The history of privacy

Topic: 

In recent times, we've seen a lot of debate about eroding the 4th amendment protections against surveillance in the interests of stopping terrorists and other criminals.

It's gotten so prevalent that it seems the debate has become only about how much to weaken the 4th. Nobody ever suggests the other direction, strengthening it.

Let's dip back into historical perspective, and think of the late 18th century, when it was written. In those days surveillance was a simple thing to understand. It required human beings who were physically present to watch you, or search your house. The closest thing to remote surveillance was the idea of opening somebody's mail while in transit.

More importantly, it didn't scale. To watch 100 people you needed 100 teams. You could watch the town square but otherwise large scale surveillance simply wasn't physically possible.

And yet, even with this limited set of things to worry about, the signers of the bill of rights felt they had plenty to fear. If you could describe today's techniques of surveillance to them -- where we can observe people from a distance, plant bugs in their homes, see them through walls, detect sounds from windows and read electronic emissions; where we can listen to a person by keying in a number at our desk, and where, most shockingly of all, through computers observe the activities of effectively everybody -- they would have gasped in shock.

Their reaction would not have been to say, "We had not realized there would be all these new useful tools of surveillance. We had better open up exceptions in the 4th to be sure they can be used effectively." I think they would have instead worked to strengthen the 4th to prevent these new tools.

After all, they were revolutionaries. Had the King been able to data-mine the call records of colonial America, no doubt he would have discovered all those seditious founding fathers and rounded them up quickly.

So I ask, as the surveillance tools become stronger, doesn't it make sense that the protection from them should become stronger, to retain balance? Society can still benefit from better police technology by making it more precise, rather than more broad. This is not saying give up what technology can do to protect us from crime, but rather to channel it in the right direction.

Because the tools are going to get even better and "better." The balance is going to continue to shift until there's very little of the original design left.

Comments

So true! But what is the alternative? Non perhaps.

Seriously, this is a very real and relevant question.

TOR was developed out of US Naval research funding and continues today to be primarily developed by people who appear to be/hav been funded from US military research grants.

TOR developers openly admit the the TOR network is used by US military and intelligence organizations to anonymously collect information on foreign organizations.

If this is so then ALL non-US TOR network server nodes could aiding and abetting a foreign power (the USA) to spy on their own countries.

Obviously, this is a jailable (and sometimes captial) offense in most countries.

Currently, reasonable attempts to obtain reassurances from TOR management/developement on this subject (or leading subjects) have resulted in side-stepping, obsfuscation, dirty tricks and threats from top TOR development members (Dingledine & Mathewson). This, together with a whole hord of apprently carefully co-ordinated action by their flunkies in the wider "tor dev" community, serves to suggest that TOR is indeed US spy technology, ironically branded as (a) PRIVACY software/system.

I'd be grateful for your comments before I begin advising folk to shut down their TOR server nodes.

I notice the EFF sponsors TOR. Is this wise?, in the light of TOR possible (and perhaps now probable) indication in it use as a spy tool against non-US nations.

Thank you for your time. Good health.

So anybody is able to look at it to see if there are security flaws that could allow traffic to be spied upon, and to the best of my knowledge people have done this and not found such flaws.

You yourself can look at it and judge it.

Why did you move the subject away from using TOR to spy on non-US countries, to spying on TOR traffic? I am confused.

It is true that US intelligence agencies operate a large number of TOR servers (nodes) which allow them to successfully spy mainly on domestic traffic. TOR is ineffective at defending TOR users from this sort of attack and no doubt if TOR dev is funded by the US military/intelligence then open source code or not they will not have allowed to be incorporated into the TOR code, anything which will stop their traffic spying.

That aside, my question explicitly, and only, concerned the use of the TOR network, by the US military and intelligence agencies, to spy on non-US countries.

Any non-US resident setting up a TOR server within his own country would be committing the offense of aiding and abetting a foreign power (the USA) to spy on their own country and are therefore illegal.

My question was very explicit and I am puzzled by your response, and perhaps concerned that misplaced US "patriotic" interests may be clouding the issue here.

Surely the EFF (as well as TOR dev) has a duty to protect ALL of its users not just those in the USA?

Can you please respond on the issue that I raised? This is a very a serious subject matter for those who are not US citizens.

I'd like to hear your comment on the EFF's attitude to the use of TOR by US military and intelligence agencies as an anonymizing network being used to illegally spy on and commmunicate with spy networks within side foreign countries (sometimes friendly coutries).

Perhaps, you are unaware, but recently (the story is almost entirely suppressed in the USA), there was the sudden (supposedly accidental believed to be murder - one fell from a road bridge on his morning walk to the local shops) deaths of (I believe so far 2) young(ish) engineers responsible for uncovering / investigating an automated spy network illegally inserted into the Italian cellular phone networks. The spying was wholesale right across Italy's political spectrum, to the very top and went into every aspect of senior Italian life including religious leaders, mafia, senior scientists and corporate leaderships.

Text messages, voice relaying, open circuit mobile phone bugs and mobile phone tracking for location surviellance of targets.

The CIA have been cited as being responsible, but the puzzle remains as to who planted the spy software/firmware and hardware subsystems in to the Italian phone networks. Obviously, the CIA could not have done this on their own.

Elsewhere, others (on US forums - often deleted) have suggested the surveillance sub-system was planted by international zionists and that many other countries may have similar sub-systems in place, planted there by their own zionist populations. Of course, if this is the case then the CIA may have been given access to these sub-systems on a reciprocal basis. Hence the uncovered Italian espionage matter linking with the CIA.

Sir, I look forward to your reply, though I am now uncertain, that I will find what I am looking for.

Thank you.

Yes, people could operate TOR exit servers to look at that traffic. They would not learn who initiated the traffic, unless that was contained in the traffic. If they operated entry servers, they would learn who did the traffic but not what was in it. If they operated enough of both they could learn both with traffic analysis. They can also learn this, if they are spy agencies, by having taps on the regular internet traffic of users.

These problems are known and widely discussed. The only solutions to some of them are just to have lots and lots of non-compromised servers so the chances of both going in and out through a compromised server are low. (A compromised server in the middle is not nearly the risk.)

However, techniques of traffic analysis are getting better and better and do indeed have people worried.

Where do you get the information that a significant number of the TOR servers are run by spies for the purpose of intercept? Not that it could not be true, of course, just wondering the source of it.

To respond on behalf of the other poster: It's in the IP. Quite simply, I have been told by a competent and knowledgeable person, doing a DNS lookup on the IP address reveals the owner of the server.

Add new comment