Deal Between AT&T And Yahoo May Be Nearing Its End

Why Sweden's Plan To Spy On Emails Does More Harm Than Good

from the needle-and-a-haystack dept

Fri, Mar 9th 2007 11:42am — Mike Masnick

There's been a lot of talk about the proposal from the Swedish government to monitor all emails crossing national borders for certain keywords that could suggest terrorist activity. It's not surprising that such a proposal would get plenty of attention, but there are a few reasons why it's simply a bad idea. The difference between this plan (if it's put into place) and similar efforts in other countries is that most require court order or warrant -- which adds a layer of oversight concerning whose content is open to monitoring. When it's just open ended it's not at all far-fetched to think that the system will be misused to spy on people who have absolutely nothing to do with terrorist activities. In a free and democratic society, you're not supposed to spy on those people. A second issue is that the more you make it possible to access and spy on people's emails, the more likely it is that someone with nefarious intent will also figure out a way to access those emails. Even if the government is made up of saints who will never misuse the information, by opening some sort of backdoor, someone else will figure out a way in -- and that's dangerous for everyone.

The biggest issue, however, concerns just how effective this type of monitoring really is in practice. Doing basic keyword or even contextual filtering will turn up a ton of false positives, making the haystack in which any needles need to be found pretty damn big. This actually makes it even harder to turn up the useful information, since anyone scanning the output becomes accustomed to false positives. The end result isn't better security, it's just a ton of excess data. Finally, those who actually are a threat have long known that their emails were open to monitoring, and have long moved on to various systems to hide their intent -- whether it's as simple as using code words or using some sort of encryption software to not using email at all -- many of these people aren't going to simply walk right into such a trap. There are much better means of tracking down and monitoring people who are dangerous to us. Setting up a broad system of monitoring and filtering emails sounds good on paper, but doesn't do much to make people any safer.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

20 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Casper, 9 Mar 2007 @ 12:22pm

Yeah..
"There are much better means of tracking down and monitoring people who are dangerous to us"

Yeah, but profiling is illegal. Seriously thought, that law was more like a way around warrants. Do you really think they would scan all that mail every day? The first thing they would do is levels of filtering, with key people being very closely monitored... except this way they don't have to get a warrant.
[ link to this | view in chronology ]
claire rand, 9 Mar 2007 @ 12:51pm

like this sort of monitoring doesn't happen already.

anyone with anything to hide encrypts it, or will use code words anyway. it will find people who talk about things governments don't like though, assuming they can actually monitor that well
[ link to this | view in chronology ]
Geoffrey Kidd, 9 Mar 2007 @ 1:10pm

One myth, one major weakness
The myth is "The innocent have nothing to fear." Actually, they have MORE to fear than the guilty because a single mistake can start an avalanche that takes out their whole life. Just ask the man the London police murdered because they were told he was a terrorist.

The major weakness: The malefactors will assume anything they send is being listened to and hide it in a pile of innocent chatter.

John: I think we need to go to the opera tonight.

Adam: Good for me. Meet for dinner and drinks at 8?

Can stand for "We need to [terrorist act] tonight." "Good for me. [carry it out] at 8?"
[ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2007 @ 2:02pm

Why not have all computers equipped with a person that sits next to the machine to monitor all usage? Think of all the crimes and social ills that would suddenly be eliminated:

-terrorism (read all in/out emails)
-child sexual abuse (watch your MySpace usage)
-reckless driving (limit video game usage)
-Internet addiction (limit total online time)
-marital infidelity (monitor craigslist erotic services)
-prevent homosexuality (monitor craigslist casual encounters)
-etc, etc, etc...

Clearly, the computer is destroying our world faster than a Humvee with a bulldozer attachment clearing rain forest.
[ link to this | view in chronology ]
dorpus, 9 Mar 2007 @ 2:02pm

Faustian Bargain
So should the government not monitor communications, and be surprised by anarchists who suddenly gather in cities and burn down city blocks, as happened in Copenhagen last week? How about animal rights activists who bomb the houses of scientists and intimidated them into not conducting research, as has happened before? Do we want Earth Liberation Front "activists" surrounding wealthy suburbs with coordinated arson fires, so upper class families are forced to throw babies out of their second floor windows? How about European liberals who plant bombs in McDonalds trash cans, or inject cyanide into Coca-Cola as a "statement" against America? The world is better off if these sickos are stopped before they ever do anything.
[ link to this | view in chronology ]
Anonymous Coward, 9 Mar 2007 @ 2:41pm

RE:Faustian Bargain
"So should the government not monitor communications, and be surprised by anarchists who suddenly gather in cities and burn down city blocks, as happened in Copenhagen last week?"

how are these two things connected in any way?! first of all the 'anarchists' didnt suddenly gather, they were there for 20 years...

and all the other things, putting bombs in trash etc etc. I highly doubt anyone who is going to do this is going to write an email about it first, unless they are deliberately trying to tip someone off.
[ link to this | view in chronology ]
- dorpus, 9 Mar 2007 @ 2:49pm
  
  Re: RE:Faustian Bargain
  Keep in mind that many of these criminals are teenagers, and lack basic street smarts. If some hormonally enhanced European nerd with an imaginary grudge against Americans gets serious about building a bomb, it is better to arrest him before he does it.
  [ link to this | view in chronology ]
deacon, 9 Mar 2007 @ 3:13pm

re: One myth, one major weakness
"Actually, they [the innocent] have MORE to fear than the guilty because a single mistake can start an avalanche that takes out their whole life. Just ask the man the London police murdered because they were told he was a terrorist."

Actually, I absolutely agree with the point you're making, but this conversation is likely to be pretty one-sided....
[ link to this | view in chronology ]
Ted, 9 Mar 2007 @ 3:37pm

Sweden?
Hasn't Sweden been a neutral country since the Vikings? I'd hate to see them fallow in US footsteps...
[ link to this | view in chronology ]
- dorpus, 9 Mar 2007 @ 3:58pm
  
  Re: Sweden?
  What is "neutrality"? Switzerland calls itself a neutral country, but all men are conscripted, and all men keep an army-issue rifle at home. Thus, Switzerland has a higher rate of gun ownership than the USA. It is the world's premier conduit of questionable money, thanks to an ancient tradition of shady dealings with the nations surrounding it. It has one of the world's highest heroin addiction rates, while 40% of its electricity comes from nuclear power plants and 60% come from environment-damaging hydroelectric dams. Women were not allowed to vote until 1971, making it more backward than most African countries.
  [ link to this | view in chronology ]
  - Joe, 9 Mar 2007 @ 4:39pm
    
    Re: Re: Sweden?
    I'd call Switzerland a pretty neutral country. Yes, there army is obligatory for men of a certain age rage, but so what? Army's are (unfortunately) an important part of maintaining neutrality. Just a week or two ago the Swiss were laughed at when a few guards got lost in bad weather and "invaded" Lichtenstein. This was the largest action the Swiss Army has seen since probably the 17th century.
    
    However, the Swiss also have their Onyx intelligence system which monitors civilian emails in the same way that this Swedish program has been described. So maybe it doesn't matter so much after all?
    [ link to this | view in chronology ]
Ted, 9 Mar 2007 @ 3:39pm

(follow)...
[ link to this | view in chronology ]
GoblinJuice, 9 Mar 2007 @ 4:16pm

Grow up.
Congrats to Sweden!

Note to the Swedish government: the left-wingers here in America scream, bitch and cry... but they, deep down in their hearts, know the Western governments of the world are - basically - good and want to protect their citizens.

Have a strong back, thick skin and push thru this program. The Left will bitch, but they know it's for the best.
[ link to this | view in chronology ]
reed, 9 Mar 2007 @ 5:04pm

Joe said

"The world is better off if these sickos are stopped before they ever do anything."

The thing that is sick here is the propaganda you have been spoon fed. Yeah! Lets give all our rights to the rich so they can protect themselves from us?

I don't agree with "extremists" but the reality is these laws don't stop there. Soon everyone could be an crazy liberal including you.

According to a recent study by 2020 over 50% of my state (Washington) will have been involved in the prison system. Imprisoning people already accounts for over 80% of my property taxes.

Ask yourself this, do we really want to let our governments find new reasons to imprison people? New reasons to search your private transactions? More reasons to turn you into a criminal and then lock you up in your new prison state?

I will pass on it myself.
[ link to this | view in chronology ]
- Joe, 9 Mar 2007 @ 6:27pm
  
  Re:
  I believe that was dorpus, not Joe.
  ;)
  
  You're absolutely right, though. The government should be regulated...I think that's the point of democracy. But the question of "how far is too far" is quite a tricky one to answer.
  
  You don't have to be subjugated, though. Take some incentive and change the world! Jeez, haven't you ever read Nietzsche? You, too, can be an ubermensch!
  
  Anyway, I think if you let democracy run its course through next November we'll find that you're not alone in fearing government invasion of privacy.
  [ link to this | view in chronology ]
I'm being Watched, 9 Mar 2007 @ 11:35pm

Duh! USA gov is sifting this with 'CARNIVORE'
Even as you read. Your emails too!
[ link to this | view in chronology ]
|333173|3|_||3, 10 Mar 2007 @ 1:54am

PGP
Isn't PGP a readily available plug in for or included in all recent versions of Outlook, Thunderbird, and other modern mail clients anyway? If I was up to something, I would definitely use it, and good luck breaking it open. Actually, I I could be bothered distributing keys to people, I would use it for normal, everyday stuff, just to cause trouble.
COme to think of it, it would not be too hard to breack public key encryption by using a crib, encrypting a string of data and then testing possible private keys. ONly the first few bytes would need to be tested at first, and that would allow you to get information about possible private keys. Each attempted private key tested would increase the amount of information you have, until you have a only a small set of possible private keys which can be brute-forced. This would probably take a lot less processor cycles than a straight burte-force crack, menaing that it could be much quicker for a government to break open encypted traffic, and maybe make it practical for private criminals to break into HTTPS traffic.

Someone will probably say I should not ahve posted this idea, so I will defend myself now. Basically, the idea of using a crib and computer to provide information about the code used goes back to the the early British Bombes (or possilby even the earlier Polish Bomby), so it is hardly a new idea. Nor is using mathematicall analysis in cryptography. This ida may even be used now, since it is so obvious, but I have not come accross it written up anywhere, so I thought I would post it now.
[ link to this | view in chronology ]
- misanthropic humanist, 11 Mar 2007 @ 12:02pm
  
  Re: PGP
  Yep, this attack has been raised before. It's a bit like the "Linux security" argument, with so few people using it there is less motive to make it a target. Of course when everybody uses encryption (which they will eventually, mark my words) the incentives change. Then you want a hetrogeneous or highly salted base, moving towards a one time pad model where there is more uniqueness between the two parties.
  
  Interestingly, don't assume that all governments are afraid of or against encryption. Some forces in government very wisely realise that it's inevitable and correct. The European commission made a detailed report some time ago giving a point by point recommedation for why encryption should be encouraged and even mandated for civillian communications. It's only the very sinister, paranoid and insecure but vocal few that want an aymetrical state of affairs. That position reveals itself for what it is without further analysis.
  [ link to this | view in chronology ]
IYAMAH SYLVANIUS, 11 Aug 2007 @ 5:54am

hjj
7665
[ link to this | view in chronology ]
FRED, 7 Sep 2007 @ 5:20am

BUSINESS PROPOSAL
Attn- RE-INVESTMENT. Dear Sir/Madam, This may come to you as a surprise, Please know that I am writing you with utmost confidentiality and I hope you treat this email as such. On October 15, 2001, our client Mr. Hatem Kamil Abdul Fatah who was the deputy governor in Baghdad in Iraq and also business man made a numbered fixed deposit for 12 calendar months, with a value of Four Million Five Hundred thousand pounds in a security Company in Europe Upon maturity several notice was sent to him, even after the war late last year. Another notification was sent and still now no response came from him.We later find out that the Governor has been assassinated in Baghdad. The websites below is a verification of the news about his death: http://news.bbc.co.uk/go/pr/fr//1/hi/world/middle_east/3970619.stm http://www.uslaboragains twar.org/article.php?id=6979. After further investigation it was also discovered that Mr. Hatem Kamil Abdul Fatah did not declare any next of kin in his official papers including the paper work of his bank deposit. And he also confided in me the last time he was at my office that no one except me knew of his deposit in this firm.According to the British Law, under foreign and defense affairs, at the expiration of 7(seven) years, such funds will revert to the ownership of the British Government account for financing military operations, such as purchasing of arms and ammunitions for the military. In order to avert this development, I will like to seek for your permission as a foreigner to stand as the next of kin to Mr. Hatem Kamil Abdul Fatah so that the fruits of this old man’s labor will not be use for financing weapons which will further enhance the courses of war in the world in general.The money will be paid into your account for us to share in the ratio of 60% for me and 30% for you and 10% for Expenses Incurred in the course of the transaction. If you are interested, please reply immediately. On acceptance to assist us, you will be required to travel to Europe to meet with the Security Company to take delivery of the Consignment in your capacity as the Beneficiary. We will give you further details on the take over proceedure. There is no risk involved whatsoever as everything has been perfected to ensure a hitch free transaction. We shall have to sign a working agreement with you in the form of a Memorandum of Understanding (MOU) to protect both parties in this transaction. Awaiting your urgent reply. Thanks Hinklemann Fred EMAIL
[ link to this | view in chronology ]