should governments monitor network usage to support national defense
TRANSCRIPT
SCHOOL OF COMPUTER SCIENCE AND INFORMATICS
Should governments monitor network usage to support national defence?
CM3399 Communication Networks and Pervasive Computing
Philip Strong
0807259
Threats to national security are increasingly common on networks such as the internet. This document argues that
government monitoring could aid in reducing the risks posed by cyberterrorism and aid in reducing civil crime,
whilst increasing evidence to prosecute for criminal activities and acts of terrorism. The balance between a
nationwide network monitoring system and individual safety is noted, as is issues regarding regulation of such a
system and the extent to which it should be used.
Introduction
Networks are prevalent in communications between almost all groups and organisations in modern
society, which are used as a remarkable tool for productivity and social interaction by the majority of the
population. However, it is a growing concern that networks are used for communication and activities by
groups and countries that can pose a threat to the security of a nation state.
Governments have the opportunity to monitor the usage of these networks to attempt to reduce the risks
presented, however many argue that it would become an invasion of privacy and that interference with
the way networks such as the Internet are used could reduce the usefulness of them as a tool. However,
steps are being taken already to implement measures to monitor the actions of the general public in the
interest of national defence (Whitehead, T. 2009), and other methods of policing the internet are
becoming prevalent (Orlowski, A. 2011).
In this paper it will be argued that minor invasions of privacy from government monitoring and changes to
the way we use networks are less important than the security of a nation and the population residing
within it, drawing on examples where networks have been used to facilitate a threat to national security,
and monitoring from governments may have been able to reduce the effects.
Cyberterrorism and Cyberwarfare
Cyberterrorism can be defined as the use of networks to cause disruption and/or damage to people,
property or information, intimidation or coercion of a government or its people or attempts to cause
severe economic loss (Denning, 2000), though an exact definition does not currently exist and is the topic
of debate amongst industry experts (Baranetsky, V. 2009). Cyberwarfare is similar to cyberterrorism but
may be a politically motivated attack at a particular institution or financially motivated attack at a company
or competitor.
With so many industrial devices relying heavily on computer control systems and networking,
cyberterrorism is indeed an apparent threat to most nations and institutions. A particular example of
where networks have been used to cause loss of finance, national service or even life is the Stuxnet worm,
designed to target industrial control systems running Siemens industrial software (O'Murchu, L. 2010).
Much speculation has arisen as to the source and target of the Stuxnet worm, and targets such as Iranian
power stations have been suggested due to the nature of the payload and the density of infections in Iran
(Zetter, K. 2010). More worrying is the complexity of the code, the specific nature of the target and the
cost involved in creating such an advanced virus, implying that the worm was built and funded by a nation
state, with the intention of damaging industrial control systems of another nation. These control systems
are found in pipelines, nuclear plants, utility companies and manufacturing facilities (Zetter, K. 2010), and
as such forced failure of these systems may cause financial loss, political unrest or even loss of life.
Had stricter monitoring techniques been employed the malware may not have managed to facilitate as
wide an infection as it managed, and could have been detected by a higher authority. Earlier detection may
have also given clues as to the origin of the malware, but infection on over 100,000 computers
(SPAMfighter. 2011) across the world by the time of detection would mask the geographical or network
location of a source. Network monitoring could reveal the source of such attacks and therefore reduce the
effectiveness of local and global networks in similar situations.
Monitoring and logging of networking could allow intelligence agencies to track the path the malware took
after release into the wild, and as such traversing the tree of infections may in this instance eventually lead
to evidence of the source of the worm. Similar attacks may become more common and steps must be
taken to protect the interest of the nation.
Another example of this type of attack is the recent hacking of a US water utility, resulting in a destroyed
pump. Again, a SCADA system was infiltrated and the pumps or the SCADA system were forced to
repeatedly switch on and off again, burning out the pump (Goodin, D. 2011). A second proof of concept
attack occurred the following day on a different water utility in Houston, Texas (Gooding, D. 2011).
Social Networking
The London riots of August 2011 were initially merely a peaceful demonstration (Bolesworth, S. 2011).
What started as a tribute to a man shot by the police, quickly turned into a dangerous riot situation, with
estimates of the damage caused totalling £300m (Dodd, V. 2011).
Social networking services such as Facebook, Twitter and BlackBerry Messenger (BBM) have been blamed
for increasing the rate at which the riots spread, starting in London but spreading to several major cities in
the UK (Potgieter, A. 2011). It has been suggested that the authorities could have reduced the level of
violence and scale of the rioting by monitoring these social networking services, especially BBM, with its
untraceable nature (Halliday, J. 2011).
With untraceable and anonymous communication methods so readily available, criminal acts are difficult
to trace and easy to facilitate. A government monitoring system would give authorities information
required to tackle criminal activity that is being organised with these commercial communication systems,
such as locations of planned criminal activities or to help with prosecution of individuals and groups who
are involved in organising and coordinating such acts.
Privacy versus Safety
Privacy against safety is a common debate in several related areas. The primary concern for the general
public would no doubt be a loss or invasion of privacy incurred by the continuous monitoring of their
actions. However, in a world where it is getting increasingly easy to exercise criminal activity on the
internet, a balance must be struck whereby the safety of the public is equally weighted against the privacy
of the individual.
Monitoring network traffic would be unobtrusive to the user and would be akin to the CCTV systems that
are ubiquitous in society. Many internet services in fact already monitor and log the actions taken by an
individual, in the interest of public safety (Firth, N, and Levy, A. 2010).
It has been said that after a cataclysmic disaster, the public are more willing to forgo privacy in the aid of
making the world a safer place, such as after the 9/11 attacks on the twin towers (Olsen, S, and Hansen, E.
2001), suggesting that the public would accept the loss of privacy to protect the safety of the nation if it
were effective enough to justify it.
Denying a protective service like monitored networks would in the long term cause more damage to the
public, including loss of privacy in key areas such as names, addresses and bank and credit card
information. In a study in 2011, it was revealed that 90% of companies in the US were hacked, and many
companies suffered loss of sensitive data through hacking (Pullicino, J. 2011), including the major security
company RSA (Goodin, D. 2011). Intrusions of this nature could cause public exposure on far greater a level
than the monitoring system alone.
Extent of monitoring
The extent as to which monitoring should be allowed to invade on the public privacy must be justified by
the level of protection and defence provided to national security. It could also be argued that monitoring
alone is not enough to increase national defence and that more invasive techniques would be required to
result in a significant impact to public safety.
For monitoring to be effective it must be intrusive enough to ensure it is not simple to hide information, as
this would instantly reduce the usefulness of such a system. Obstacles such as encryption of traffic would
also need to be investigated, as current encryption techniques would enable sensitive information to be
passed through a national monitoring system without being noted or logged.
In the examples provided previously, it was shown that different types of threat could benefit from
monitoring networks. An act of terrorism such as malware intended to cause financial loss or loss of life
would require deep inspection to detect untoward activity, whereas simple detection methods would be
sufficient to monitor problems of a civil nature on social networking websites. The effectiveness of
monitoring would require multiple levels of analysis, to allow detection of different types of attack on the
safety of the nation.
Monitoring technologies
If monitoring were to be implemented by a nation, the technologies used must be discussed. The most
practical method of installing monitoring technology would be to implement legislation to force Internet
Service Providers to provide and manage the systems. This has been done for other systems, such as
CleanFeed, the content filtering system implemented by BT (Clayton, R. 2005), however, ISPs respond by
suggesting that it is not their job to police the internet (BBC News. 2008), and may be reluctant to
implement a monitoring system.
An example of where a similar technology is already implemented is the Chinese Golden Shield, more
commonly referred to as the Great Firewall of China. The Golden Shield firewall is a government
implemented system designed to hide the Chinese public from information that may be deemed damaging
to the power of the Chinese government. This system does not block, filter or monitor network traffic at
the border of the country (Science Blog. 2007), but instead at ISP level, occasionally allowing traffic to pass
through several routers before being filtered and blocked. At present, this system is not publicised as a
monitoring system, however a group of Canadian human-rights activists have discovered evidence of
monitoring of Skype conversations in China (Markoff, J. 2008).
Regulation
Legality of monitoring all network usage is questionable under current legislation. The UK Regulation of
Investigatory Powers Act 2000 (RIPA) states that it is prohibited to intercept communications via public
telecommunication system (UK Legislation. 2000), and the US Electronic Communications Privacy Act of
1986 (ECPA) states that it is prohibited to intentionally intercept electronic communications (US
Legislation. 1984). To allow continuous monitoring for the purpose of national defence, these legislative
acts would need to be modified to provide intelligence agencies of the relevant nations with the necessary
powers.
Continuous monitoring of network traffic would require harsh regulation to prevent data captured being
used for unrelated purposes such as personal use by employees and journalistic use by the media. Such
intrusions of privacy would counter the desired purpose the system and thus detract from its validity in
legal battles.
Government monitoring of this type would classify as intelligence gathering and would therefore be
advised by the authorities and armed forces intelligence committees, which in the UK is the Joint
Intelligence Committee, and in the US is the US Senate Select Committee on Intelligence. These bodies
would have the task of ensuring monitored information is handled correctly and securely, and that the
correct information is procured from the torrents of data that they would be handling.
Conclusion
The threat posed to a nation by networks is growing every day. The types of threat are many and the
problems that can be caused by networks are diverse. At present the internet is very weakly policed,
though this has been attributed to its success. With over 30% of the world population having access to the
internet, and over 60% of the population of first world countries online (IWS. 2011), policing in several
forms must come into play if networks are going to aid in keeping national security and defence intact.
Network monitoring by governments would intrude on privacy of the public, but also (and more
importantly) on the privacy of the criminal, enemy nation state or terrorist looking to use the internet as a
medium of technological warfare, anonymous communication or criminal playground. These intrusions
would not only repel such actions but aid in the conviction and tracing of them too.
Privacy concerns raised by the public, whilst notable and valid, are argued against by stating the goal of
monitoring networks. Whilst minor intrusions to privacy would occur, they would be internally handled by
a government intelligence agency, and would prevent leaks and hacking as mentioned previously. Sensitive
data would be safer and overall privacy of the individual would be strengthened.
Police agencies would have access to information about the action of the public, and in situations such as
the riots of London in 2011, the police would be able to respond faster and more effectively, thus
decreasing the threat caused and reducing damage and injury.
Whilst attempts to circumvent the technology would no doubt be made, monitoring of networks would be
effective if not as a deterrent alone. Deterrents have been shown to be effective in physical military
applications, as seen by the UK Trident nuclear programme. Electronic deterrents are now necessary to
continue to have a network infrastructure that is useful to governments, businesses and individuals.
References
Whitehead, T. (2009). Every phone call, email or website visit 'to be monitored'. Available: http://www.telegraph.co.uk/news/uknews/5215413/Every-phone-call-email-or-website-visit-to-be-monitored.html. Last accessed 16th November 2011.
Orlowski, A. (2011). Film studios thrash BT in Newzbin site-block test case. Available: http://www.theregister.co.uk/2011/07/28/site_blocking_bt_and_newzbin2/. Last accessed 16th November 2011.
Denning, D. (2000). “Cyberterrorism”, Testimony before the Special Oversight Panel of Terrorism Committee on Armed Services US House of Representatives Available: http://www.cs.georgetown.edu/~denning/infosec/cyberterror.html. Last accessed 14th November 2011.
Baranetsky, V. (2009). What is cyberterrorism? Even experts can't agree. Available: http://www.hlrecord.org/news/what-is-cyberterrorism-even-experts-can-t-agree-1.861186. Last accessed 15th November 2011.
O'Murchu, L. (2010). Last-minute paper: An indepth look into Stuxnet. Available: http://www.virusbtn.com/conference/vb2010/abstracts/LastMinute7.xml. Last accessed 15th November 2011.
Zetter, K. (2010). Blockbuster Worm Aimed for Infrastructure, But No Proof Iran Nukes Were Target. Available: http://www.wired.com/threatlevel/2010/09/stuxnet/. Last accessed 15th November 2011.
Keizer, G. (2010). Is Stuxnet the 'best' malware ever? Available: http://www.infoworld.com/print/137598. Last accessed 15th November 2010.
SPAMfighter. (2011). Stuxnet Infection On Over 10,000 Indian Computers: Symantec. Available: http://www.spamfighter.com/News-15598-Stuxnet-Infection-On-Over-10000-Indian-Computers-Symantec.htm. Last accessed 15th November 2010.
Goodin, D. (2011). Water utility hackers destroy pump, expert says. Available: http://www.theregister.co.uk/2011/11/17/water_utility_hacked/. Last accessed 19th November 2011.
Goodin, D. (2011). Second water utility reportedly hit by hack attack. Available: http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/. Last accessed 19th November 2011.
Bolesworth, S. et al. (2011). Tottenham in flames as riot follows protest. Available: http://www.guardian.co.uk/uk/2011/aug/06/tottenham-riots-protesters-police. Last accessed 15th November 2011.
Dodd, V. (2011). Cost of English riots much higher than first thought, Met police report suggests. Available: http://www.guardian.co.uk/uk/2011/oct/24/england-riots-cost-police-report. Last accessed 15th November 2011.
Potgieter, A. (2011). Social Media and the 2011 London Riots. Available: http://johannesburg.academia.edu/AndreaPotgieter/Teaching/27045/Poster_Social_Media_and_the_2011_London_Riots. Last accessed 15th November 2011.
Halliday, J. (2011). London riots: how BlackBerry Messenger played a key role. Available: http://www.guardian.co.uk/media/2011/aug/08/london-riots-facebook-twitter-blackberry. Last accessed 15th November 2011.
Firth, N, and Levy, A. (2010). Every Google search to be logged and saved for two years under new Euro MP plan. Available: http://www.dailymail.co.uk/sciencetech/article-1284581/Every-Google-search-logged-saved-2-years-Euro-MP-plan.html. Last accessed 16th November 2011.
Olsen, S, and Hansen, E. (2001). Terrorist threat shifts priorities in online rights debate. Available: http://news.cnet.com/2009-1023-272972.html. Last accessed 16th November 2011.
Pullicino, J. (2011). 90% of US Companies Hacked! Available: http://www.acunetix.com/blog/news/90-percent-of-us-companies-hacked/. Last visited 16th November 2011.
Goodin, D. (2011). RSA breach leaks data for hacking SecurID tokens. Available: http://www.theregister.co.uk/2011/03/18/rsa_breach_leaks_securid_data/. Last Accessed 16th November 2011.
Clayton, R. (2005). Anonymity and traceability in cyberspace. Available: http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-653.pdf. Last accessed 18th November 2011.
BBC News. (2008). Policing internet 'not ISP's job'. Available: http://news.bbc.co.uk/1/hi/uk/7329801.stm. Last accessed 18th November 2011.
Science Blog. (2007). CHINA’S ‘EYE ON THE INTERNET’ A FRAUD. Available: http://scienceblog.com/14190/chinas-eye-on-the-internet-a-fraud/. Last accessed 19th November 2011.
Markoff, J. (2008). Surveillance of Skype Messages Found in China. Available: http://www.nytimes.com/2008/10/02/technology/internet/02skype.html Last accessed 19th November 2011.
UK Legislation. (2000). Regulation of Investigatory Powers Act 2000. Available: http://www.legislation.gov.uk/ukpga/2000/23/section/1. Last accessed 15th November 2011.
US Legislation. (1984). Electronic Communications Privacy Act of 1986. Available: http://it.ojp.gov/default.aspx?area=privacy&page=1285. Last accessed 15th November 2011.
IWS. (2011). World Internet Users and Population Stats. Available: http://www.internetworldstats.com/stats.htm. Last accessed 16th November 2011.