Encrypting Information

There is a good bit of understanding of the role of intelligence services summed up in the words of  Andrei Soldatov and Irina Borocan, in The Red Web [Public Affairs Books], a book about the development of the Russian Internet and the role of the FSB in it.  This is what they say:  

"The Ministry of Security got the job of phone and postal interception under a secret decree that was issued June 22, 1992.  Two days later Bulak signed the paperwork giving the Ministry of Security access to communications cables and places where they could work to intercept calls.  When Bulak went to Lubyanka again, he asked the same question:  'Are you keeping up with us?  Is there any direction where we need to slow down?'. The answer was the same, "No, we are keeping up.'  In fact, the security services were lagging way behind."

What they describe is a technologist's dilemma in places where knowing what is being said on the Internet is more important than the protection of information passing between individual users.  Governments decide how far they will go with technological developments that keep them from their business of intelligence collection.  But, governments seldom say more than Soldatov and Borocan got in that interview.  "We are doing just fine."  Only they weren't doing just fine because the pace of development of the Internet got ahead of their government's capability to keep up by monitoring their citizens where they "should" be monitored.  This is an interesting problem we seldom hear talked about, yet all governments have it.  

When the Director of the FBI says he is having difficulties getting access to terrorism-related information, he is saying "We are not keeping up."  You will never hear the Director of any law enforcement agency in any country say, "Yes, we are doing just fine.  We can monitor any e-mail, decrypt any disk, listen to any encrypted phone call."  They may even be able to do it, but nobody ever says it.  China and Russia never admit to having any trouble monitoring much of anything, because they don't have any trouble doing it.  The practical reason for the rest of us, terrorists and criminals will work harder to protect their information if they know they can be intercepted.  They would have to have "FOOL" stamped on their foreheads to not know they need to do something.  

What other countries do is set up laws to monitor everyone on any media that traverses their border.  They don't have trouble from rulings on how much data they are allowed to keep, or under what circumstances they can monitor someone.  They require their Internet Service Providers to give them access.  No court order is required [curiously, Russia has a law that says monitoring does require a warrant, but the authorities don't have to actually produce it].  In the list of countries that monitor their citizens, there are some strange bedfellows.  Vodaphone published a list of some of them that required access to internal networks, in a report on their own problems with monitoring.  [They didn't include Russia, China or the USA.]  Monitoring, of some sort, is ubiquitous on the Internet.  

I expressed the importance of this in my last book, The New Cyberwar, because countries need to be able to collect intelligence to survive.  Some of them need to be able to collect that against their own citizens in order to survive, China being a good example.  The situation today puts Google, Microsoft et. al. in the middle between government policies and privacy of communications, but they are not in the middle everywhere.  China found a way to steal Google software and certificates that will steer a citizen into their own websites that pretend to be Google.  Encrypt all you want in these systems but it won't do much good.  So, when the Director of the FBI says we are not keeping up, I have to ask why not?  It is the job of the intelligence services, of which you are one, to do so.