The politics of wiretapping and encryption

Book Excerpt: Privacy on the Line

1 2 3 4 5 6 Page 6
Page 6 of 6

The push to expand the interception of communications comes at a time when police have experienced an unprecedented expansion of their powers of surveillance in almost every area. Advances in electronics permit subminiature bugs that are hard to detect electronically or physically. Video cameras watch streets, shops, subways and public buildings. Vast databases keep tabs on the credit, the possessions and the criminal records of most of the population. Many of these facilities play far greater roles in criminal investigations than wiretaps.

The broadening and deepening penetration of telecommunications into our lives has also shifted the standards of nongovernmental surveillance of communications. Although the telephone calls of workers who deal directly with the public are often monitored or recorded for "quality control and training purposes," in other areas of employment, some respect for employee privacy seems to prevail. Whether actually required by law, customary, or merely seeming proper to everyone involved, there is still a notion that probable cause is required before an employee's communications can be spied on.

The Internet has changed all of this in two ways: Surveillance has become nearly universal, and it is done not by people but by machines. The new instrumentalities of surveillance, moreover, are not passive, like tape recorders; they are active, blocking, censoring and deleting communications. A number of factors have come together to bring this about.

The most conspicuous are the real dangers of Internet communication to enterprises. Break-ins, denials of service, viruses and worms are all capable of interfering with enterprise computing, a feature of business that now is just as important as power and light and good employee health. Businesses have responded by installing firewalls that prevent the entry of any malevolent material they can recognize. Not only would it be hard to deny the legitimacy of this action, but in most cases, it serves the interests of all parties. Employees are, by and large, grateful when their email is not so cluttered with spam that they miss messages on which doing their jobs depends.

Other measures put employees more at odds with their employers. Although an employee could tell a company secret to an unauthorized person over the phone, that was not a channel by which an actual copy of a confidential document could be conveyed. Today companies ask "What is to prevent my employees from mailing my most valuable secrets to my competitors?" Responses vary. In extreme cases, like the intelligence agencies, there are separate internal and external networks with only the most tightly controlled connections. More commonly, e-mail is recorded so that leaks can be confirmed and analyzed by later investigation if the occasion arises. For companies that do not consider recording sufficient, there are programs that attempt to detect proprietary content in communications crossing the corporate firewall and either alert a security officer or block communications altogether. For a corporate security officer, every day's mail, e-mail and voice mail brings new pitches from companies claiming to do this more effectively.

Controlling improper use of the Internet by employees also makes up a big piece of the modern information-security pie. From one angle, recreational on the job use of the Internet is a productivity issue. If a job requires Internet use, it is difficulty to tell whether an employee is trying to get the best price for corporate travel or planning an upcoming vacation. In this respect, it is no different for the productivity concern about an employee who spends too much time chatting with friends on the telephone rather than chatting up customers. In another respect, it is far more serious. If an employee is looking at sexy pictures on a workplace display, another employee may be justified in filing a sexual harassment complaint, with devastating consequences for the employer.

Tools used to limit Internet browsing to material employers consider safe combine limitations on the sites that can be visited with scrutiny of the material received. The technology is unsettlingly similar to that employed by parents to control their children's use of the Internet.

Podcast:
Related Podcast: Author Whitfield Diffie discusses the importance of encryption, the importance of open source, and the future of security systems with Online Projects Editor Joyce Carpenter. Duration: 13 minutes

Privacy on the Line: The Politics of Wiretapping and Encryption

ir?t=computerworld-20&l=ur2&o=1

By Whitfield Diffie and Susan Landau

Copyright 2007, Massachusetts Institute of Technology

ISBN 978-0-262-04240-6M

Used with permission of The MIT Press.

Copyright © 2007 IDG Communications, Inc.

1 2 3 4 5 6 Page 6
Page 6 of 6
7 inconvenient truths about the hybrid work trend
Shop Tech Products at Amazon