Surveillance or Security?: The Risks Posed by New Wiretapping Technologies [Hardcover]

Susan Landau (Author)

Book Description

Publication Date: January 28, 2011

Digital communications are the lifeblood of modern society. We "meet up" online, tweet our reactions millions of times a day, connect through social networking rather than in person. Large portions of business and commerce have moved to the Web, and much of our critical infrastructure, including the electric power grid, is controlled online. This reliance on information systems leaves us highly exposed and vulnerable to cyberattack. Despite this, U.S. law enforcement and national security policy remain firmly focused on wiretapping and surveillance. But, as cybersecurity expert Susan Landau argues in Surveillance or Security?, the old surveillance paradigms do not easily fit the new technologies. By embedding eavesdropping mechanisms into communication technology itself, we are building tools that could be turned against us and opting for short-term security and creating dangerous long-term risks.

How can we get communications security right? Landau offers a set of principles to govern wiretapping policy that will allow us to protect our national security as well as our freedom.

Editorial Reviews

Review

"Landau's well-researched writing is a superb resource for the citizen who wants to be an informed participant in the civil rights debate that is succinctly summarized in the title." Hilarie Orman IEEE Cipher

"An extremely important book. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner… This book is the definitive text on the topic and it is a title that needs to be read."-Ben Rothke, Slashdot

"By carefully explaining the ways in which excessive surveillance can undermine security, this informative and provocative book turns on its head the traditional--and misleading--assumption that national security and civil liberties must always be balanced against each other, as if they were mutually exclusive objectives on opposite sides of the scale. Landau demonstrates a rare and extremely valuable combination of both technical expertise and policy savvy, and the material is presented in way that is accessible for the general public yet specific enough to guide policymakers in Congress and the Executive branch--for whom it should be required reading. I have been working in the national security arena for over 25 years, and following cybersecurity issues for nearly 15 years, and still found in this book fresh insights and new information that will make a valuable contribution to the important policy debates at the intersection of privacy and security." Suzanne E. Spaulding , Bingham McCutchen, LLP; former Assistant General Counsel, C.I.A.; former Executive Director, National Commission on Terrorism

"Governments have been trying to control the Internet since the early 1990s, when they realized that it would change everything and they didn't understand how. Much of the 1990s was spent on the Crypto Wars, as governments tried to control surveillance online. One of the veterans, Susan Landau, gives us a perspective on where the battle lines are now and where surveillance is likely to go in the future." Ross J. Anderson , Professor of Security Engineering, University of Cambridge

"Susan Landau has taken an exceptionally complex but vital subject and presented it in a clear and compelling way. The ability of a citizen to securely communicate with her peers lies at the heart of the rule of law. Landau demonstrates the necessity of protecting that right amidst the technological changes that can greatly alter the balance of power between citizens and governments." Jonathan Zittrain , Professor of Law and Professor of Computer Science, Harvard University; author, The Future of the Internet -- And How to Stop It

About the Author

Susan Landau works in cybersecurity, privacy, and public policy. A former Sun Microsystems Distinguished Engineer, she has held visiting positions at Harvard, Cornell, and Yale, and has been a faculty member at the University of Massachusetts at Amherst and at Wesleyan University, as well as a fellow at the Radcliffe Institute for Advanced Study (Harvard University). Landau is a coauthor of Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press, revised edition 2007) and the author of numerous scientific and policy papers. She is a fellow of the Association of Computing Machinery and the American Association for the Advancement of Science,and was a 2012 Guggenheim Fellow.

Product Details

• Hardcover: 400 pages
• Publisher: The MIT Press (January 28, 2011)
• Language: English
• ISBN-10: 0262015307
• ISBN-13: 978-0262015301
• Product Dimensions: 6 x 0.8 x 9 inches
• Shipping Weight: 1.5 pounds (View shipping rates and policies)
• Average Customer Review: 4.8 out of 5 stars  See all reviews (4 customer reviews)
• Amazon Best Sellers Rank: #755,424 in Books (See Top 100 in Books)

More About the Author

Susan Landau works in the areas of cybersecurity, privacy, and public policy. She has worked in industry, as a Distinguished Engineer at Sun Microsystems, and in academia, including at the University of Massachusetts at Amherst and at Wesleyan University. Landau is the author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies (MIT Press, 2011), and co-author, with Whitfield Diffie, of Privacy on the Line: The Politics of Wiretapping and Encryption (MIT Press, 1998, rev. ed. 2007). She has written numerous computer science and public policy papers, as well as op-eds on cybersecurity and encryption policy, and has testified to Congress on wiretapping and cybersecurity issues. Landau was a 2012 Guggenheim fellow, a fellow at the Radcliffe Institute for Advanced Study, the recipient of the 2008 Women of Vision Social Impact Award, and is a fellow of both the American Association for the Advancement of Science and the Association for Computing Machinery.

Most Helpful Customer Reviews

8 of 9 people found the following review helpful

5.0 out of 5 stars Risks of NOT READING this book! March 6, 2011

By Peter G. Neumann

Format:Hardcover

This is an absolutely mandatory source book for everyone interested in the would-be conflicts represented between and within each side of the "or" in the title. It is truly remarkable, incisive, important, timely, superbly researched, and copiously footnoted for those who want to dig even deeper. At the moment, we seem to have surveillance without security, and without sufficient controls. However, the challenges of achieving adequate security *and* legitimate surveillance *and* meaningful privacy (however you might wish to define them) may be eternally unreachable -- especially in the absence of meaningful security and trustworthiness more generally.

4 of 5 people found the following review helpful

5.0 out of 5 stars Definitive text on the topic July 8, 2011

By Ben Rothke

Format:Hardcover

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout the book. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times.

Surveillance or Security? is one of the most pragmatic books on the topic is that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where every quote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 - Securing the Internet is Difficult - notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NSF program that built the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 - The Effectiveness of Wiretapping - Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 - Who are the Intruders? What are They Targeting? - is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 - Policy Risks Arising from Wiretapping - Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 - Getting Communications Security Right - and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security right and that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

1 of 3 people found the following review helpful

5.0 out of 5 stars Comprehensive Coverage of a Complex Subject June 18, 2011

By Earl Boebert

Format:Hardcover|Amazon Verified Purchase

There are few books that comprehensively cover the subtle and complex interactions between technology, law, and public policy, and this is one of them. Technology influences law and public policy by making certain actions easy and other actions difficult or impossible; law and public policy influence technology by encouraging some developments and discouraging (or punishing) others.

In the network and communications arena, books that treat law and public policy seldom explain how the technology works, and books that explain how the technology works seldom treat the law and public policy issues. This book does both, and will definitely be the standard reference for years to come.