Total Information Awareness* is HerePosted: February 2, 2011 | |
Yesterday Joseph Cannon put up a disturbing post about the American company that made it possible for Hosni Mubarak’s authoritarian government to shut down the internet in Egypt, making it much more difficult for Egyptians to communicate over social media like Twitter and Facebook. Be sure to read Cannon’s post and watch the Democracy Now video that he included.
I was intrigued enough to do a little more reading about Narus, and thought I’d add a bit to what Cannon had to say.
According to Wikipedia, Narus (emphasis added)
is notable for being the creator of NarusInsight, a supercomputer system which is allegedly used by the NSA and other bodies to perform mass surveillance and monitoring of citizens’ and corporations’ Internet communications in real-time, and whose installation in AT&T’s San Francisco Internet backbone gave rise to a 2006 class action lawsuit by the Electronic Frontier Foundation against AT&T, Hepting v. AT&T.
That’s the NSA spying program that supposedly targeted only foreign communications, but actually spied on all of us.
At the Electronic Frontier Foundation site, I found this report by Brian Reid, who is described as a “telecommunications expert.” He is also a former electrical engineer professor at Stanford and computer science professor at Carnegie Mellon University West. Reid was asked by the EFF to examine the technology used by AT&T in the spying program. Here’s a bit of what he had to say:
This infrastructure is capable of monitoring all traffic passing through the AT&T facility (some of it not even from AT&T customers), whether voice or data or fax, international or domestic. The most likely use of this infrastructure is wholesale, untargeted surveillance of ordinary Americans at the behest of the NSA. NSA involvement undermines arguments that the facility is intended for use by AT&T in protecting its own network operations.
This infrastructure is not limited to, nor would it be especially efficient for, targeted surveillance, or even untargeted surveillance aimed at communications where one of the ends is located outside the United States. It is also not reasonably aimed at supporting AT&T operations and security procedures.
Reid explains that the equipment he examined “is far more powerful and expensive than that needed to do targeted surveillance or surveillance aimed only at international or one-end foreign communications.” Furthermore:
The documents describe a secret, private backbone network separate from the public network where normal AT&T customer traffic is carried transmitted. A separate backbone network would not be required for transmission of the smaller amounts of data captured via targeted surveillance. You don’t need that magnitude of transport capacity if you are doing targeted surveillance.
The bottom line is that the equipment used to provide data to the NSA for Bush’s spying program was designed to spy on ordinary American citizens–not foreign terrorists.
Here’s a bit more from a 2006 article in Wired Magazine:
“Anything that comes through (an internet protocol network), we can record,” says Steve Bannerman, marketing vice president of Narus, a Mountain View, California, company. “We can reconstruct all of their e-mails along with attachments, see what web pages they clicked on, we can reconstruct their (voice over internet protocol) calls.”
Narus’ product, the Semantic Traffic Analyzer, is a software application that runs on standard IBM or Dell servers using the Linux operating system. It’s renowned within certain circles for its ability to inspect traffic in real time on high-bandwidth pipes, identifying packets of interest as they race by at up to 10 Gbps.
Internet companies can install the analyzers at every entrance and exit point of their networks, at their “cores” or centers, or both. The analyzers communicate with centralized “logic servers” running specialized applications. The combination can keep track of, analyze and record nearly every form of internet communication, whether e-mail, instant message, video streams or VOIP phone calls that cross the network.
So what did Narus do for the Egyptian government? According to Freepress (via Cannonfire)
Free Press has discovered that an American company — Boeing-owned Narus of Sunnyvale, CA — has sold Egypt “Deep Packet Inspection” (DPI) equipment that can be used to help the regime track, target and crush political dissent over the Internet and mobile phones.
Again via Joseph Cannon, the technology was described in a March 2010 article at IT World: Narus develops a scary sleuth for social media
Narus is developing a new technology that sleuths through billions of pieces of data on social networks and Internet services and connects the dots.
The new program, code-named Hone, is designed to give intelligence and law enforcement agencies a leg up on criminals who are now operating anonymously on the Internet.
The purpose of this program is to identify a specific person’s even when he or she is using different names and different social media or e-mail accounts. It can correlate all the data from different sources and figure out exactly what you’re doing on the the internet–and it can correlate the text data with voice data from phone calls.
The software’s user creates a target profile, and Hone then proceeds to link what Nucci calls “islands of information.” Hone can analyze VOIP conversations, biometrically identify someone’s voice or photograph and then associate it with different phone numbers.
“I can have a sample of your voice in English, and you can start speaking Mandarin tomorrow. It doesn’t matter; I’m going to catch you.”
They call it “total visibility.” Who’s buying? Well, Egypt Telecom, the state-owned communications company. Human rights abusers Pakistan and Saudi Arabia are also clients. During Iran’s protests in 2009, dissidents were tracked, imprisoned and in some cases executed thanks to similar technology.
So while Obama administration reps call for Internet freedom to be restored in Egypt, they may simultaneously be lobbying for the companies who shut down that freedom. Your tax dollars at work promoting the sale of social media off-switches to dictators, that would be bad enough.
But do we have any reason to believe the United States has not also bought this handy tool for itself? It makes you wonder what or who he’s kidding when Robert Gibbs talks about Internet freedom. Better not talk it up too loudly, though, before someone reaches for the kill switch.
So what about that “Internet kill-switch bill” that Senators Joseph Leiberman (I-Connecticut), Susan Collins (R-Maine), and Tom Carper (D-Delaware) have proposed? They claim their bill involves nothing like what the Egyptian and Iranian governments bought from Boeing/Narus. In fact the three sponsors of the bill released a statement critical of Mubarak’s actions yesterday:
“The steps the Mubarak government took last week to shut down Internet communications in Egypt were, and are, totally wrong,” said Senators Joseph Lieberman of Connecticut, Susan Collins of Maine, and Tom Carper of Delaware in a joint statement on Feb. 1. “His actions were clearly designed to limit internal criticisms of his government,” the senators said.
WTF?! Doesn’t their bill do the same thing to American citizens? The Senators claim their bill will prevent the President from being able to shut down internet access for Americans.
The senators claim the president actually has more power now, authorized by the Communications Act of 1934, to take action similar to what’s been done in Egypt because it allows the president to take over or shut down wire and radio communications providers in the event of a threat or war.
Calling that law “a crude sledgehammer built for another time and technology,” the senators claim their bill will ensure that power won’t be applied to the Internet because it allows the president to identify only critical control systems — i.e., telecommunications networks, the electric grid, financial systems, and the like — and order emergency measures for them against an event that might destroy or severely disrupt them.
The president also would have to notify Congress first before taking action by “the least disruptive means feasible,” and the measures he takes cannot go beyond 120 days without congressional approval, the senators said.
OK, but why do I still feel queasy about all this? I guess it’s because I know that back in 2005-06, Narus already provided the government with the ability to spy on every one of our phone calls, instant messages, social media postings, and heaven knows what else.
It’s hard not to feel hopeless when you realize how little privacy we really have left. But I’m trying to internalize what Joseph Cannon wrote about defeatist attitudes yesterday:
We also need to get past defeatism — as in: “Well, there’s nothing we can do. There’s no such thing as privacy any more.” Sorry. Not buying that. We can have our privacy back if we demand it.
Some people say: “If you’re not doing anything wrong, you have nothing to worry about.” Only a classic “good German” would rely on that cowardly excuse. Here’s a better axiom: If the government were not doing something wrong, it would not have to worry about us.
* Total Information Awareness