Monday, 5 January 2015

Citizen Four (1): The Logistics of Tapping

Citizen Four is an excellent documentary about the first days of the Edward Snowden revelations. There’s a lot of him in the movie, and he seems to be an intelligent, savvy young man. This post isn’t about him or the rights and wrongs of indiscriminate surveillance, but about the feasibility of the claims being made about the recent activities of the NSA and GCHQ. It's therefore also about how worried you should be by all those revelations.

Right now the sigint (signals intelligence, as opposed to “humint” which is actual people) community are sending out some very mixed messages. On the one hand, they want to get content-level access to e-mails, websites, Facebook, Twitter and everything else, and they want ISPs to keep it all for a few months. On the other, seemingly they can tap and de-crypt anything, anywhere and in real time, they can turn on the microphone of your smartphone and listen in to your regular conversations of your smartphone, while using its GPS to track you.

Personally, I find the idea that, should I ever get lost or kidnapped, all anyone has to do is call Fort Meade and ask them where my phone is.

As if. The sigint community are, and have been for a good few years, drowning in digital noise. Let's do a little history.

The heyday of sigint was up to the mid 1990’s when most of the world’s telecoms traffic went through copper cable or by radio to satellites. That’s what the GPO Tower was built for: maser trunk transmission.

They took the masers away a couple of years ago. That’s what all those domes at Menwith Park and other places are for. It’s all still useful, as a lot of traffic to Africa, North Asia, parts of the Middle East and other assorted hot spots still goes over satellite. (The Sea-Me-We and FLAG cables go to the major towns in their destination countries, not to places like Syria or Kurdistan. Don't even think about trunk landlines in Syria or Kyrgyzstan.) All you have to do with copper was wrap some wire round it to pick up the magnietic fields created by the changes in current that is the signal, attach it to some headphones or a tape recorder and you're in the bugging business. It's much the same with radio waves. Point an ariel at the sky, tune your reciever to what you know is the satellite's frequency and wander around until you get a good signal. A few technical details aside, that's more or less it.

And then came fire-optic cable and digital. The Signint community hates fibre-optics and digital communication, because:

It makes effective encryption easy;
There’s no regulation of the technology;
It allows humungous amounts of traffic: they aren’t just looking for a needle in a haystack but a salt crystal in a ocean;
It’s horribly difficult clandestinely to monitor communications

That last bit contradicts what you will find on interwebz, which will have you believing that you too can tap into a fibre-optic cable for a tiny cost. Well, first you have to find it. Then you’ve got to dig it up. Then you have to put in your tapping device - and since that involves physically manipulating the fibre, it’s impossible to do without setting off alarms back at the carrier’s NOC - but let’s assume the operators were watching football at the time, and then you re-bury the cable.

Here’s the first question: how are you going to get all that data back to base? A main trunk line will pour out data at around 2T bits/second. Lucky for you that you just happen to have a similar quality fibre-optic cable laid right up to where you did the intercept? Because that doesn’t cost anything to do and isn’t a bureaucratic nightmare anywhere except the City of London. Ah, I see, you have a submarine - the USS Jimmy Carter - that specialises in doing this. And also happens to carry and be able to lay enough cable to get from your tapping point back to some secure naval base, because the commercial cable-layers are just kidding with those big specialised ships and nine-figure costs. Having got the data back to your secure naval base, you then send it down a secure high-capacity line that comes free with every big ol’ shed you build in Utah.

Here’s the real joke. When you’ve done all that, all you’re getting is a light show. Billions and billions of different-coloured photons. You have no idea which photons belong where and do what. The telcos and ISPs have expensive multiplexers at each end of the cable to send and receive all those photons. Those multiplexers have to be set up and synchronised, and can be changed quite easily and without telling the NSA. Without knowing how the sending multiplexer is set up, all you’re getting is a very fast sparkler. So it’s a good thing you have an inside source at the ISP or carrier. You do, right? And no, you can’t use some fancy algorithm to find the order in the light show. Just in case you were thinking that.

No. Nobody’s doing any large-scale tapping of modern fibre-optic cable. The logistics are impossible. What the sigint services do is connect some kit to the telco's switch (for TDM / SS7 voice traffic) or router (for data traffic) so they get a feed that's been neatly structured. They still have to de-crypt it, maybe, and search it, but it's a manageable amount of traffic. They are supposed to have a Court Order when they do that, and I'm sure they do, but... I'm guessing that what's in their kit these days is an array of multi-terabyte drives, and they copy more data than they have permission for. Every week they pop in and swap out the storage arrays. Hence their desire to make legal what they are doing now anyway. But this is a guess.

(To be continued)

No comments:

Post a Comment