

Age of surveillance: the fish is rotting from its head - varjag
http://non-linear-response.blogspot.com/2011/01/age-of-surveillance-fish-is-rotting.html

======
alanh
A long-held conspiracy theory of mine: While 99%+ of those watching broadcast
or cable television never have the opportunity to buy Cisco equipment for
their business, and much better suited advertising channels exist (IT
magazines, even TechCrunch), Cisco spends a LOT of time & money advertising on
TV. (Until recently, Cisco used other brands for consumer products, e.g.
Linksys!) But if it’s not to reach the consumers, why do it? Simply to
“purchase” journalists and networks. If they start criticizing Cisco for its
role in oppressive regimes’ censorship and e-terror campaigns, they lose a
significant percent of their ad revenue.

The genius of it is, the financial ramifications are so obvious to these
networks & publishers that not a single explicit word needs said; it’s not a
bribe, it’s just making it lucrative to keep one’s figurative mouth shut.

~~~
blhack
Oh come on. My completely non-technical boss looked at me a while ago and said
"We should get a barracuda spam filter."

Why? Why does he even know what this is? Why does he even know that spam
filters exist?

Because barracuda has their ads all over every airport I've ever been in.

The same goes for cisco. If I put in a request for funding for some network
gear, my boss wants to feel like he knows a bit about what I'm spending money
on. Cisco helps him feel that way. When he signs off on it, he gets a warm
fuzzy because the television told him that cisco gear is the best gear and
cisco gear is what he _needs_.

He might even object if I told him that we're going to get juniper stuff
instead of cisco because juniper doesn't have ads on the TV and he's never
heard of them. What are they, some _generic_ brand? No! WE need cisco!

~~~
drats
Another great way to reach your boss is to fund a Cisco Professor of
E-Democracy just like Cisco actually do, right?

------
potatolicious
This post should be required reading for anyone in West working on this
technology. It's one thing to spend your life working on something of dubious
benefit to humanity, it's entirely another to be directly, actively working
against freedom and democracy globally.

I know of one company that used to (maybe still do?) recruit aggressively at
my university, who shall remain nameless for the sake of civility, and cannot
understand the students that chose to go work there despite knowing full well
the business they're in.

~~~
Jach
Sadly, money motivates, and I can understand that. I still think that way
about people who go to work on guided missiles and so forth. Perhaps it's a
stretched simile, but I think it's like selling crack to kids to feed your
family.

I don't think it's that civil to omit the company's name, it's more like
letting them win. I find it interesting and useful to learn which companies
are behind shady activities, as done in the article:

> The equipment, produced by Alcatel, Siemens, Cisco and others is then sold
> to Iran, Myanmar, Belarus and other repressive regimes, as part of normal
> network operator procurements.

~~~
varjag
To be frank I listed those just as examples: no idea which of those have their
equipment installed at Beltelecom, but they are commonly used in similar
setups. There is little point in being accusatory: the surveillance features
were developed as a part of legal compliance to their respective
jurisdictions, then spread worldwide.

IMHO it is best to treat corporations as a force of nature, which however can
be loosely directed by legislation. People staffing them might be all fine as
individuals, but the requirements of market and governments can produce
socially unwelcome outcomes.

------
srean
I think one of the most well known and egregious example of large scale
surveillance outfit is the Stasi. It's reported that there was one informer
per every 6 and a half people. Possibly the highest ratio of all known
examples.

Stasiland <http://en.wikipedia.org/wiki/Stasiland> is a fascinating read. And
of course "The Lives of Others" is a must watch. If for no other reason than
to experience an eloquent demonstration of powerful yet understated acting.

~~~
sqrt17
Oh, it's not limited to the GDR. Switzerland in the eighties had the
"Fichenaffäre" when it came out that the Swiss federal police did
surveillance, and kept records on, about 10% of the population.

<http://en.wikipedia.org/wiki/Secret_files_scandal>

The Stasi is a fascinating example because the fall of the GDR was quick
enough that they couldn't destroy most of the existing files and evidence and
we have a relatively clear picture of what happened there. For the Swiss files
from the 80s, an official archive exists but access to actual data is
relatively difficult. If other democratically elected governments practice
Stasi-style surveillance, it would be extremely hard to find out (and would,
arguably be the bottom of an iceberg ranging from regular law enforcement to
espionage and counter-espionage, to proactive intelligence gathering to find
likely terrorists, to proactive intelligence gathering on random citizens who
are not terrorists but may have rented a car from a suspected terrorist's
relative).

~~~
chappi42
But it's quite a difference what happens with such 'fichen' info to a
citizen/politician in Belarus and in Switzerland (or Germany or (probably)
US).

~~~
sqrt17
There's definitely a large spectrum, between countries where the government
uses violent means to suppress political oppostion (including but not limited
to Belarus), over governments that deport people who met with a "person of
interest" to third-party countries where they get tortured (see
<http://en.wikipedia.org/wiki/Maher_Arar>) to countries where people just feel
that preemptive intelligence gathering without concrete indications is more a
cover-your-ass thing than a useful technique to fight crime.

Note that Lawful Interception (i.e. interfaces for government agencies to
siphon off data from internet providers), as it was established by US and
Europe, was never a focused effort to provide data for criminal investigations
but started out with different groups of users in mind (i.e., espionnage and
possibly other uses that the average citizen would find spooky).

And, as the article explains, the same technology that is used to guarantee
Lawful Interception in Germany/US/other countries is used for political
suppression in countries that would perhaps lack the technical sophistication
but have a budget and corresponding sources for these. (Although I'm
reasonably certain that companies in China and Russia will be happy to provide
similar technology to potential buyers).

------
motters
The battle for privacy was lost during the last decade - as in "we lost the
war".

[http://media.ccc.de/browse/congress/2005/22C3-920-en-
we_lost...](http://media.ccc.de/browse/congress/2005/22C3-920-en-
we_lost_the_war.html)

The best we can hope for in future is a transparent or sousveillance society
where an informational balance of power is maintained. Currently the main
bottleneck is ISPs, and these are points of weakness where top-down control
can be introduced to a greater or lesser extent.

~~~
randallsquared
The end of privacy was a foregone conclusion: with such rapidly falling cost
for video and audio hardware, the only way to _keep_ privacy would be
totalitarianism.

~~~
mvalle
Oh, the irony...

------
pmchiu
"While the liberty movements in the West are busy enough doing good job
fighting off the surveillance wave at home, the totalitarian customer segment
remains steadily serviced, by the virtue of civil opinion there being
discarded and silenced."

That's a bold statement. I agree that liberty movements are fighting. But I
don't think they are winning. We've definitely taken a few steps back in
recent years. There are more cameras on every street corner and more companies
are using facial recognition software to spot people as they go about their
day to day business. I don't think that's progress.

~~~
joshuacc
I don't think the author claimed that the liberty movements are winning, just
that they don't have the resources to fight both at home and abroad.

~~~
varjag
Exactly. That said, any setback of surveillance in the West trickles down to
less options available to dictators everywhere. The technology is developed
first and foremost to the "home front" of developed nations, as they are the
biggest market by far. Thus even local efforts of activists have potentially
global impact.

------
mvzink
I really doubt the US would be inclined to limit its own options by condemning
such acts by other countries and banning certain parts of the process.

~~~
nopassrecover
You mean like pushing for other countries to not use land mines and cluster
bombs but still using them itself?

------
agranig
It's a matter of fact that every vendor of telco equipment has to provide a
lawful-interception interface when doing business at a serious scale (say,
enabling services for >10k end-users). That holds true in countries with
questionable political systems, but even more so in Central/Western Europe and
especially in the US. It's really just how the technology is handled and used.

Regarding conspiracy theories: there's a popular saying in the telco/network
industry, going like "Nobody has ever been fired for buying Cisco equipment".
It's just a matter of taking personal risks for your CTO.

~~~
agranig
We at Sipwise implement VoIP switches at major ISPs in Europe, and the most
uncomfortable question, which is ALWAYS asked (mostly just as a side-question,
like "Btw, I suppose you support it anyways, so how does your solution work in
that regards?") is the one of lawful interception.

There's a specification defined by the PacketCable consortium
([http://www.cablelabs.com/packetcable/downloads/specs/PKT-
SP-...](http://www.cablelabs.com/packetcable/downloads/specs/PKT-SP-ES-
DCI-I01-060914.pdf)), and I'd say that almost every major vendor has
implemented it in one way or the other in order to be deployed at cable ISPs.

------
nopassrecover
"some services allow to downgrade from SSL gracefully" - Is this true? Does
this ability not defeat the point of SSL? Why would this technology be built
in?

"Traditional wiretapping of phone networks was combined with GSM location
services: thousands of people are now getting subpoenas and are dragged to
police stations for being on streets in the vicinity of protests." - Phone
towers keep location logs?

~~~
varjag
Most notably Gmail allowed downgrading to insecure connection until the China
affair. There are other mail, messaging and social services people use there,
some of them regional (e.g. Russian), where perception of security threats is
low.

Cell towers per se do not maintain any logs, it is just transceiver equipment
connected to communication line. However telecom datacenters provide location
services based on signal strength from the handset to cell towers in the area.
Many operators make these services available commercially to customers, and
the data is nearly always accessible to law enforcement upon request.

Wikipedia provides a good summary of the process:
<http://en.wikipedia.org/wiki/Mobile_phone_tracking>

~~~
rphlx
Criminals are smart enough to remove the battery, or not carry a cell phone
during a major crime. So this mostly just enables the government and telecom
companies to track law-abiding citizens.

~~~
bigfudge
Really? All criminals? I'm not a big fan of developments in surveillance, but
it's crazy to think that some criminals won't be caught. The fact that they're
petty criminals or benefits cheats makes the exercise of debatable value, but
not for the reason you state.

------
geekfactor
Even if the Western countries did do as the OP proposes, it would simply
result in a shift to non-Western suppliers such as the Chinese-owned Huawei.

~~~
varjag
It is a good point. I am aware of Huawei, although to my knowledge it is not
used in Belarus to a noticeable extent. No doubt of course it could change if
this hypothetic embargo is introduced.

There are however subtleties. The government and network operators use
services of big system integrators in the region: Baltic states, Russia and
Ukraine. The proximity of many vendors creates competitive situation, but if
only Chinese vector is available, the only viable option would be Moscow-based
Huawei suppliers. This is bound to create many problems with maintaining the
existing infrastructure, and the vendor will be able to dictate the price,
driving up the costs of enforcement and reducing its scope. If Ruissian
dealerships are used, it also creates a dependency on Putin, relations with
whom for Lukashenko have not been friendly at all lately.

