Large-Scale Surveillance Systems Create Security Risks

from the unauthorized-access dept

Thu, Jan 31st 2008 2:40pm — Timothy Lee

There's been a lot of discussion, here and elsewhere, about the dangers that expanded government surveillance pose to civil liberties. The Constitution protects the right to be free of unreasonable searches, which the courts have held includes electronic eavesdropping, and many people, myself included, think that recent proposals for expanded wiretapping threaten that right. But less attention has been paid to the security risks created by expanded eavesdropping programs. Matt Blaze and some other computer security experts have a new article documenting the risks concerning eavesdropping systems that themselves could be compromised, allowing unauthorized third parties to use government surveillance networks for their own ends. That's what happened in Greece, when someone managed to hack into the Greek surveillance infrastructure and listen in on dozens of senior government officials. Blaze and his co-authors argue that the more information collected by a wiretapping scheme, the greater the damage that will be done if it's ever compromised. The Protect America Act, which Congress passed last August and is due to expire in a few days, authorizes virtually unchecked government interception of communications between Americans and those overseas. The paper warns that the safeguards in the Protect America Act are inadequate to protect Americans from a compromised surveillance network. Congress would do well to listen.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: civil liberties, eavesdropping, greece, privacy, wiretapping

6 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Thom, 31 Jan 2008 @ 3:37pm

Ummm
The vast majority of Americans have no out of the country contact but the vast majority of Congressmen and Senators do - if not due to personal business matters then to government ones. Perhaps all we need to do is point out that it's only a matter of time before their shady dealings are exposed by this program. That should get their attention and make them think twice.
[ link to this | view in chronology ]
- Anonymous Coward, 31 Jan 2008 @ 4:46pm
  
  Re: Ummm
  Well, technically a lot of gamers DO have out of country contact via whatever online game they are playing. From playing on servers based on Europe to players from outside the US playing on US based servers, some people DO have contact with people that are not American.
  
  of course it's usually stuff like "STFU NOOB" and "USA SUCKS" or even "MORE DOTS MORE DOTS MORE DOTS" but it is just ignorant to say that many people with Internet access only have contact with people in their own country.
  
  The point to this? All the wire-tapping and surveillance will include all online activities.
  [ link to this | view in chronology ]
Bender, 31 Jan 2008 @ 4:43pm

They can surveil my shiny metal ass
[ link to this | view in chronology ]
Steve R. (profile), 1 Feb 2008 @ 5:35am

ALL Large Scale Security UNSAFE
Regretfully my "sound bite" generator isn't working too well. We need a Murphy Law for security. Any large scale deployment of a security system to serve an infinite population is fundamentally unsafe.

At a fundamental level, as more and more people acquire "keys" to access the "protected" system, the greater the chance that one of them will prove to be a nut case, a fanatic, an opportunist, disgruntled, etc. (It is not uncommon for a fired (just or unjust) employee to strike back.)

Another way to put it, the more "keys" one has, the easier it is to "lose" one. Then if you have to change the "key" it becomes an administrative nightmare trying to get everyone a new "key".

Not only that, but all companies and governments are in competition for employees. What does that mean? You might start off having high employment standards, but then you find you can't hire enough staff, so you lower your standards and you skimp on security checks. The sleeper terrorist is then able to sneak in. (also the nut case, etc.)

PS: This also applies to DRM technologies. Eventually someone on the inside will publicly disgorge the security "keys".
[ link to this | view in chronology ]
- Steve R. (profile), 7 Feb 2008 @ 5:57am
  
  Re: ALL Large Scale Security UNSAFE
  I just had to re-register for a re-deployment of our time card system. To gain access to the system, I had to riffle through a whole bunch of papers containing my passwords and login IDs for a variety of systems in order to find the login ID and password that I needed.
  
  So we have systems that are supposedly "secure" but the users have little pieces of paper in obvious locations that would give virtually anyone access to these supposedly secure systems.
  [ link to this | view in chronology ]
Anonymous Coward, 1 Feb 2008 @ 10:16am

So its ok for you to hype security issues that the govt. has but its not ok for security companies to hype known security issues?

What is the difference? Oh, thats right, you don't like the govt.
[ link to this | view in chronology ]