[silk] No Hiding Place | 1984 in 2001

[Ramakrishnan Sundaram <ram@xxxxxxxxxxxx>]

<x-flowed>Followed through a /. post. Am surprised no one posted this here, because 
this is really scary. Eugene, you seem to live closest to this. Comments?

Ram

April 1 2001 - SUNDAY TIMES MAGAZINE

Britain is now a surveillance state. The authorities may be prying into 
your 'private' life this second. And in the electronic age, it is much 
easier for innocent people to be mistaken for criminals. Bryan Appleyard 
investigates

NO HIDING PLACE

Privacy is dead. We are watched by 1.5m closed-circuit television cameras, 
more per head of population than any country on Earth. Our government, 
police and intelligence services have more legal powers to poke around in 
our private lives than those of communist China. And thanks to new 
technologies from mobile phones to the internet, they can use those powers 
to find out where we are, whom we talk or send e-mails to, and what 
websites we click on. According to most experts in the field, a police 
state with powers of control and surveillance beyond the wildest dreams of 
Hitler or Stalin could now be established in Britain within 24 hours. And 
guess what: MI5 probably read this article before you did. It was delivered 
by e-mail, a hopelessly insecure system. It is full of the sort of 
security-sensitive words the spooks look out for, and, as I shall explain, 
I seem to be an MI5 target.

But the weirdest thing of all is that we really don't care. To take an 
example that may sound trivial but isn't, the Television Licensing 
Authority is currently running an advertising campaign boasting of its 
ability to invade our privacy. Hoardings show a local street sign with the 
caption that declares, four people in this street don't have a TV licence 
and the TLA knows who they are.

Duncan Bennett, a systems administrator with the Medical Research Council 
in Cambridge, knows exactly what this means. He hasn't had a TV in 10 years 
and yet, annually, he gets threatening letters from the TLA. He has now 
discovered that, with no evidence against him whatsoever, they can get a 
warrant - always automatically granted - to break into and search his 
house. He is assumed to be guilty until proven innocent, a terrible 
inversion of ancient common-law tradition. He has struggled to find anybody 
willing to take up his campaign on the issue. Bennett is not suspected of 
drug-trafficking, terrorism or subversion. He is suspected of having a TV 
without a licence. Only in Britain would such an abuse of power - or even 
such advertisements - be tolerated.

We seem to have such fear of crime, and such a mute acceptance of the 
seizure of power by the authorities, that we are actually comforted by the 
thought that we are being watched all the time. This, in the current 
climate of paranoia and high technology, is dangerous. Our right to live a 
law-abiding life without interference is now utterly compromised. The 
Englishman's home is no longer his castle, it is his virtual interrogation 
cell.

How did we get here? The story begins in a bedroom in Cheltenham in 1969. 
James Ellis, an employee of the Government Communications Headquarters, 
Britain's global listening post, had been working on the problem of coding, 
more accurately known as encryption. Thanks to our cracking of the German 
Enigma code during the second world war, the British were regarded as world 
masters of this art. Since then, GCHQ had been working closely with the 
American National Security Agency (NSA) to ensure that the good guys - us - 
would always be able to crack or write codes more successfully than the bad 
guys - primarily the Soviets.

In his bedroom, Ellis had an idea for a system of encryption that would be 
utterly unbreakable. But his system was so completely at odds with 
prevailing wisdom that it was at once rejected by almost everybody in the 
code business. Ellis died in 1997, professionally anonymous to the last, 
and just a month before his brilliance was generally recognised when GCHQ 
finally published his papers on their website.

Until then, everybody thought the first man to have this idea was an 
American named Whitfield Diffie. In 1975, Diffie had independently 
experienced the same eureka moment as Ellis, but his insight was made 
public. At that moment, both GCHQ and NSA, not to mention every other 
security and intelligence service on the planet, suffered a crisis from 
which they have yet to recover, and the issue of individual privacy leapt 
to the top of the political agenda, where, almost everywhere except in 
Britain, it remains.

The Ellis/Diffie invention was what is now called public key cryptography 
(PKC). It is the most powerful coding system that has ever been devised. 
It's what you use if you bank or buy on the internet. You don't know you're 
using it: your computer does it for you. It offers everybody the power to 
communicate in unbreakable codes. As a result, it's easily the worst thing 
that has ever happened to the spooks and the police. Beside this, Kim 
Philby was a minor hiccough.

This is how it works. Normally, if one spook wants to send a coded message 
to another, he does so in a code that can be unlocked by a key - a string 
of numbers - known to both of them. The problem is, they have somehow to 
give each other the key. Diplomats going through customs handcuffed to 
briefcases are one way of passing on keys. But you can mug a diplomat and, 
as the British showed when they seized a German Enigma machine, you can 
intercept keys transmitted by any other means. Either way, the spooks lose 
their secrecy.

In PKC, one party makes his key completely public; anybody can have it.

This public code allows anybody to encode their message and send it. But 
the public key can only encrypt the message, it cannot decrypt it. Only the 
secret key possessed by the recipient can unscramble the message. As long 
as he keeps his key secret - an easy task, because he need never share it 
with anyone else - then his code is unbreakable.

The one flaw in this might be the use of supercomputers simply to run 
through all possible key combinations - a so-called "brute force" attack. 
Keys are just sequences of numbers, after all. But now that more powerful 
personal computers and software accept much longer keys, it would take 
billions of years for a brute-force attack to succeed. Rumour has it - 
there are only ever rumours in this area - that the NSA has spent $5 
billion trying to crack the strongest contemporary codes and failed.

Since both the NSA and GCHQ are founded on the principle that they should 
be able to read any communication anywhere in the world, this is their 
worst nightmare. Since 1975 they have been battling to find ways of 
ensuring they can still eavesdrop on anything. And, because Diffie's trick 
was already out there among the nerds and hackers of the world, this battle 
had to take place in public. Essentially, both the British and American 
security services wanted copies of all keys to be lodged with government 
agencies - so-called "key escrow" - or, as in the system we now have in 
Britain, they wanted to be able to demand the surrender of keys.

But the libertarian nerds, known in this field as "cypherpunks", fought 
back in the name of freedom from the all-seeing eyes of Big Brother 
government. In the United States they have had some success, thanks to the 
native distrust of government; in Britain they have had almost none.

After the collapse of communism in 1989, this issue became even more 
urgent. The primary targets of the security services were no longer the 
Soviets. Now they were organised criminals, drug traffickers and 
terrorists. This meant they wanted to watch their own citizens rather than 
just foreign spooks. The possibility of the high-tech, 
constant-surveillance Big Brother state was threatening to become a reality.

PKC had become much more than a brilliant mathematical trick: it was now 
the centre of a bitter philosophical and political debate about the privacy 
of the individual. This has now spilt over into just about every area of 
public policy. Before PKC, the spooks could watch and never explain 
anything. After PKC, they had to come out and argue their case.

The big questions are obvious. How much should the government be able to 
find out about me and the things I do? Should it be able to read all my 
private messages, my bank accounts, my health records? Do I have any right 
to privacy at all, or does the public interest in the possibility that I 
might be a terrorist, paedophile, criminal or spy overrule all other 
considerations?

Cryptography was only the beginning of this debate. Technology - whether in 
the form of computers, mobile phones, credit cards, store cards or 
closed-circuit television cameras with sophisticated face recognition 
systems - means that people can now, if they like, know almost everything 
about anybody.

We all leave an electronic trail wherever we go, whatever we do. This trail 
is impossible for the individual to eradicate or control.

Much of this trail may seem innocent - what you buy at Tesco using your 
loyalty card is hardly likely to be a sensitive matter. But the point about 
computer memory and processing power is that it is expanding at a rate few 
of us can begin to understand. As a result, thanks to those loyalty cards, 
it is perfectly possible to trawl through everything you have ever bought 
at Tesco, and that can produce a startlingly detailed picture of your life.

"I'm not embarrassed about my shopping," says Ian Brown, a researcher into 
mobile multimedia security at University College, London, "but the 
insidious nature of this is that it's not the day-by-day information, it's 
knowing about all your grocery for the last five years. It's amazing how 
much you can tell about someone from the pattern of their buying." 
Furthermore, information breeds information. Once I know one thing about 
you, I can generally find out another. Using a technique known as 'social 
engineering' - essentially a simple con trick - armed with a few details 
like your date of birth and post code, I can easily convince some lowly 
clerk on the phone that I am you and seduce him into parting with more 
sensitive material.

When you add into that mix internet usage and e-mails - neither of which 
are remotely secure unless you go out of your way to make sure they are - 
it becomes easy to build up staggeringly detailed pictures of the lives and 
habits of almost anybody. Indeed, there is an automated global system 
code-named Echelon, operated by the US, UK, Canada, Australia and New 
Zealand, which is believed to intercept up to 3 billion communications a 
day, trawling through them for sensitive words that might indicate a 
security threat - it may well pick up this article in transit. Some claim 
that 90% of internet traffic is scanned by Echelon. The exact figures are 
unknown, because the system is top secret. Indeed, Britain, alone among 
these countries, does not even admit it exists. Simon Davies, head of the 
pressure group Privacy International and a self-confessed cypherpunk, 
describes Echelon as "black-helicopter, Mulder-and-Scully stuff". As in The 
X Files, the truth is out there, but so is somebody who doesn't want you to 
know.

Even by just collating all the addresses of your e-mail correspondents, the 
security services can construct "friendship trees", patterns of association 
that, whether you are guilty or not, may connect you to terrorists or 
criminals.

Closed-circuit television (CCTV) cameras are the final turn of the screw. 
There are now 1.5m of these operating in Britain, and some, as in the 
London borough of Newham, use facial recognition software that 
automatically identifies target individuals. Some of these cameras are 
visible, but many, in pubs and clubs, are not. In time, it is thought these 
cameras will be linked in a nationwide web. They will become, as Dr Stephen 
Graham of the University of Newcastle upon Tyne has suggested, the "fifth 
utility", after telephones, water, gas and electricity. "These networks," 
he writes, "have long since merged and extended to become technologically 
standardised, multipurpose, nationally regulated utilities, with virtually 
universal coverage. I would argue that CCTV looks set to follow a similar 
pattern of development over the next 20 years, to become a kind of fifth 
utility."

"We have far more of these cameras that any other country," Graham tells 
me, "though Germany and the US are now catching up. Why? Well, I suppose we 
have fewer constitutional and political fears about invasions of privacy.

We have a huge fear of crime and we have no totalitarian past like almost 
all the other countries in Europe."

Graham believes the key to the future, networked power of CCTV is 
automation. "The key to the limitations of their use was the human 
operator, who just got bored. Soon, software will be able to do all that, 
and then the power will be in the hands of the software writers to decide 
what is abnormal behaviour. It will all be hidden - there will be no 
accountability."

And, in their book The Maximum Surveillance Society: The Rise of CCTV, the 
academics Clive Norris and Gary Armstrong write: "The architecture of the 
maximum surveillance society is now in place." Their point is that the 
hardware of CCTV is so firmly in position that enabling it to watch 
everybody all the time is now merely a software problem.

Meanwhile, other surveillance technologies are springing up all the time. 
Police in the US, and some private agencies here, now have machines - 
called IMSI catchers - in their cars that fool your mobile phone into 
thinking they are base stations on your network. They can even tell your 
phone not to use any form of encryption. So they can listen to every mobile 
call you make. In addition, all big companies in the City of London 
routinely have to attach devices to their windows to prevent sensitive 
meetings being overheard through remote sensors that pick up voices from 
vibrations of the glass. Or there are Van Eck devices, which can read 
everything on your computer screen from a street away from your house. It 
is rumoured that one of these machines has been refined to the point where 
it can pick out one computer screen at the top of Canary Wharf from street 
level. Or tiny airborne devices the size of butterflies are being developed 
that can watch every move you make. And so on and so on. "It is plausible," 
writes Bruce Schneier, an American security consultant, in his book Secrets 
& Lies, "that we could soon be living in a world without expectation of 
privacy, anywhere or at any time."

Soon, some have suggested, we shall have to record our entire lives on 
audio and video just to establish an alibi, in case we are implicated in a 
crime. Indeed, not to make such a recording may one day be treated as a 
cause for suspicion.

Do we care? In Britain, apparently not. We accept CCTV cameras out of fear 
of crime, and as a result we have more than any other nation in the world. 
Meanwhile, a study by the Economic and Social Research Council's Virtual 
Society programme has found that employees do not regard surveillance 
systems in the workplace as invasions of privacy. And finally, in the form 
of last year's Regulation of Investigatory Powers Act (RIP), we now have, 
according to many observers, the most invasive legal apparatus anywhere in 
the world. China, it has been pointed out, has nothing as draconian as this 
on its statute book. It has been described by the constitutionalist Anthony 
Barnett as "the most pernicious invasion of privacy ever imposed by a 
democratic state". Among other things, the act ensures that all internet 
and mobile-phone communications will potentially be interceptible by the 
police and security services. Furthermore, even if you are not suspected of 
any crime, you can be imprisoned for two years if you fail to disclose a 
computer password. The communications of UK citizens can now be trawled by 
GCHQ to investigate any "large number of persons in pursuit of a common 
purpose".

 





</x-flowed>