very unlikely to
be against you?
LCA: Jacob Appelbaum on surveillance and censorship
LCA: Jacob Appelbaum on surveillance and censorship