Electronic Surveillance in the

Snowden AgeProf. Stephen B. Wicker

School of ECECornell University

Nothing New Here!Mass Data Collection in 1876

Congressional committee investigating real estate fraud seizes three-quarters of a ton of telegraph messages from the Atlantic and Pacific Telegraph Company

“Unconstitutional and indecent”!◦ New York Times, June 24, 1876◦ Cites potential for blackmail

Wiretaps Running Wild The practice of wiretapping or listening-in

goes back as far as 1895. Originally it was done in a loose way on verbal request, and no record was made of it...

Two years ago I decided that there ought to be some check to prevent its use becoming wild … it would do irreparable damage to the company.

1916 Testimony of John Swayze, General Counsel of the New York Telephone Company

The NSA collects “metadata” on calls of every cellular subscriber in the United States

Edward Snowden: “the public needs to decide whether these programs and policies are right or wrong.”

Mass Data Collection - 2014

Technical Issues◦ Centralized vs. End-to-End Architecture◦ Fateful Design Decisions

Legal Issues◦ 3rd Party Doctrine◦ Failure to account for new technology

Solutions◦ End-to-End Architecture◦ Unlicensed Spectrum◦ Open Source Devices

Why does the Government do this? Because it can…

The first telephones were very simple

All of the brains resided in the network

TECHNICAL ISSUES:1876 - A Centralized Architecture

2014 – Same Basic Approach

Phones can dial and ring

Services are controlled by the network

Second Avenue Exchange, NYC

Alternative:The End-to-End Architecture

Brains at the endpoints◦ A function or service should be carried out within

a given layer only if it is needed by all clients of that layer, and it can be completely implemented in that layer.

8

Telephone 800 numbers◦ The network converts and connects◦ The handset never knows the real number

Internet Domain Names◦ The host uses DNS to resolve domain name◦ The host gets the real IP address and connects

Real Differences…

10

Barbara van Schewick, Internet Architecture and Innovation

Centralized architecture◦ Innovation is more difficult

◦ Can’t access equipment on which to run your software/interconnect your hardware Only recourse: Try to sell your idea to a service provider…

End-to-end architecture◦ Easier to innovate

◦ Deployment, testing done on local machines

The Impact of Architecture on Innovation

AT&T attempts to block telephone connection to wireless modem◦ Acoustic connection

FCC gets its right (1968)

Opens door to FAX machines and modems

Impeding Innovation?The Carterphone Decision

An old idea (~1948), delayed by the FCC

Innovative use of spectrum

Add-on to existing infrastructure

Cellular Technology

~ 6 billion cell phones in use today.

All major forms of modern electronic communication on one platform. ◦ Texting (SMS), Email, Web-

Browsing, iPod/Podcasts/Music, Games, Location-Based Services…

Major platform for speech of all types.

Cellular Convergence

Cellular is a Surveillance Technology

How do we route incoming calls to mobile users?

Cellular registration messages several times a minute.

What kind of data?

BSC

BTS

BSS

BSC

MSC

MSC

VLR

VLR

EIR

AuC

HLR

OMC

NMC ADC

Accounting

Interface

LEGAL ISSUES:Content vs. Context Metadata: data about data. Not very clear…

Let’s use content and context instead.

Postal mail analogy:◦ Suppose you write and mail a letter to your Mother

◦ The information in the letter itself is the content.

◦ The information on the envelope is the context. Your address

Mom’s address

Postmark Location

Date

Context data is data about the context in which communication takes place.

The Key Case (1976, 7-2):Miller v. United States The facts:

◦ Miller was a modern-day bootlegger – didn’t pay his taxes!

◦ Bank records (checks, deposit slips) used to obtain warrant

No reasonable expectation of privacy in records held by third party◦ Applied Harlan test from Katz case

◦ Justice Powell: The checks are not confidential communications, but negotiable instruments to be used in commercial transactions. All of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business. [Emphasis added]

Application to Telephony:Smith v. Maryland (5-3, 1979)

The facts:◦ Smith was harassing a woman whose home he had robbed

◦ Police placed a pen register at central office Record numbers dialed by Smith

No violation of 4th amendment◦ Justice Blackmun: First, we doubt that people in general

entertain any actual expectation of privacy in the numbers they dial. All telephone users realize that they must "convey" phone numbers to the telephone company, since it is through telephone company switching equipment that their calls are completed.

There is no expectation of privacy in the context of a communication

The 3rd Party Doctrine

“… knowingly revealing information to a third party relinquishes Fourth Amendment protection in that information.”

Orin Kerr, “The Case for the Third- Party Doctrine,” Michigan Law Review, 2009

The context information used by the network to facilitate communication is “knowingly revealed.”◦ Phone numbers, e-mail addresses, cellular location

data (sort of), …

Doctrine Embedded in Electronic Communications Privacy Act

Title I: Electronic Communications in Transit◦ Probable cause/Rule 41 Warrant

Title II: Stored Electronic Communication◦ “Specific and articulable facts" showing that the

information is “relevant and material to an ongoing investigation”

Title III: Pen Register/Trap and Trace Devices◦ Certification that the information to be obtained

is “relevant to an ongoing criminal investigation.

Section 215 of the USA PATRIOT ACT

Amends ECPA The FBI may require:

◦ … the production of any tangible things (including books, records, papers, documents, and other items) for an investigation to protect against international terrorism or clandestine intelligence activities…

On this basis, the NSA collects all cellular phone records generated in the United States◦ The detailed legal justification is a secret

Context Data Has Become Increasingly Revealing

By itself:◦ Networks of friends, acquaintances, medical,

legal, supposedly anonymous sources…◦ Location data particularly revealing

In conjunction with other data:◦ Correlation attack: de-anonymize what

would otherwise be anonymous

Bob calls his wife on his cellphone.◦ “I’ll be home in an hour”

Content requires a warrant

◦ Bob is calling from his mistress’ house Context does not require a warrant

Which does Bob find the most revealing?

Context Data in Context

The Societal Impact of Privacy Invasion

What’s the downside?◦ Frequent response: I have nothing to hide…

Others have thought this through a bit more deeply

Jeremy Bentham (1748 – 1832)

English jurist, philosopher Advocate of utilitarianism Legal positivist –

considered natural rights to be “nonsense on stilts”

Proposed the Panopticon as a means for reforming penal system.

The Panopticon

A proposed prison in which the cells were arranged radially about a central tower.

The cells were backlit so that a guard in the tower could always see the prisoners, but the prisoners could never see the guards.

“A new mode of obtaining power of mind over mind, in a quantity hitherto without example.”  Jeremy Bentham, The Panopticon Writings 

Michel Foucault and Societies of Discipline

Characterized the impact of the Panopticon's pervasive and undetectable surveillance as assuring “the automatic functioning of power”◦ Results in “docile bodies” - ideal for the regimented

classrooms, factories, and military of the modern state

“Hence the major effect of the Panopticon: to induce in the inmate a state of conscious and permanent visibility that assures the automatic functioning of power. ”  Michel Foucault, Discipline and Punish 

The cellphone is the greatest platform for personal expression ever devised.

Surveillance channels the use of cellular technology into the innocuous and mundane.

The Cellular Panopticon

Enough is Enough

No public discussion of policy◦ Secret legal interpretations

Exploitation of technologies developed by others◦ Just because they can…

Destroying faith in service providers, Google, FaceBook, …

Surveillance-free cellular is attractive and feasible:◦ Unlicensed Spectrum◦ End-to-End Architecture◦ Public Key Crypto◦ Open-Source Development

Another Way

Unlicensed SpectrumCellular use of WiFi Cellular service providers already offload

data and voice through WiFi connections◦ Unlicensed Mobile Access (UMA)/GAN◦ Supports handoffs and incoming “calls”!

Can be exploited by unlicensed cellular devices

End-to-End Cellular

Handset controls access, handoffs◦ Listens to nearby access points and towers, picks

accordingly◦ Session Initiation Protocol (SIP) signaling used to

request new IP addresses when needed Handset controls channel selection

◦ Code/Time Slot/Frequency◦ Contention resolution?

The individual controls his or her personal information

Interesting problems remain to be solved◦ End-to-end architecture leaves room for many,

many problem solvers

Transparent Equipment Design:Open Source Development

1983 - Richard Stallman and GNU◦ General Public License (GPL)

1991 – Linus Torvalds and Linux There are Linux-based cellular handsets

◦ They use Linux only for running application software

◦ We need to get deeper (lower layers)

Complete open-source handset development would prevent inclusion of hidden software like Carrier IQ

Conclusions

There is a growing market for cellular privacy

Technical solutions are available

Transparency and discussion can leave a role for law enforcement…