Risking Communications
Security: Potential Hazards
of the Protect America Act
By Steven M. Bellovin, Columbia University
Matt Blaze, University of Pennsylvania
Whitfield Diffie and Susan Landau Sun Microsystems
Peter G. Neumann SRI International
Jennifer Rexford Princeton University
(snip)
In August 2007, United States’ wiretapping
law changed: the new Protect America Act
permits warrantless foreign-intelligence wiretapping
from within the US of any communications
believed to include a party located outside
it. US systems for foreign intelligence surveillance
located outside the United States minimize access to
the traffic of US persons by virtue of their location.
The new act could lead to surveillance on an unprecedented
scale that will unavoidably intercept some
purely domestic communications. A civil liberties
concern is whether the act puts Americans at risk of
spurious—and invasive—surveillance by their own
government, whereas the security concern is whether
the new law puts Americans at risk of illegitimate
surveillance by others.
Building surveillance technologies into communication
networks is risky. The Greeks learned this
lesson the hard way; two years ago, they discovered
that legally installed wiretapping software in a cellphone
network had been surreptitiously enabled by
parties unknown, resulting in the wiretapping of
more than 100 senior members of the government for
almost a year.1 Things are not much better in Italy,
where a number of Telecom Italia employees have
been arrested for illegal wiretapping (with attempts
at blackmail).2
In this article, we focus on security, not civil liberties.
If the intercept system is to work, it is important
that the surveillance architecture not decrease the security
of the US communications networks. Although
we are writing about a US law and its consequences
for the security of US communications, the examples
of Greece and
Italy make clear
that the same issues occur internationally.
Background
The combination of data sources may make this surveillance
more powerful—and create more risk—than
was intended. We start with background on legal and
policy issues, then technical concerns; this extensive
background is necessary because architecture matters
a lot, and in subtle ways.
(snip)
http://www.crypto.com/papers/paa-ieee.pdf