From: Poomjit Sirawongprasert <poomjit@gmail.com>
Date: ส.ค. 15, 2009 11:35 หลังเที่ยง
Subject: [netizen] Fwd: Bruce Schneier on Building in Surveillance into Internet
To: Thai Netizen Network <thainetizen@googlegroups.com>
From: Robin Gross <robin@ipjustice.org>
Date: Sat, Aug 15, 2009 at 11:04 PM
Subject: Bruce Schneier on Building in Surveillance into Internet
To: NCUC-DISCUSS@listserv.syr.edu
Begin forwarded message:
Date: August 15, 2009 7:33:56 AM PDTSubject: [IRP] Building in Surveillance
Building in SurveillanceCrypto-Gram NewsletterBruce SchneierChief Security Technology Officer, BT
China is the world's most successful Internet censor. While the GreatFirewall of China isn't perfect, it effectively limits information flowingin and out of the country. But now the Chinese government is taking thingsone step further.
Under a requirement taking effect soon, every computer sold in China willhave to contain the Green Dam Youth Escort software package. Ostensibly apornography filter, it is government spyware that will watch every citizenon the Internet.
Green Dam has many uses. It can police a list of forbidden Web sites. Itcan monitor a user's reading habits. It can even enlist the computer insome massive botnet attack, as part of a hypothetical future cyberwar.
China's actions may be extreme, but they're not unique. Democraticgovernments around the world -- Sweden, Canada and the United Kingdom, forexample -- are rushing to pass laws giving their police new powers ofInternet surveillance, in many cases requiring communications systemproviders to redesign products and services they sell.
Many are passing data retention laws, forcing companies to keepinformation on their customers. Just recently, the German governmentproposed giving itself the power to censor the Internet.
The United States is no exception. The 1994 CALEA law required phonecompanies to facilitate FBI eavesdropping, and since 2001, the NSA hasbuilt substantial eavesdropping systems in the United States. Thegovernment has repeatedly proposed Internet data retention laws, allowingsurveillance into past activities as well as present.
Systems like this invite criminal appropriation and government abuse. Newpolice powers, enacted to fight terrorism, are already used in situationsof normal crime. Internet surveillance and control will be no different.
Official misuses are bad enough, but the unofficial uses worry me more.Any surveillance and control system must itself be secured. Aninfrastructure conducive to surveillance and control invites surveillanceand control, both by the people you expect and by the people you don't.
China's government designed Green Dam for its own use, but it's beensubverted. Why does anyone think that criminals won't be able to use it tosteal bank account and credit card information, use it to launch otherattacks, or turn it into a massive spam-sending botnet?
Why does anyone think that only authorized law enforcement will minecollected Internet data or eavesdrop on phone and IM conversations?
These risks are not theoretical. After 9/11, the National Security Agencybuilt a surveillance infrastructure to eavesdrop on telephone calls ande-mails within the United States.
Although procedural rules stated that only non-Americans and internationalphone calls were to be listened to, actual practice didn't always matchthose rules. NSA analysts collected more data than they were authorizedto, and used the system to spy on wives, girlfriends, and famous peoplesuch as President Clinton.
But that's not the most serious misuse of a telecommunicationssurveillance infrastructure. In Greece, between June 2004 and March 2005,someone wiretapped more than 100 cell phones belonging to members of theGreek government -- the prime minister and the ministers of defense,foreign affairs and justice.
Ericsson built this wiretapping capability into Vodafone's products, andenabled it only for governments that requested it. Greece wasn't one ofthose governments, but someone still unknown -- a rival political party?organized crime? -- figured out how to surreptitiously turn the featureon.
Researchers have already found security flaws in Green Dam that wouldallow hackers to take over the computers. Of course there are additionalflaws, and criminals are looking for them.
Surveillance infrastructure can be exported, which also aidstotalitarianism around the world. Western companies like Siemens, Nokia,and Secure Computing built Iran's surveillance infrastructure. U.S.companies helped build China's electronic police state. Twitter'sanonymity saved the lives of Iranian dissidents -- anonymity that manygovernments want to eliminate.
Every year brings more Internet censorship and control -- not just incountries like China and Iran, but in the United States, the UnitedKingdom, Canada and other free countries.
The control movement is egged on by both law enforcement, trying to catchterrorists, child pornographers and other criminals, and by mediacompanies, trying to stop file sharers.
It's bad civic hygiene to build technologies that could someday be used tofacilitate a police state. No matter what the eavesdroppers and censorssay, these systems put us all at greater risk. Communications systems thathave no inherent eavesdropping capabilities are more secure than systemswith those capabilities built in.
_______________________________________________IRP mailing list
IP JUSTICE
Robin Gross, Executive Director
1192 Haight Street, San Francisco, CA 94117 USA
p: +1-415-553-6261 f: +1-415-462-6451
--~--~---------~--~----~------------~-------~--~----~
Thai Netizen Network
http://thainetizen.org/
----
u rcvd diz msg bcoz u r sbscbd 2 d "Thai Netizen Network" grp.
post, email thainetizen@googlegroups.com
leave, email thainetizen+unsubscribe@googlegroups.com
info, http://groups.google.com/group/thainetizen
-~----------~----~----~----~------~----~------~--~---
--
ขอเชิญอ่าน blog.Thank you so much.
http://www.parent-youth.net
http://www.familynetwork.or.th
http://sph.thaissf.org/
http://www.presscouncil.or.th
http://ilaw.or.th
http://thainetizen.org
http://www.ictforall.org
http://icann-ncuc.ning.com
http://dbd-52.hi5.com
http://www.webmaster.or.th
http://www.thailandshowtime.com/2009
ไม่มีความคิดเห็น:
แสดงความคิดเห็น