Why proposed internet security measures will do more harm than good

Posted: July 12, 2012 in Dark Web
Tags: , , , , , , , , , ,

Last month I published a piece in The Age about the ‘dark web’ – sites that can only be accessed through anonymity software.

The picture someone decided was totally appropriate and non-hysterical

What became lost beneath graphics of demons emerging from computers was a line I wrote in response to proposed legislative changes that could lead to the web history of any device connected to the internet being logged and retained for up to two years for law enforcement purposes:

“But such measures will have no effect on those who conduct their criminal activities on the Dark Web because nothing is logged — there is no history to keep. And some argue such measures will cause more people to seek out anonymity services — the same services that provide access to the Dark Web.”

In researching that article, I spoke to many people – university professors, a representative of Tor and law enforcement – who agreed that the measures proposed by Roxon are a ‘feel-good bandaid’ rather than an effective tool to catch criminals.

Laws that invade the privacy of regular citizens will have the effect that those citizens will seek ways to maintain their privacy.  One way to do this is to use encrypted data and VPNs or surf the web using services like Tor, Freenet or I2P.  Criminals, of course, have had a vested interest in encrypting their communications for some time, because wiretapping by law enforcement is already legal when warrants are involved.

Cybernorms Research group at Lund University, Sweden, found that after the introduction of similar measures (the FRA and IPRED laws), there was a dramatic increase in people using anonymising software.

From what I gather from speaking to experts, what law enforcement can discern when such measures are taken is that encrypted information is going out, but not what that encrypted information is.  In the past, heavy encrypted traffic may have been an indicator of criminal activity; as more people move to anonymising software to protect their privacy, heavy encrypted traffic may just mean a person doesn’t want you snooping into their perfectly legal affairs.

Andrew Lewman, Executive Director of Tor (probably the best known of the anonymous service providers) is exasperated by politicians who don’t understand the internet but react to panic that ‘something’s got to be done’.

Data retention has done nothing to catch any more criminals in countries that have it, especially in Europe.  It’s created more of a problem because now le has to spend its time learning how to manage data, not to hunt down criminals,” he said.

Lewman told me that the US Government-funded Tor works closely with law enforcement agencies. He said, “Having spoken to SOCA, the Serious Organized Crime Agency, their attitude has been that these laws have made their life much more difficult because most of their techniques and software relied on easy mass surveillance of clear text data to actually target the criminals and ignore 99% of innocent people.  Now everything’s encrypted so, you know, everything looks criminal.  Because the patterns of 12 year-old planning a surprise party looks just like the pattern of terrorists planning an attack.  So they end up wasting resources.”

I don’t take kindly to my privacy being invaded by anyone and it seems to me that this is not even a case of the means justifying the ends, but just politicians trying to be seen as doing something.  Unacceptable.

Comments
  1. I completely agree with you. I also like having this article (yeah, that image choice was pretty wrong eh!) alongside the official version – gives a sense of the back story to journalism that we don’t often see.

  2. […] Cybersecurity Act of 2009Google Users To Get Email Warnings About State Sponsored Cyber AttacksWhy proposed internet security measures will do more harm than good .social_button { float:left; width:130px; display:inline-block; […]

  3. […] Friday I wrote an Opinion piece for The Age based on an earlier blog about why I think Australia’s proposed data retention laws are not only an invasion of […]

  4. […] jQuery("#amzncart_continueshopping").button(); jQuery("#amzncart_checkout").button(); } }); } Why proposed internet security measures will do more harm than good .social_button { float:left; width:130px; display:inline-block; } var […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s