October 2000 Column

[ Site Index] [ Linux Index] [ Feedback ]

RIP it up

Mr Angry goes to Westminster

WARNING: Strong language follows -- I'm angry! The government has taken an axe to our civil rights, in a Bill that was quietly passed in August. In fact, I'm so angry that if you're of a sensitive disposition, you should skip the next paragraph.

Welcome to the brave new world of British government, post Regulation of Investigatory Powers Bill. The Bill is now an Act, and a stupid, misguided, dangerous Act at that. Whatever malevolent spawn of Big Brother were responsible for this secret policeman's wet-dream should be ashamed of themselves. In protesting that there was nothing wrong with it, and that the government wouldn't dream of abusing the draconian powers of surveillance and intrusion that it grants them, Jack Straw deserves a special Ostrich award -- he's got his head stuck so far up his ass that he could give himself a tonsilectomy with his teeth.

The RIP Bill blows away the right to be deemed innocent until proven guilty, because it puts a presumption of guilt upon the defendant, right from the start. It removes the right to have a fallible, human, memory: if you forget something, you can be slung in prison to rot. It forces honest citizens to lie under pain of imprisonment, even if in the process of telling their government-mandated mistruths they should incriminate themselves for a crime they haven't committed. It's going to drive any business with a shred of respect for the privacy of their customers overseas. It's going to allow low-level officials to impersonate people on the net, using digital signatures, to such an extreme that they can forge legally binding contracts. To say that it's a legal abomination is an understatement: it's at odds with just about every clause in the European Convention of Human Rights (now being entered into English and Welsh law, as it came into effect in Scottish law last year). It is inimical to good business practice, and by its very existence undermines respect for the law.

It's also stupidly easy to circumvent -- and I'm going to explain how to do that later.

But first, introducing the real law'n'order problem on the electronic frontier: the pay-as-you-go mobile phone. While the Home Office was mandating a secret policemen in every ISP, monitoring all email traffic, the real thing that's worrying the police is the pay-as-you-go phone. You can buy one of these for cash. You don't have to register your name and address to use it; it's a perfectly anonymous communications tool. If you want to plot your next bank robbery with your mates, all you need to do is nip down to Tesco's, buy a couple of phones, and exchange numbers. There is no way that your identity can be disclosed without your collusion.

However, mobile phone monitoring isn't sexy and a legislative attack on anonymous phone services will affect tens of millions of people, as opposed to the tens of thousands of businessmen who understand the implications of an attack on cryptographic key security. And with a background of rising crime figures, the government feels under pressure to be seen to do something. So what could be more effective (publicity-wise) than a crack-down on those desperados who want to send email that only the intended recipient can read?

The result is the Regulation of Investigatory Powers Bill. This rather bland-sounding Home Office bill provides for intrusive surveillance, bugging, indiscriminate monitoring of email, and creates some new criminal offenses -- like being unable to provide the plaintext of an encrypted document (because, quite possibly, it was sent several years ago and you've forgotten the password), or revealing to a third party that you've been served with an order to tap someone's email feed. Yes, that last point means what you thought it means. Suppose you work in an internet service provider's offices. You can be served with a warrant -- by home office designated personnel, which in practice will mean the police, not a judge -- to monitor communications. If you reveal that you're under such a warrant, you are liable for five years in pokey. However, if your employers catch you misusing their equipment (as such activities are likely to appear), you're probably going to be sacked, and quite possibly prosecuted under the Computer Misuse Act (which carries, last time I looked, only about four years in prison).

Incidentally, a wide grab-bag of causes can be cited as grounds for an interception warrant. It's not just criminal activities and national security that will get MI5 rifling your mailbox; it's the economic interests of the UK, whatever they might be. (Buying books from amazon.com instead of amazon.co.uk, presumably.)

Then there are the broader issues. To quote Amnesty International's eminently clear explanation: "Once the RIP Bill becomes law, ISPs will be required to install a black box -- which would be linked to a central monitoring facility currently being installed in MI5's headquarters -- and which would allow the security services to monitor all Internet traffic. This new mass surveillance facility is called the Government Technical Assistance Centre (GTAC). This would enable MI5 to identify the pattern of individuals' Internet connections by monitoring logs of the websites accessed, which would provide knowledge of the pages downloaded, the addresses of email contacts, the discussion groups accessed, and so on." This bugging system is going to be expensive -- ISPs are going to have to pony up around 30 million quid a year in order to pay their share of the bill, because the Home Office certainly isn't going to pay for their own wiretaps.

The disclosure clause is really odious. If your communications have been intercepted, and they happen to be encrypted, you can be served with a notice to disclose the encryption key. Failure will get you two years in prison, even if you don't *have* the key. Valid reasons you may not have the key -- but which won't keep you out of prison -- include having forgotten it. Or maybe the software itself is obsolete, you don't use it any more, and the software and private key was only installed on your last but one PC, and six months ago you gave it to your neighbour's kid (who has reformatted it and used it as a games machine). Yes, there's no expiry date on this one! And it gets worse. How can you prove that a random corrupted data file isn't encrypted, to a skeptical policeman who "knows" you're hiding something? The burden of proof is on you, now, and you're no longer deemed innocent until proven guilty. The judge or magistrate may choose to believe your excuse that you've forgotten your key ... but they don't have to: instead of being innocent until proven guilty, you are now guilty unless a judge thinks you look as if you're telling the truth.

By the way, how are you going to prove to the police that your home filesystem isn't actually a steganographic filesystem concealing a bunch of dirty pictures? Linux supports StegFS, available from http://ban.joh.cam.ac.uk/~adm36/StegFS/. StegFS is a driver that runs on top of a standard ext2 filesystem. It allows files to be hidden among disk blocks and only revealed when a mount command with specific parameters (such as a password) is issued. If the drivers exist in your kernel, you could be accused of being a child pornographer -- with no way of proving that you aren't!

(Incidentally, if you're a *really* paranoid policeman, you might want to demand the steganographic keys to any suspect's Linux system. After all, there's no reason to suppose that the innocent-looking kernel in their /boot directory -- which doesn't support steganographic file hiding -- is the one they're running, is there? They might have booted off a floppy disk with a StegFS-aware kernel, which they're running; after boot-time they've unmounted this, so that the only visible kernel is one that doesn't support this driver. So quite possibly any Linux user could be guilty of hiding encrypted files, and liable for that two year prison stretch -- without any way of proving that they aren't. Kafka would have a field day.)

Once you've disclosed your keys, they're effectively public property. There's no restriction on how the empowered authorities must store or handle them; quite conceivably they could be published in a court record, handed over to foreign governments in an intelligence-sharing operation, or used by police officers who want to impersonate you on-line for purposes of entrapment. Since the e-commerce bill received Royal Assent, these keys have the same legal standing as your signature: they prove your identity and they can be used to sign legally binding contracts in your name. And you're not allowed to publicly declare that they've been disclosed, or you're in big trouble.

Mass surveillance facilities. Warrants served at the whim of police officers, with draconian penalties for revealing their existence. Secret investigations. Automatic presumption of guilt, in the absence of defense. It doesn't sound very friendly, does it? In fact, it sounds as if in the pursuit of a tiny minority of wrong-doers, the Home Office wants to treat us all like criminals.

There are other fun decorations on this bill, to add to its carnival of misrule. There's a tribunal to hear complaints about misconduct of surveillance operations, for example. As Amnesty International point out, if the operations are secret (remember that five year prison term for tipping the subject off?), how on earth can anyone know that there's anything to complain about? In the final Parliamentary reading a single concession to sanity was made -- the officer responsible for monitoring breaches of procedure over the enforcement of warrants can report to the Prime Minister whenever he feels like. (The original draft Act had such reports being made once a year.) There is, of course, no guarantee that a hear-no-evil politician with a tough-on-crime agenda will listen, of course ...

The RIP bill hasn't had an entirely trouble-free passage. We've been treated to the edifying sight of the Home Office Minister bleating about abuse of the new powers being impossible, because of course the government consists of honourable ladies and gentlemen who wouldn't countenance such acts. Even if we grant the moral probity of every single member of the current government, the question remains -- what about the next one? This lays the foundations for a police state.

Once this bill is law, it is going to do inestimable damage to the British economy, never mind its human rights record. I have personal knowledge of at least one major business-to-business e-commerce venture that is planning on avoiding the UK as a place to do business (although they'll host British companies, and take their money), because this bill has convinced them that the British government is fundamentally inimical to the idea of doing business securely over the internet. I'm sure they're not the only company in this position. Being able to demand encryption keys and use them for any purpose is a profoundly hostile move against e-businesses, as much so as the presumption of guilt is against basic human rights.

A number of ISPs have discussed moving their operations outside the UK altogether, in order to avoid the monitoring requirements; UK customers will still be able to dial an 0845 number, but their data call will be directed elsewhere in Europe, where the ISP won't have to shell out tens of thousands of pounds for wiretap gear (at their own expense) that violates their customer's privacy.

More serious is the loss of confidence in the UK as an e-business zone that this bill will cause. Internet traffic between countries may go through other countries en route to a final destination. What if one of those intermediate countries has a clause in their equivalent of the RIP Act similar to the "in the interests of the British economy" clause? If you were a businessman in country A trying to do business in country C, you'd be very unenthusiastic about your draft contracts and commercial secrets being routed through country B, with its economically-empowered spooks waiting to intercept your traffic and leak it to your competitors. If this sort of bill becomes common, the internet's development as an enabler of international commerce is going to be badly impeded.

Finally, it's not difficult to circumvent RIP in practice -- or at least ensure that when they're monitoring you they aren't doing it behind your back.

To start with, the mail monitoring warrants will be applied to ISPs (although the definition of an ISP is drawn so vaguely that anyone with a telephone qualifies). Their mail servers will have to host a monitoring device devised by CESG, similar to the FBI's Carnivore 2.0 system (which is currently picking up a lot of adverse publicity in the USA). But this assumes that criminals will send mail through their ISP's mail server! If you want to side-step this one, simply run sendmail on your Linux box and tell it to deliver straight to the destination mail servers. Then use a hotmail account (or similar) for collecting incoming mail. The result is that a Home Office warrant asking your ISP to give them your email will pick up nothing at all. If you have a cable modem or ADSL line, you can keep your connection up continuously; subscribe to a service like DynDNS that points a domain name and associated MX (mail exchanger) records at your dynamic IP address, and mail for your domain will go straight to your machine without going through your ISP's mail spool.

Ultimately, when the internet begins to move to IPv6, the next generation IP protocol (the packet layer in TCP/IP), all connections will be encrypted by default: this is really going to help the CESG wiretap spooks.

There are more extreme measures you can take. Rent a co-located server. (Prices currently start at thirty quid a month, and are in a constant state of free-fall.) Make sure that it's not located in a jurisdiction covered by RIP -- Holland is a good place to start, or Japan (where wire tapping is flat-out illegal, under constitutional law). Install the OpenSSH daemon on this server. From your home computer, use an ssh client to log into it.

Using ssh, you can set up an encrypted port forwarding tunnel; any connections to, say, port 177 (xdmcp, the protocol X11 runs over) on the box running the ssh client are encrypted and magically appear on the designated port on the server machine. Yes, you can install the X windowing system on the colocated server, and run your entire desktop session over a compressed, encrypted tunnel. (This works especially well if you have ISDN, ADSL, or a cable modem. For bonus points, locate and read the mini-HOWTO on LBX, Low-Bandwidth X; you can find it via the Linux Documentation Project, or in /usr/doc on your Linux system.)

In effect, you're shipping your PC overseas and keeping only the monitor, keyboard and mouse at home.

If you entire desktop session is running on a machine in a different country, and nothing is stored on your local machine except a temporary password to help you log into the remote system -- and if your entire session is encrypted -- all they can do is try to monitor your computer directly (a much more labour-intensive job than the indiscriminate trawling that the RIP Act encourages), or demand a login on your foreign system. In which case you're stuffed, because the RIP Act has already stripped your civil rights -- but at least you'll know you're stuffed, because the snoopers will have to notify you that you're being monitored. You might still be on the receiving end of a police state, but it'll be the old-fashioned kind -- not the brave new world of voraciously indiscriminate robot wiretaps envisaged by Jack Straw.

In summary: people who really have something to hide won't be any more at risk from the RIP Act than they were before it, because there are ways round it -- like plotting bank robberies using pay-as-you-go mobile phones instead of email. The people who will suffer are honest businesses, civil rights workers, anyone who annoys the government, and ultimately all of us (as our basic rights are eroded). In the long term, the only real hope is that the courts will find the RIP Act conflicts with the Bill of Rights -- but this is faint consolation to anyone who happens to be the test case.

Cool stuff

Whew -- hot in here, isn't it? Or maybe it's just me. After thinking about the Regulation of Investigatory Powers Act I feel the need to contemplate something extremely cool instead.

The cool thing in question has emerged from IBM, shambling towards the light: a wrist watch that runs Linux, of all things. Weighing about 50 grams and running a stripped-down embedded linux kernel, the watch uses an Arm processor core. It has a display capable of rendering text, 8Mb of memory, and is intended to communicate by wireless with other devices, such as keyboards or cellphones. It's a research prototype rather than a product -- its battery life of 2-4 days wouldn't exactly win it plaudits if sold as a watch -- but it's indicative of some interesting developments in Big Blue's research labs. Recently, IBM released under GPL an entire Bluetooth protocol stack: Bluetooth is a standard for short range (less than ten metres) wireless networking that will allow handheld or pocket gadgets to talk to each other. Think of it as a kind of USB bus, without wires: you can take a nifty folding keyboard (such as the one Think Outside designed for the Palm Pilot) and it will be able to talk to your watch or your cellphone or whatever.

The interesting thing is that IBM put Linux on this gadget -- not Windows CE, or EPOC/32. Linux is now making in-roads into the embedded systems market, that vast iceberg of invisible computing devices that are in everything from engine ignition systems to washing machines and burglar alarms, and which amount to some 80% of the entire software industry. This emerges the same month that IBM have announced pricing deals to allow mainframe users to run multiple Linux sessions under MVS, on their mainframes. Where's all this going?

Lest we forget the way the world was in 1990, IBM was grappling with a strategy called SNA -- system network architecture -- and various other three-letter acronyms designed to achieve convergence. IBM is a huge corporation; it has divisions bigger than most competing multinationals. The legacy of forty years of development (to 1990) was a raft of incompatible standards -- three incompatible mainframe ranges, for example, the RS/6000 RISC workstation range, and the then-new AS/400 minicomputers. IBM desperately needed to deliver interoperability across all their platforms, and picked the SNA potpourri as the obvious way of delivering -- a ten year strategy that was to cost them billions. OS/2 was the desktop component, for it would communicate seamlessly with all IBM's bigger systems ... but we know what happened to OS/2, don't we? Clue: Windows NT started life as "OS/2 Release 3" back before the Microsoft/IBM divorce.

Today, IBM is within months of showing one operating system and one application language running across the board on all their systems. Rather than the long-dead SNA strategy, IBM is betting on Linux and Java. Linux runs on S/390 mainframes, as a virtual machine under SNA, on RS/6000's (when they're not running AIX), and on PC's. It will soon run on AS/400 hardware, too. Where there's a Linux, there's also a Java virtual machine to interpret precompiled Java bytecode applications. One compiled executable format, one operating system platform ... for IBM, Linux is too good to be true.

The other shoe is finally dropping: IBM are investing hundreds of millions of dollars in developing Linux applications. Their strategy is clear: get Linux into every IBM shop, and it means you can start with a PC and work all the way up to a supercomputer or mainframe (or all the way down to a wristwatch or burglar alarm) using an IBM solution that works with your existing software. Microsoft, in contrast, are stranded on the desktop with a raft of incompatible operating system variants (Windows ME, Windows 2000, legacy Windows NT support, Embedded NT, and so on) and no way out.

Is the historic see-saw between IBM and Microsoft about to tip back towards Big Blue?

[ Site Index] [ Linux Index] [ Feedback ]