×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Book Review: Surveillance Or Security?

samzenpus posted more than 2 years ago | from the read-all-about-it dept.

Security 30

brothke writes "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times." Read below for the rest of Ben's review.Surveillance or Security? is one of the most pragmatic books on the topic in that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where everyquote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 — Securing the Internet is Difficult — notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 — The Effectiveness of Wiretapping– Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 – Who are the Intruders? What are They Targeting?– is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 – Policy Risks Arising from Wiretapping – Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 – Getting Communications Security Right– and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security rightand that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

Reviewer Ben Rothke (@benrothke) is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Surveillance or Security?: The Risks Posed by New Wiretapping Technologies from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

30 comments

POLL (0)

Anonymous Coward | more than 2 years ago | (#36698260)

a) Surveillance
b) Security
c) CowboyNeal

Re:POLL (1)

hedwards (940851) | more than 2 years ago | (#36699150)

You forgot the "leave it completely open for the benefit of humanity" option that seems to always crop up with regards to WAP.

Re:POLL (0)

Anonymous Coward | more than 2 years ago | (#36699408)

and the question is?

Book Review or Book Report?? (1)

Anonymous Coward | more than 2 years ago | (#36698316)

This whole "review" reads like an 8th grade book report.

You don't need to summarize every fucking chapter of the book, that's something anyone can do from looking at the table of contents. There isn't really much reviewing going on in this story, and its sad that there are no really criticisms or critiques in this.

Re:Book Review or Book Report?? (1)

captainpanic (1173915) | more than 2 years ago | (#36698518)

Maybe it's just all important? And maybe there's not much of a storyline, just a list of facts?

Anyway, it sounds like mandatory reading for all future politicians: either as a warning or as a guidebook.

Re:Book Review or Book Report?? (0)

Anonymous Coward | more than 2 years ago | (#36698572)

there are different styles of book reviews....not EVERY chapter was summarized....and after reading the review, you do know that he really did like the book.

As to 'no really criticisms or critiques in this', if it is a good book, then it wont have any.

Re:Book Review or Book Report?? (1)

brothke (1348253) | more than 2 years ago | (#36700078)

he didn't summarize every chapter. As to his 8th grade book report, he wrote the chapter count...u do the 1st grade made.... and see that he did not write on every chapter or close to it.

Re:Book Review or Book Report?? (2)

Fancia (710007) | more than 2 years ago | (#36701354)

Didn't even bother to post anonymous coward to make it look like you weren't defending yourself in the third person, huh?

who buys these books? (1)

alen (225700) | more than 2 years ago | (#36698586)

i never figured out who buys all this stuff from think tanks and other organizations. is it all for academic purposes? i've never seen normal people reading this type of non-fiction on the train home

Re:who buys these books? (1)

liquidweaver (1988660) | more than 2 years ago | (#36698634)

Yeah... I bought a couple in the past.... I think the last one was "Private Security and the Law". The problem is they usually have a few pearls of wisdom but you have to sift through hundreds of pages to get them out. Never again - it's TED/JREF/small easily digestible presentations for me.

Re:who buys these books? (0)

Anonymous Coward | more than 2 years ago | (#36698912)

Reading this book on the train home would be asking for the authorities to question me. Taking it on a plane? I might as well be the Goatse Guy. Books like this can only read in secret bunkers, meth labs, or remote cabins.

Actually I read this book (0)

Anonymous Coward | more than 2 years ago | (#36703932)

I bought this book and it is really good. No it doesn't show you how to hack the planet but it gives a good read on how governments work in the field of surveillance and how surveillance and REAL security don't work together. You can only have one or the other. If you set up systems the "watch" everything then these systems can be used by the people being watched to watch the watchers.

This woman worked for Sun Systems for years on government contracts designing and setting up secured systems. Susan knows things. I met her once this woman is one smart cookie.

What ho? (2)

stiggs (744750) | more than 2 years ago | (#36698590)

A timely post given the headlines from the UK today [bbc.co.uk] . Britain's high-tech surveillance society is now in a royal mess, shall we say, with the Prime Minister, the police, and the press as major players. The corruption has just been shown to reach into law enforcement in a widespread way [itpro.co.uk] .

Re:What ho? (0)

Anonymous Coward | more than 2 years ago | (#36698698)

yup, some of this surveillance stuff has gone way too far.

either way, i am glad to see news of the world go...trashy news paper

Help from History (0)

Anonymous Coward | more than 2 years ago | (#36698626)

The way things are going, can anyone recommend books or other materials on how East Germans got around the Stasi?

I'm just an American with no real power and it looks as though I will have to break the law in order to assert my Constitutional Rights.

It's amazing, no matter how I vote, things get worse.

Wag the Dog. (1)

passionplay (607862) | more than 2 years ago | (#36698758)

I find the most compelling book is omitting the most compelling story of all. Carnivore. All I hear is "the bad guys are doing it worse, we have to do it better to keep them out." And "there is no security, so we have to build it into the network " because if we build the security, we'll own the back door. The internet has security for when you want to use it. The internet has no security when you don't want it. The problem is that the government has gotten used to having all of our lives under scrutiny in the name of security. Privacy as we know is eroding over the amorphous war on terror. The war that was started by those now fighting when they used those exact tactics in Vietnam. The world is simply emulating the US albeit in an earlier stage of evolution. Instead of attempting to undermine their development, developing them as equal partners that didn't have to fear the US might be a goal worth exploring. But human beings are less altruistic than their primate cousins. I'm sure we'd still screw this up if we tried it. I think we'll just have to wait for the pendulum to swing back. Until then, Generation Y and Z are going to be stupid enough to think that the government can protect them when they won't do it for themselves.

Re:Wag the Dog. (0)

Anonymous Coward | more than 2 years ago | (#36698868)

accd. to http://www.quora.com/Internet-Law/Is-warrantless-mass-Internet-surveillance-by-the-government-illegal-in-the-United-States, it seems like Carnivore is discussed in the book.

Not just an academic, former Sun engineer as well (1)

amanicdroid (1822516) | more than 2 years ago | (#36698896)

I became aware of Susan from the recent New Yorker article about Thomas Drake: http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all/ [newyorker.com]

But Susan Landau, a former engineer at Sun Microsystems, and the author of a new book, âoeSurveillance or Security?,â notes that, in 2003, the government placed equipment capable of copying electronic communications at locations across America. These installations were made, she says, at âoeswitching officesâ that not only connect foreign and domestic communications but also handle purely domestic traffic. As a result, she surmises, the U.S. now has the capability to monitor domestic traffic on a huge scale. âoeWhy was it done this way?â she asks. âoeOne can come up with all sorts of nefarious reasons, but one doesnâ(TM)t want to think that way about our government.

As I understand it, she left during the Sun/Oracle transition but here's her page there: https://labs.oracle.com/people/slandau/ [oracle.com]

Re:Not just an academic, former Sun engineer as we (1)

amanicdroid (1822516) | more than 2 years ago | (#36698940)

Now with infinite percent more close tags: I became aware of Susan from the recent New Yorker article about Thomas Drake:

http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all/ [newyorker.com]

But Susan Landau, a former engineer at Sun Microsystems, and the author of a new book, âoeSurveillance or Security?,â notes that, in 2003, the government placed equipment capable of copying electronic communications at locations across America. These installations were made, she says, at âoeswitching officesâ that not only connect foreign and domestic communications but also handle purely domestic traffic. As a result, she surmises, the U.S. now has the capability to monitor domestic traffic on a huge scale. âoeWhy was it done this way?â she asks. âoeOne can come up with all sorts of nefarious reasons, but one doesnâ(TM)t want to think that way about our government.

As I understand it, she left during the Sun/Oracle transition but here's her page there:
https://labs.oracle.com/people/slandau/ [oracle.com]

The future drones on (1)

sacridias (2322944) | more than 2 years ago | (#36698960)

If you look at recent events such as identify theft hacking, and even the general acceptance of people in general, privacy is becoming a thing of the past. My sister and cousin took a family argument into facebook, kids tweet about everything even stuff most adults would consider personal. Older people have ideas like posting pictures of kids online could attract predators, younger parents find it cute. Add in the government pushing to make things safe for freedom and the American way. A few decades ago, you could steal someones identity and they would never know it, in fact, it rarely had any affect on their life. Now lenders collect tons of once private data to decide if they should give you a loan. In fact what we once thought as private is now considered common knowledge. In an attempt to protect themselves, they altered the way they do things. Kids have no thought of posting themselves being "stupid" on you tube, things that 50 years ago, or even 20 years ago, would have considered embarrassing. The upside is the human race is embracing differences, from religion to the way we act. The downside is we are loosing freedoms, privacy. In the middle you have a huge growing pain as we discover how to deal with new technology flying at us so rapidly, few can keep up with it. I believe the future will find a balance, where we are being watched, but groups like RIAA will become a thing of the past, freedom of information will come into reality as the costs to combat it will become to vast, coupled with the low costs to self publish bringing third party companies to rethink their ways. On the flip side, someone crying over a rainbow can become just as famous as someone singing a really great song.

Re:The future drones on (0)

Anonymous Coward | more than 2 years ago | (#36699100)

Google+ and Facebook will only add to these woes...................

Re:The future drones on (1)

Dutchmaan (442553) | more than 2 years ago | (#36699452)

"Kids have no thought of posting themselves being "stupid" on you tube"

Used to be you were able to say.. 'people don't act that way' and get away with it.. now kids have a million and one examples of other kids all over the world being just as stupid. I guess in the midst of all the 'white noise' one persons embarrassing actions become not so embarrassing through the simple fact that it's fairly commonplace behavior

NSA? (1)

decora (1710862) | more than 2 years ago | (#36700738)

i expect any article, let alone book, on wiretapping and security to at least mention the NSA.

The "hysteria and hyperbole and the threat of an Orwellian society" is based on facts, the facts of the 20th century.

The Nazi state was built upon mass surveillance, as was the Soviet, with the NKVD (KGB, Cheka, etc).

The biggest threat to security has never been rogue terrorists, it has been state actors destroying their own citizenry.

Surveillance is one of their primary tools. This is not 'lunacy' and it is not 'paranoia'. It is fact-based analysis of actual, real security threats.

Fascism - 60 million dead in WWII, untold others.
Communism - countless tens of millions from starvation and war (China, Soviet Union, Cambodia, etc)

Terrorism - perhaps 50,000, probably much less.

Statistically, overweilding state power is something like 1000 times more deadly, just in the last century, than any "terrorists" or other groups that the author appears to want to lump in with that bizarre vague phrase "our enemies". Who, exactly, is "Our", and who exactly, are "enemies"?

A few weeks ago, an "enemy" who was an "insider leaker of sensitive information" turned out to be innocent when just about the entire internet objected to his being called an 'enemy' , instead finding him to be a whistleblower. He blew the whistle on illegality and massive money wasting at the NSA. Where is his story in this academic tsunami of abstract theory? Where is reality? Where are the facts?

Don't want to be hacked... (1)

blahplusplus (757119) | more than 2 years ago | (#36701686)

... don't put it on the internet.

Most security is a dream anyway when dealing with fallible human beings. The really important stuff should be protected, other stuff not so much.

I wonder if this book covers synthetic telepathy (1)

Anonymous Coward | more than 2 years ago | (#36702304)

Synthetic telepathy neurotechnology devices, covertly implanted in the human brain while the subject is rendered temporarily unconscious, provide the ultimate surveillance tool. They can then remotely read your thoughts and see and hear what you do. It's wicked! For more info on this check out http://thepiratebay.org/torrent/6523014/Government_is_abducting_citizens_and_implanting_their_brains.__E [thepiratebay.org] PS - This is not a joke.
Check for New Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...