Large-Scale Surveillance Systems Create Security Risks
from the unauthorized-access dept
There’s been a lot of discussion, here and elsewhere, about the dangers that expanded government surveillance pose to civil liberties. The Constitution protects the right to be free of unreasonable searches, which the courts have held includes electronic eavesdropping, and many people, myself included, think that recent proposals for expanded wiretapping threaten that right. But less attention has been paid to the security risks created by expanded eavesdropping programs. Matt Blaze and some other computer security experts have a new article documenting the risks concerning eavesdropping systems that themselves could be compromised, allowing unauthorized third parties to use government surveillance networks for their own ends. That’s what happened in Greece, when someone managed to hack into the Greek surveillance infrastructure and listen in on dozens of senior government officials. Blaze and his co-authors argue that the more information collected by a wiretapping scheme, the greater the damage that will be done if it’s ever compromised. The Protect America Act, which Congress passed last August and is due to expire in a few days, authorizes virtually unchecked government interception of communications between Americans and those overseas. The paper warns that the safeguards in the Protect America Act are inadequate to protect Americans from a compromised surveillance network. Congress would do well to listen.
Filed Under: civil liberties, eavesdropping, greece, privacy, wiretapping
Comments on “Large-Scale Surveillance Systems Create Security Risks”
Ummm
The vast majority of Americans have no out of the country contact but the vast majority of Congressmen and Senators do – if not due to personal business matters then to government ones. Perhaps all we need to do is point out that it’s only a matter of time before their shady dealings are exposed by this program. That should get their attention and make them think twice.
Re: Ummm
Well, technically a lot of gamers DO have out of country contact via whatever online game they are playing. From playing on servers based on Europe to players from outside the US playing on US based servers, some people DO have contact with people that are not American.
of course it’s usually stuff like “STFU NOOB” and “USA SUCKS” or even “MORE DOTS MORE DOTS MORE DOTS” but it is just ignorant to say that many people with Internet access only have contact with people in their own country.
The point to this? All the wire-tapping and surveillance will include all online activities.
They can surveil my shiny metal ass
ALL Large Scale Security UNSAFE
Regretfully my “sound bite” generator isn’t working too well. We need a Murphy Law for security. Any large scale deployment of a security system to serve an infinite population is fundamentally unsafe.
At a fundamental level, as more and more people acquire “keys” to access the “protected” system, the greater the chance that one of them will prove to be a nut case, a fanatic, an opportunist, disgruntled, etc. (It is not uncommon for a fired (just or unjust) employee to strike back.)
Another way to put it, the more “keys” one has, the easier it is to “lose” one. Then if you have to change the “key” it becomes an administrative nightmare trying to get everyone a new “key”.
Not only that, but all companies and governments are in competition for employees. What does that mean? You might start off having high employment standards, but then you find you can’t hire enough staff, so you lower your standards and you skimp on security checks. The sleeper terrorist is then able to sneak in. (also the nut case, etc.)
PS: This also applies to DRM technologies. Eventually someone on the inside will publicly disgorge the security “keys”.
Re: ALL Large Scale Security UNSAFE
I just had to re-register for a re-deployment of our time card system. To gain access to the system, I had to riffle through a whole bunch of papers containing my passwords and login IDs for a variety of systems in order to find the login ID and password that I needed.
So we have systems that are supposedly “secure” but the users have little pieces of paper in obvious locations that would give virtually anyone access to these supposedly secure systems.
So its ok for you to hype security issues that the govt. has but its not ok for security companies to hype known security issues?
What is the difference? Oh, thats right, you don’t like the govt.