DOC PREVIEW
MTU CS 6461 - The Economics of Mass Surveillance

This preview shows page 1-2-3-4-5 out of 16 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

The Economics of Mass Surveillanceand the Questionable Value of AnonymousCommunicationsGeorge Danezis1and Bettina Wittneben21K.U. Leuven, ESAT/COSIC,Kasteelpark Arenberg 10, B-3001 Leuven-Heverlee, [email protected] Erasmus University Rotterdam,Burg. Oudlaan 50, 3062 PA Rotterdam, The [email protected]. We present a model of surveillance based on social networktheory, where observing one participant also leaks some informationabout third parties. We examine how many nodes an adversary has toobserve in order to extract information about the network, but also howthe method for choosing these nodes (target selection) greatly influencesthe resulting intelligence. Our results provide important insights into theactual security of anonymous communication, and their ability to min-imise surveillance and disruption in a social network. They also allow usto draw interesting policy conclusions from published interception fig-ures, and get a better estimate of the amount of privacy invasion andthe actual volume of surveillance taking place.1 IntroductionMuch contemporary cryptography and computer security focuses on securingcommunications between Alice and Bob [12, 7]: link confidentiality preserves thesecrecy of what they say, authentication ensures that they are talking to eachother, anonymity can hide their identities from each other or third parties. Atthe same time it is futile to deploy such a system, without realising that confi-dentiality, anonymity and privacy for Alice and Bob, do not exist in a vacuum. Inmost cases Alice and Bob would be embedded in a social network [16], and theiridentities and conversations would not only leak information about themselvesbut also about other actors in the network. Similarly, Alice and Bob’s confiden-tial conversations or secrets are likely to be communicated on other links, andmay be compromised by observing third parties communicating them.We start from the standpoint that insecurity has externalities – allowing Eve,an eavesdropper, access to information transiting on the links between Alice andBob, additionally leaks other people’s secrets. At the extreme surveillance on thelink may only be there to gain information about third parties. Based on thisintuition we define a model of actors participating in spaces, or clubs: if one ofthe club participants is under surveillance we assume that all information shared2 G. Danezis and B. Wittnebenin this club, and the membership list of the club becomes known to Eve. Somequestions naturally arise from this model:– How many people have to be under surveillance to observe all clubs?– How many people have to be under surveillance to discover most people(their existence but not necessarily their membership to other clubs)?– How best to choose those to be put under surveillance to maximise returnsin terms of the last two questions (effective target selection)?– How does the lack of information, due to the use of an anonymizing networks,affects the effectiveness of such target selection?We could attempt to answer these questions by looking at a synthetic familyof social networks [9]. Instead, we chose to perform our experiments on harvestedsocial network information, derived from a real world political network. Thisapproach adds authenticity, and credibility to our results since it is easier toargue that the harvested data represents real-world organisational models, thanif we used fully synthetic networks. At the same time, the process of answeringthe questions, from the collection of the data to the analysis, illustrates themethodology that Eve would have to follow in order to put a similar socialnetwork under surveillance, given a limited interception budget – very littlehas been written about this in the past. Even less has been said about how tosystematically protect such a network, at all levels, from such an adversary. Inparticular we show that deployed anonymization solutions protect only partiallyagainst target selection that may lead to efficient surveillance.Both the fresh set of questions that we seek to answer and the realistic natureof the data set used, lead to results with far reaching policy implications. Weillustrate this by re-interpreting actual reports of surveillance both legal andillegal, technical and physical, under the light of our models. We show that evenlow levels of reported surveillance may well be the tip of a massive surveillanceoperation iceberg.2 Model & Data SetWe need to define precisely our model before posing or answering our key ques-tions. We consider a social network that has two types of edges or nodes: peopleand spaces (sometimes referred for clarity as clubs). People may belong to spaces,which we call a relationship. We allow relationships to have some strength de-noted by a positive integer. This symbolises the relative degree of association ofthe person to the space.The social network is in fact a weighted bipartite graph from the set of peopleto the set of spaces. We do not allow direct links between people, and considerinstead that all communication is mediated through a mutually shared club.This allows us to focus on the shared aspects of security, rather than studyingtraditional pairwise security.The Economics of Mass Surveillance 32.1 Extracting the Network from Harvested DataWe were allowed access to some of the archives of the mailing lists used by alarge international political network. The earliest posts to some lists were from2003, and the lists were active at the moment we collected our data, in February2006. Some other lists used by the same network were private and we did nothave access to them – which means that the data set can only be seen as a subsetof the ‘public’ interactions of the people involved. We made no attempt to mapdirect interactions between participants, but only considered mail sent throughthe mailing lists.We mapped each mailing list to a space and each individual email addressto a person. We recorded the day each message was sent by each participantto a mailing list for the observed period. We then aggregated the network linksover time: if any message was sent between a person and a list, we created arelation, with weight equal to the overall number of messages observed betweenthe parties.The methodology used only created relations between senders and the mail-ing lists – it is possible that many members of the mailing lists acted only aspassive observers


View Full Document

MTU CS 6461 - The Economics of Mass Surveillance

Documents in this Course
Tapestry

Tapestry

13 pages

Load more
Download The Economics of Mass Surveillance
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view The Economics of Mass Surveillance and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view The Economics of Mass Surveillance 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?