Saturday, 13 July 2013

Deterring Terrorism?

The  widespread internet surveillance  by NSA/GCHQ have been justified on the basis of being an essential tool in the fight against terrorism. 

We are being asked to believe that applications such as Facebook and  Skype are being used by terrorists, rogue states and those people who would wish Western Democracies harm and must be monitored. Such is
 the spin against the whistleblower who has brought these revelations to light.

In this piece in the Guardian Simon Jenkins notes, "Any fool can see that electronic data scooped into a "top secret" cloud are virtually free to air. That is why counsel in British trials are advised not to use email lest it be accessed by police and prosecutors."

If lawyers in London know that email privacy is compromised the notion that any serious terrorist operation would be using internet communications applications is extremely silly. 

But, what kind of communications would a terrorist unit actually use?

There are ways to encrypt email messages but encryption would certainly alert the all seeing eyes at NSA/GCHQ - both the sender and the receiver would be seen to be of interest. It would be like walking up to a UK military installation wearing a burkha - it may hide your appearance but it will certainly wake up security. Similarly, the use of covert internet browser tools such as TOR may act as temporary cover, but, keeping in mind that TOR development was originally sponsored by the US Naval Research Laboratory, the notion that it couldn't be compromised seems very unlikely.

The best way to send a secret message is to disguise it so that no one, outside the intended recipient, is aware that it is a message. 
This concept, which has been around for over 2000 years, is called Steganography. The trick is to conceal a message within something which is openly transmitted and serves some other, legitimate purpose. 

One way to do this is with digital photographs. Send your agent off with a few ordinary family photographs on his computer. (A digital photograph is a file full of numbers that correspond to the colours of the points that make up the picture.)  Then, when you want to send a message to your agent all you need to do is put a slightly modified version of that same image on a file sharing site where anyone can view and copy it (Facebook or whatever). Then, using a simple application the modified image can be compared to the original image. The colour values of each point on the modified image will be subtracted, one by one, from the values of each point of the original.  What is left is mainly zeros, where the two images are identical, but the non-zero values contain the message. These numbers can then easily be converted to text.  

The changes to the image will be so subtle as to make no significant difference to the picture to an outsider. Only a numerical comparison of the two files will reveal a difference and, as only the modified version of the image ever needs to get out on the internet, even Alan Turing couldn't help with that one.

There are variations on this, data can similarly be added to digital audio files and extracted in the same way. Thus, an answering machine message could contain an embedded message. To extract the message the arithmetic comparison with a corresponding saved version would be performed.

Of course, if it was thought that a particular file contained a message, even one that couldn't be decoded, an analysis of those who had read the file could be useful. But some files that could potentially conceal a message have millions of viewers. A popular Youtube video, (a movie trailer for example) that contained an embedded secret message, could be viewed in all innocence by numerous viewers, and the one informed viewer who knew what frame to examine could extract the hidden message.    

So, if no serious covert group would use the likes of Skype and email for messaging, when much more secure means exist, why then is all this taxpayer money being spent examining the use of these applications by everyone else?

Here are a couple of reasons. 

One is that private industry has persuaded governments that money, that might other wise be spent on schools, hospitals etc, should be diverted to this alleged antiterrorist defence. A bit like Britain's nuclear deterrent, which was also  developed at huge cost and without parliamentary discussion. (And is also totally dependent on the cooperation of the USA if it is ever to be used.) The bodies that have persuaded governments to fund this surveillance have profited hugely from it.

Secondly, British law enforcement is very fond of surveillance, it prevents the need for detective work. Recently it was revealed that Special Branch had an undercover officer, long term, in a Greenpeace group that was protesting against McDonalds. mclibel-leaflet-police-bob-lambert-mcdonalds  This ludicrous exercise cost the taxpayer £250,000 a year for five years. In the Stephen Lawrence murder case, stephen-lawrence-special-branch-mcpherson-inquiry  "..police spied on Brooks and the Lawrence family in an attempt to discredit the campaign for justice for Stephen Lawrence." And the British police have famously used their special access to mobile phone data, exchanging information for money, so that the tabloid press can track down movie stars. Clearly the police will make the case to government about how useful such tools are but do we really want to give them more surveillance tools to abuse?

It is not a case of, 'if you haven't done anything wrong you've nothing to fear." Democracy is not facilitated when peaceful protest can be neutralised through the use of illegally obtained information.

This is not about deterring terrorism or anything close to it. It is about big contracts with IT companies providing tools for harvesting personal data. With this data for potential use against those who would use protest and the democratic process to challenge those in power. 

No comments:

Post a Comment