Log in ....Tribune

Dot.ComLatest in ITFree DownloadsOn hardware

Monday, October 1, 2001
Lead Article

Will Uncle Sam read your e-mail? --- Imaging by Gaurav Sood

In the wake of the terrorist attacks on the World Trade Center, US security agencies are seeking widespread powers to intercept and read messages sent over the Internet, giving a new twist to the old privacy v security debate, says Roopinder Singh.

WHENEVER we send e-mail messages, we often presume that they are similar to private mail that we sent out on paper and that what we say in our messages will remain private. But is this really true?

Actually, no.

As numerous hackings have shown, there is no such thing as assured privacy on the Net. Also, in the wake of the terrorist attacks on the World Trade Center, US security agencies are seeking widespread powers to intercept and read messages sent over the Internet.


This effort to monitor electronic communications, including the Net and mobile phones, has been fuelled by speculation that terrorists may have used sophisticated technology to coordinate the attacks.

How does it affect us? Except for some popular e-mail services in India, most of the e-mail servers are in the USA and as such are governed by the American laws. Thus what happens there has a direct impact on our lives even if we have never set foot on American soil and basically are exchanging messages with our friends within the country.

Privacy v security

There is no doubt that the latest terrorist attacks on the landmark buildings in the USA on September 11 have given an impetus to those who have sought monitoring on the Net and have brought old issues of privacy v security back on the debating table.

What exactly is the privacy that we are talking about? Since we are examining something with global dimensions, we can refer to Article 12 of the Universal Declaration of Human Rights, adopted and proclaimed by the United Nations General Assembly on December 10, 1948, that says: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation. Everyone has the right to the protection of the law against such interference or attacks."

This is the general principal under which privacy advocates seek to keep governmental snoops out of their lives.

However, one of the first casualities in war is liberty. Inter arma silent leges goes the Latin maxim, which means that in the time of war, the laws are silent. Various laws that are enacted to preserve individual liberty are often suspended by nations at war and the US President has declared that America is at war.

Cryptographic envelopes

All e-mail can be, and is often, intercepted. Unlike an ordinary letter, your e-mail is more in the nature of an electronic post card — it does not have an envelope and can be read as it passes through various hands.

Basically, electronic communications are unprotected and in order to protect them, you need to use cryptography to provide what could be figuratively called an envelope, seal and signature.

Cryptography is the science of secret writing and codes. It has been used for thousands of years. In today’s context, it enables the encoding of information so that only the intended recipient has the ability to understand its meaning.

Earlier, only governments would use cryptography though now it is often used by common computer users in order to protect the privacy and security of electronically transmitted information. Encryption software runs a readable message through a computer that changes it into unreadable "ciphertext." In order to decode, or decrypt, the message, one must have the "key."

One of the most powerful programs was posted for free use on the Internet 10 years ago by a California-based American programmer Phil Zimmermann. Called Pretty Good Privacy, or PGP. You can download the program at http://www.pgp.com/products/freeware/default.asp. It has two versions, freeware and a paid one which has more support. The program is so powerful that no government or law enforcement agency has been able to break into its encryption.

This is where the problem comes in. Governments want that they should be given keys to cryptography so as to prevent misuse by criminal elements. This is obviously opposed by privacy advocates.

US government moves

American politicians have stressed that they will not support sacrificing liberty for freedom, though there is no doubt that in environment of caution, that is understandably prevalent in the USA today, it is certain that the government will assume additional powers. It already had the technical means to undertake electronic surveillance on a global basis. Of course, the question about whether they would want to read your e-mail still remains. Chances are that you are of no interest to the USA or other security agencies unless you fit into a particular "wanted" profile.

The Federal Bureau of Investigation (FBI) is known to use a powerful and controversial computer program called the DCS100 to monitor the Internet traffic in servers located in the USA. This is a new name for Carnivore (see box), which is placed at an Internet service provider’s end and scans all incoming and outgoing e-mail. Millions of e-mails per second can be intercepted by using this program which comprises specialised eavesdropping hardware installed directly in the ISP’s servers, thus giving it the ability to scan any e-mail that travels over the network

In fact an older system, developed in the ‘60s, intercepts and processes international communications via passing communications satellites. Called Echelon, it is a global surveillance system jointly run by Western intelligence agencies, especially the USA’s National Security Agency and Britain’s Government Communications Headquarters. It collects signals intelligence (Sigint) by covertly intercepting foreign and international communications.

Electronic vacuum cleaners

Other parts of the Sigint system intercept messages from the Internet, from undersea cables, from radio transmissions, from secret equipment installed inside embassies, or use orbiting satellites to monitor signals anywhere on the earth’s surface. The system includes stations run by the USA, Britain, Canada, Australia and New Zealand.

Both these systems have come under attack from civil libertarians and can only be used after obtaining due permissions. We have to remember that the constitutions of various countries protect their own citizens, not others, though the effect of their actions affects users the world over. Also, these systems are like gigantic electronic vacuum cleaners that sweep everything in, not surgical instruments designed to ferret out particular maladjusted individuals.

Cryptography and beyond

The easiest way to protect your privacy is to encrypt it using software that is readily available, like PGP, though the problem with encrypted messages is that they are in code and may thus trigger of greater interest just because of that.

In case you really want to ensure your privacy and communicate without anyone even finding that you are using coded messages, a way out is steganography, literally meaning covered writing. It is "the art and science of communicating in a way that hides the existence of the communication. In contrast to cryptography, where the "enemy" is allowed to detect, intercept and modify messages without being able to violate certain security premises guaranteed by a cryptosystem, the goal of steganography is to hide messages inside other "harmless" messages in a way that does not allow any "enemy" to even detect that there is a second secret message present.

From the time of Herodotus in ancient Greece to the terrorist of today, the secret writing of steganography has been used to deny one’s adversaries the knowledge of message traffic.

For computer users, the messages could be hidden inside graphics, music files or in the headers of e-mails. Thus users could get around electronic wiretaps by piggybacking messages on seemingly innocent digital files for things such as songs, a posting on a Website or a picture.

Right to privacy

This is a difficult issue. Where does the need for security overpower the right to privacy? While the concept of individual privacy is rather well defined and defended in the West, in the Indian context, often the rights of the society have subsumed the rights qua individuals. Though no one will officially admit it, surveillance has been going on in India for a while.

The new environment after the terrorist attacks will alter the Net considerably, since it is now obviously going to be monitored far more extensively than before. Of course often we are just exchanging innocuous information through e-mails, though we would not like anything private to be made public. Under such circumstances, it is important to keep one’s hand and to prioritise issues—see what is really necessary for us, because security is always at the cost of convenience.

The security agencies too have to make sure that they assure us that private communications will remain, indeed, private. Otherwise, in time paranoia will gradually replace habits of freedom.

How does cryptography work?

Computers generally transmit data in strings of 1’s and 0’s that are not apparent to most users. Encryption software and hardware programs scramble these numbers using an algorithm or mathematical formula that can be re-converted only with the proper formula or the "key." Thus, only an authorised person with the secret key can convert a scrambled message back to its original state or readable form.

The strength of encryption against interception and conversion by unintended recipients generally depends on the length of the formula or "key" that is required to decrypt the data. This key is measured by its "bit length" and generally, the longer the key and its bit length — the stronger it is. Thus, a 56 bit length key — which is considered weak — could take seconds for a hacker or thief to decode, whereas a 128 bit length key — which is exponentially stronger — could be impossible to decode in a lifetime.

Carnivore’s family tree

The DCS100 has several predecessors. An earlier FBI surveillance system was called Omnivore and it ran on a Solaris operating system.

The tool was then upgraded to a Windows NT system and dubbed Carnivore.

According to Electronic Privacy Information Center, or EPIC, Carnivore depends on two other applications to function.

It alone can only store data as packets. It requires another application, Packeteer, to process the packets. A third programme, called Coolminer, organises the information.

The trio are referred to as Dragonware.

Carnivore was given a new name - DCS100 - to disassociate the software with a controversial lawsuit

Source: BBC