This is a technical discussion of how US policies enable Oppressive Regimes to monitor their citizens web traffic. I’m not going to discuss the legality of these methods or their ethical place in society. I’m only talking about the technical reasons for the dispersion of this technology; I am not advocating or deploring its use.
The thesis of this article is this: When the US creates new regulations that provide government incentives towards monitoring and analyzing the actions of its citizens, it simultaneously enables those same technologies for governments all over the world.
Let’s dive in to see how some regulations and technologies have impacted global freedoms.
The Communications Assistance for Law Enforcement Act was passed in 1994 along with Bill Clinton’s telecom reform act (which will live on seemingly forever in infamy). It basically said that Telecom operators, when prompted by an act of law enforcement, must make resources available for the monitoring of user activity. This was intended to address the FBI’s growing concern that calls made over the Internet would be untraceable. Several technologies were invented to comply with these requirements including Deep Packet Inspection, the growing proliferation of fiber tapping technologies (like Vampire Taps) and a ton of firewall innovation. Of these, the two I’d like to talk about are DPI and Fiber Tapping.
Deep Packet Inspection
Basically, prior to DPI, all firewalls operated on context. A firewall knew a packet was from a place, had a destination and may have an application type displayed, but firewalls were once essentially content-blind. Deep Packet Inspection changed that, allowing firewall managers to route packets based on their content instead of their context. This is a subtle difference, but the reality is staggering. For example, concealing the identity of your call (your phone number) would not hide the content of your call (what you talked about). There are a number of attempts at evading these sorts of problems, but the reality is that DPI is intended to make it easier for operators to see what’s really happening on their networks. Think of it this way: if the internet was the US Postal Service, Deep Packet Inspection lets the USPS route based upon what you wrote in your letter instead of the address on the envelope.
Fiber tapping has gotten a lot more advanced over the last few years, and arguably a lot easier. Vampire Taps have been around for a while, but they’re now so small now and so fast, it’s hard to argue that any length of fiber is secure these days. We always say in cryptography, that if the physical infrastructure is compromised it is nigh-impossible to secure the transmission, and that’s certainly the case in the US. We have modelled how to split fiber paths, duplicate user data and analyze this information asynchronously and how to do this at scale. It’s pretty cool, but all this tech is not in a vacuum.
The World Stage
So all this tech is built for the US government, but the demand for this technology is certainly not limited to our domestic shores. There are a great many countries around the globe that want this technology and they’re quite willing to pay for it. One need only look at the great firewall of china to learn of the adaptation of this technology abroad. I don’t need to go into details, but there are a great many companies that build this tech for the US and then sell it overseas to what we consider oppressive regimes.
The question that I find myself asking is this: why is it oppressive when it happens in other countries but not when it happens here? I think the answer is that we believe we have controls in place to prevent abuses of power, but the evidence of the past decade stands in stark contrast to that conclusion.
The US and its political leaders should closely evaluate the ideals they wish to embody and should introduce strong controls to limit the scope of this monitoring, as they have done in the past. It is, in this author’s opinion, quite unnecessary to record all audio in the United States, but it is technically feasible to do. That is the sort of reality we need to guard against.