Surveillance or Security?: The Risks Posed by New Wiretapping Technologies by Susan Landau Page A
Authors: Susan Landau
Ads: Link
the rest of the network; it filters traffic based on a set
of rules defined by the user. Its job can be to prevent traffic to or from a
certain IP address (though this can be defeated by IP address spoofing) or
to prevent certain applications from transferring data.67 Some firewalls
block the file transfer protocol, while others have been known to block
such applications as YouTube.68 Firewalls are useful in stopping the spread
of known worms and viruses, but are less useful in preventing unknown
bad programs from entering a user's machine.
Firewalls interpose a censor between the user and the communication
and break the Internet communications model that allows any endpoint
to send a message to any other without first having an "introduction."
Despite that, such censors are being deployed. One is the "Great Firewall
of China," which examines IP addresses and blocks incoming and outgoing
packets to China on that basis." Although the censorship is not perfect,
it is sufficient to disrupt human rights activities. Such censorship has also
been documented closer to home. In 2005 Canada's second largest telecommunications company blocked its subscribers and smaller ISPs that
depended on the network from reaching the site of the Telecommunications Workers Union.70
It may well be appropriate to use intrusive packet inspection or censorship to prevent network attacks such as DDoS, yet clearly the potential for
abuse using such monitoring is high. I return to this issue later.
3.6 The Security Problems Are Inherent
The list above of Internet security holes is not exhaustive-indeed, the
nature of the problem is that new vulnerabilities continue to be uncovered-but the description captures the essence of the problem. Security issues are inherent in any fully open packet-switching network with smart
hosts. Whenever a data-manipulating device is sufficiently multipurpose
so as to be programmable (in other words, to be a computer), such a device
will have flaws and be a security risk. And whenever a computer connects
to a network, the machine will be at risk from other computers on the
network and the whole network itself will be at risk.
Unless the endpoint hosts are fully secured, they leave the network in
a highly vulnerable state. The fact is, however, that the security of users'
machines is in a terrible state; most machines are unpatched and open to
attack. We are in a situation in which the very strength of the Internet-a
network connecting smart endpoints-creates its weakness. The network
hosts can be compromised, with the Internet providing the delivery system
for compromise.
Here the Internet architecture comes into play. TCP/IP is about "conversations." You can secure the channels over which the TCP/IP communications occur, but the layered nature of the Internet means that that
information within packets does not leak into other layers of the network.
Van Jacobson described it this way: "Channels are secured, but not data,
so there's no way to know if what you get is complete, consistent, or even
what you asked for."" There is no way for the network to know what the
content looks like until it reaches the endpoint, a user's computer.
Into this mix comes a large population with diverse interests (including
developing many applications that the original Internet designers had
never considered). One gets the enormous burst of creativity that has
produced the Internet post the mid-1990s: This creative energy is what
Harvard law professor Jonathan Zittrain terms the "generative Internet":
the network's ability to produce unprompted change because of its "large,
varied, and uncoordinated audience."" The generative Internet provides a
large panoply of services, from ecommerce and ecollaboration to social
networks. One does not necessarily obtain secure applications.
The peer-to-peer nature of the network further complicates control.
Many users are familiar with the client/server model,
of rules defined by the user. Its job can be to prevent traffic to or from a
certain IP address (though this can be defeated by IP address spoofing) or
to prevent certain applications from transferring data.67 Some firewalls
block the file transfer protocol, while others have been known to block
such applications as YouTube.68 Firewalls are useful in stopping the spread
of known worms and viruses, but are less useful in preventing unknown
bad programs from entering a user's machine.
Firewalls interpose a censor between the user and the communication
and break the Internet communications model that allows any endpoint
to send a message to any other without first having an "introduction."
Despite that, such censors are being deployed. One is the "Great Firewall
of China," which examines IP addresses and blocks incoming and outgoing
packets to China on that basis." Although the censorship is not perfect,
it is sufficient to disrupt human rights activities. Such censorship has also
been documented closer to home. In 2005 Canada's second largest telecommunications company blocked its subscribers and smaller ISPs that
depended on the network from reaching the site of the Telecommunications Workers Union.70
It may well be appropriate to use intrusive packet inspection or censorship to prevent network attacks such as DDoS, yet clearly the potential for
abuse using such monitoring is high. I return to this issue later.
3.6 The Security Problems Are Inherent
The list above of Internet security holes is not exhaustive-indeed, the
nature of the problem is that new vulnerabilities continue to be uncovered-but the description captures the essence of the problem. Security issues are inherent in any fully open packet-switching network with smart
hosts. Whenever a data-manipulating device is sufficiently multipurpose
so as to be programmable (in other words, to be a computer), such a device
will have flaws and be a security risk. And whenever a computer connects
to a network, the machine will be at risk from other computers on the
network and the whole network itself will be at risk.
Unless the endpoint hosts are fully secured, they leave the network in
a highly vulnerable state. The fact is, however, that the security of users'
machines is in a terrible state; most machines are unpatched and open to
attack. We are in a situation in which the very strength of the Internet-a
network connecting smart endpoints-creates its weakness. The network
hosts can be compromised, with the Internet providing the delivery system
for compromise.
Here the Internet architecture comes into play. TCP/IP is about "conversations." You can secure the channels over which the TCP/IP communications occur, but the layered nature of the Internet means that that
information within packets does not leak into other layers of the network.
Van Jacobson described it this way: "Channels are secured, but not data,
so there's no way to know if what you get is complete, consistent, or even
what you asked for."" There is no way for the network to know what the
content looks like until it reaches the endpoint, a user's computer.
Into this mix comes a large population with diverse interests (including
developing many applications that the original Internet designers had
never considered). One gets the enormous burst of creativity that has
produced the Internet post the mid-1990s: This creative energy is what
Harvard law professor Jonathan Zittrain terms the "generative Internet":
the network's ability to produce unprompted change because of its "large,
varied, and uncoordinated audience."" The generative Internet provides a
large panoply of services, from ecommerce and ecollaboration to social
networks. One does not necessarily obtain secure applications.
The peer-to-peer nature of the network further complicates control.
Many users are familiar with the client/server model,
Similar Books
