Large-Scale Surveillance Systems Create Security Risks

from the unauthorized-access dept

There's been a lot of discussion, here and elsewhere, about the dangers that expanded government surveillance pose to civil liberties. The Constitution protects the right to be free of unreasonable searches, which the courts have held includes electronic eavesdropping, and many people, myself included, think that recent proposals for expanded wiretapping threaten that right. But less attention has been paid to the security risks created by expanded eavesdropping programs. Matt Blaze and some other computer security experts have a new article documenting the risks concerning eavesdropping systems that themselves could be compromised, allowing unauthorized third parties to use government surveillance networks for their own ends. That's what happened in Greece, when someone managed to hack into the Greek surveillance infrastructure and listen in on dozens of senior government officials. Blaze and his co-authors argue that the more information collected by a wiretapping scheme, the greater the damage that will be done if it's ever compromised. The Protect America Act, which Congress passed last August and is due to expire in a few days, authorizes virtually unchecked government interception of communications between Americans and those overseas. The paper warns that the safeguards in the Protect America Act are inadequate to protect Americans from a compromised surveillance network. Congress would do well to listen.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Thom, Jan 31st, 2008 @ 3:37pm

    Ummm

    The vast majority of Americans have no out of the country contact but the vast majority of Congressmen and Senators do - if not due to personal business matters then to government ones. Perhaps all we need to do is point out that it's only a matter of time before their shady dealings are exposed by this program. That should get their attention and make them think twice.

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Bender, Jan 31st, 2008 @ 4:43pm

    They can surveil my shiny metal ass

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Jan 31st, 2008 @ 4:46pm

    Re: Ummm

    Well, technically a lot of gamers DO have out of country contact via whatever online game they are playing. From playing on servers based on Europe to players from outside the US playing on US based servers, some people DO have contact with people that are not American.

    of course it's usually stuff like "STFU NOOB" and "USA SUCKS" or even "MORE DOTS MORE DOTS MORE DOTS" but it is just ignorant to say that many people with Internet access only have contact with people in their own country.

    The point to this? All the wire-tapping and surveillance will include all online activities.

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    Steve R. (profile), Feb 1st, 2008 @ 5:35am

    ALL Large Scale Security UNSAFE

    Regretfully my "sound bite" generator isn't working too well. We need a Murphy Law for security. Any large scale deployment of a security system to serve an infinite population is fundamentally unsafe.

    At a fundamental level, as more and more people acquire "keys" to access the "protected" system, the greater the chance that one of them will prove to be a nut case, a fanatic, an opportunist, disgruntled, etc. (It is not uncommon for a fired (just or unjust) employee to strike back.)

    Another way to put it, the more "keys" one has, the easier it is to "lose" one. Then if you have to change the "key" it becomes an administrative nightmare trying to get everyone a new "key".

    Not only that, but all companies and governments are in competition for employees. What does that mean? You might start off having high employment standards, but then you find you can't hire enough staff, so you lower your standards and you skimp on security checks. The sleeper terrorist is then able to sneak in. (also the nut case, etc.)

    PS: This also applies to DRM technologies. Eventually someone on the inside will publicly disgorge the security "keys".

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Feb 1st, 2008 @ 10:16am

    So its ok for you to hype security issues that the govt. has but its not ok for security companies to hype known security issues?

    What is the difference? Oh, thats right, you don't like the govt.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Steve R. (profile), Feb 7th, 2008 @ 5:57am

    Re: ALL Large Scale Security UNSAFE

    I just had to re-register for a re-deployment of our time card system. To gain access to the system, I had to riffle through a whole bunch of papers containing my passwords and login IDs for a variety of systems in order to find the login ID and password that I needed.

    So we have systems that are supposedly "secure" but the users have little pieces of paper in obvious locations that would give virtually anyone access to these supposedly secure systems.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This