Book Review: Surveillance Or Security?

brothke writes "Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is a hard book to categorize. It is not about security, but it deals extensively with it. It is not a law book, but legal topics are pervasive throughout. It is not a telecommunications book, but extensively details telco issues. Ultimately, the book is a most important overview of security and privacy and the nature of surveillance in current times." Read below for the rest of Ben's review.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies
author	Susan Landau
pages	360
publisher	MIT Press
rating	10/10
reviewer	Ben Rothke
ISBN	9780262015301
summary	Definitive text on the topic of surveillance, security and privacy read.

Surveillance or Security? is one of the most pragmatic books on the topic in that the author never once uses the term Big Brother. Far too many books on privacy and surveillance are filled with hysteria and hyperbole and the threat of an Orwellian society. This book sticks to the raw facts and details the current state, that of insecure and porous networks around a surveillance society.

In this densely packed work, Susan Landau, a fellow at the Radcliffe Institute for Advanced Study at Harvard University details the myriad layers around surveillance, national security, information security and privacy. Landau writes that her concern is not about legally authorized law enforcement and nationally security wiretapping; rather about the security risks of building surveillance into communications infrastructures.

Landau details numerous reasons why communications security is hard to do right; but an imperative for our ultimate security, privacy and digital wellbeing.

In 250 pages, Landau makes a compelling case. In addition to her superb handle on the topic, the book has over 80 pages of footnotes, where everyquote, statement and claim is verified and confirmed. The book is a great launching pad for a much deeper analysis on the topic.

The main theme of the book is that digital communications have revolutionized the way in which society interacts. The Internet is now the lifeblood of many businesses and governments, including a significant part of our critical infrastructure. The fact that this infrastructure lacks comprehensive security and privacy controls are a troubling concern.

In 11 dense chapters, Landau notes that since security and privacy have not been fully integrated into this infrastructure; this leaves us exposed and vulnerable to cyberattacks.

In the introduction, Landau notes that with this new computing and telecommunications paradigm, the job of law enforcement has become much more challenging. In previous years, surveillance was relatively easy. Once law enforcement had physical access to a phone line, they were in. Today, with cell phones, VoIP, Internet cafes, anonymizing services and more, the dynamics have changed and this has caused quite a shock for law enforcement; who are often struggling to deal with this new paradigm.

Landau notes that the surveillance and eavesdropping technologies that have been deployed since 9/11 are being used to catch one set of enemies. But other antagonists may be posed to turn these tools against us, and we are putting into place something for our enemies to use that they could not afford to do on their own. As to this and other difficult questions that Landau brings up; there are no simple answers.

Chapter 3 — Securing the Internet is Difficult — notes that the original creators of TCP/IP did not have security in their design. Their concerns were more along the lines of traffic breakdowns, packet loss, robustness and more; but not security and privacy. In some ways, this may be been a blessing, as Dennis Jennings, who ran the NFSNET; states that "had we known what was to come, we'd have been terrified and the Internet would never have happened.

In chapter 5 — The Effectiveness of Wiretapping– Landau notes that the biggest use of wiretapping tools is not actually the capture of conversation. But something that is not really wiretapping at all: the capture of transactional information.

Chapter 7 – Who are the Intruders? What are They Targeting?– is one of the best chapters in the book. Landau details both the internal threat and industrial espionage, and it is not a pretty picture. Landau provides numerous cases where nation-states used networks, rather than people to infiltrate US interests, governmental, industrial and scientific areas. She notes that these insider attacks are often the most difficult to detect; the reason being that insiders know the systems, know where the important data is, and what the auditors are looking at. This ultimately makes insiders attack particularly pernicious.

So how significant are nation-states infiltrating US networks? Landau quotes a confidential government source that the NASA network was "completely open to the Chinese".

Landau makes her message loud and clear in chapter 8 when she notes that it does not help to tell people to be secure; rather security must be built into their communications systems. Security must be ubiquitous, from the phone to the central office and from the transmission of a cell phone to its base station to the communications infrastructure itself.

In chapter 9 – Policy Risks Arising from Wiretapping – Landau details how deep packing inspection (DPI) is used by ISP's. It is the ISP's who have the capability to know what you are browsing, what your email says, your VoIP conversation and much more. In a short amount of time, the ISP can develop a dossier on the user, and as noted, it has the ability to amass data to an amount that the Stasi could only dream of. This surveillance ability is what is most troubling to the author.

Landau continues that the only way for a person to avoid the risk from ubiquitous uses of DPI by an ISP would be to encrypt everything. While not completely done now, Gmail and Skype do bulk encryption.

The book closes with chapter 11 – Getting Communications Security Right– and there are no easy answers. Landau notes that across the globe, there are projects on clean-slate network architectures. But our current infrastructure is quite insecure and porous.

Surveillance or Security?: The Risks Posed by New Wiretapping Technologies is an extremely important book on the topic of the many risks posed by new wiretapping technologies. Landau has the remarkable talent of taking very broad issues and detailing them in a concise, yet comprehensive manner. The book should be seen as the starting point for discussion on a most important topic.

Landau does an excellent job of detailing how unwarranted surveillance can undermine security and affect our rights, while noting that security for every citizen is paramount to the very spirit of the Constitution.

The book closes with the very principles of what it means to get communications security rightand that adhering to these principles cannot guarantee that we will be completely secure. But failure to adhere to them will guarantee that we will not.

As to Surveillance or Security?: The Risks Posed by New Wiretapping Technologies, required reading it is, but that term does not do justice to the importance of this book. Simply put, this book is the definitive text on the topic and it is a title that needs to be read.

Reviewer Ben Rothke (@benrothke) is the author of Computer Security: 20 Things Every Employee Should Know

You can purchase Surveillance or Security?: The Risks Posed by New Wiretapping Technologies from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page.

Re:

[hedwards]

You forgot the "leave it completely open for the benefit of humanity" option that seems to always crop up with regards to WAP.

Book Review or Book Report??

[Anonymous Coward]

This whole "review" reads like an 8th grade book report.

You don't need to summarize every fucking chapter of the book, that's something anyone can do from looking at the table of contents. There isn't really much reviewing going on in this story, and its sad that there are no really criticisms or critiques in this.

Re:

[captainpanic]

Maybe it's just all important? And maybe there's not much of a storyline, just a list of facts?

Anyway, it sounds like mandatory reading for all future politicians: either as a warning or as a guidebook.

Re:

[brothke]

he didn't summarize every chapter. As to his 8th grade book report, he wrote the chapter count...u do the 1st grade made.... and see that he did not write on every chapter or close to it.

Re:

[Fancia]

Didn't even bother to post anonymous coward to make it look like you weren't defending yourself in the third person, huh?

who buys these books?

[alen]

i never figured out who buys all this stuff from think tanks and other organizations. is it all for academic purposes? i've never seen normal people reading this type of non-fiction on the train home

Re:

[liquidweaver]

Yeah... I bought a couple in the past.... I think the last one was "Private Security and the Law". The problem is they usually have a few pearls of wisdom but you have to sift through hundreds of pages to get them out. Never again - it's TED/JREF/small easily digestible presentations for me.

Re:who buys these books?

[Cinder6]

TSA would like it if you were the Goatse guy. Much easier to search.

What ho?

[stiggs]

A timely post given the headlines from the UK today [bbc.co.uk]. Britain's high-tech surveillance society is now in a royal mess, shall we say, with the Prime Minister, the police, and the press as major players. The corruption has just been shown to reach into law enforcement in a widespread way [itpro.co.uk].

Re:

[robot_love]

I think in the end, the final solution to the Stasi was to overthrow the government...

Re:

[inglorion_on_the_net]

I don't think the government of the GDR was actually overthrown; I've always been told that they resigned [wikipedia.org].

Wag the Dog.

[passionplay]

I find the most compelling book is omitting the most compelling story of all. Carnivore. All I hear is "the bad guys are doing it worse, we have to do it better to keep them out." And "there is no security, so we have to build it into the network " because if we build the security, we'll own the back door. The internet has security for when you want to use it. The internet has no security when you don't want it. The problem is that the government has gotten used to having all of our lives under scrutiny in

Not just an academic, former Sun engineer as well

[amanicdroid]

I became aware of Susan from the recent New Yorker article about Thomas Drake: http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all/ [newyorker.com]

But Susan Landau, a former engineer at Sun Microsystems, and the author of a new book, âoeSurveillance or Security?,â notes that, in 2003, the government placed equipment capable of copying electronic communications at locations across America. These installations were made, she says, at âoeswitching officesâ that not only conne

Re:

[amanicdroid]

Now with infinite percent more close tags: I became aware of Susan from the recent New Yorker article about Thomas Drake:

http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?currentPage=all/ [newyorker.com]

But Susan Landau, a former engineer at Sun Microsystems, and the author of a new book, âoeSurveillance or Security?,â notes that, in 2003, the government placed equipment capable of copying electronic communications at locations across America. These installations were made, she says, at âo

The future drones on

[sacridias]

If you look at recent events such as identify theft hacking, and even the general acceptance of people in general, privacy is becoming a thing of the past. My sister and cousin took a family argument into facebook, kids tweet about everything even stuff most adults would consider personal. Older people have ideas like posting pictures of kids online could attract predators, younger parents find it cute. Add in the government pushing to make things safe for freedom and the American way. A few decades ag

Re:

[Dutchmaan]

"Kids have no thought of posting themselves being "stupid" on you tube"

Used to be you were able to say.. 'people don't act that way' and get away with it.. now kids have a million and one examples of other kids all over the world being just as stupid. I guess in the midst of all the 'white noise' one persons embarrassing actions become not so embarrassing through the simple fact that it's fairly commonplace behavior

NSA?

[decora]

i expect any article, let alone book, on wiretapping and security to at least mention the NSA.

The "hysteria and hyperbole and the threat of an Orwellian society" is based on facts, the facts of the 20th century.

The Nazi state was built upon mass surveillance, as was the Soviet, with the NKVD (KGB, Cheka, etc).

The biggest threat to security has never been rogue terrorists, it has been state actors destroying their own citizenry.

Surveillance is one of their primary tools. This is not 'lunacy' and it is not 'p

Don't want to be hacked...

[blahplusplus]

... don't put it on the internet.

Most security is a dream anyway when dealing with fallible human beings. The really important stuff should be protected, other stuff not so much.

I wonder if this book covers synthetic telepathy

[Anonymous Coward]

Synthetic telepathy neurotechnology devices, covertly implanted in the human brain while the subject is rendered temporarily unconscious, provide the ultimate surveillance tool. They can then remotely read your thoughts and see and hear what you do. It's wicked! For more info on this check out http://thepiratebay.org/torrent/6523014/Government_is_abducting_citizens_and_implanting_their_brains.__E [thepiratebay.org] PS - This is not a joke.

Susan Landau's actual homepage is privacyink.org

[FF00]

http://privacyink.org/ [privacyink.org] hope this helps, FF00