Everyone in Congress seems to be proposing new legislation for Carnivore, the U.S. Federal Buearu of Investigation's black-box system for wiretapping - with a court order - the communications of a suspect in a criminal case through that person's Internet service provider.
But for years, privacy advocates have been complaining about a much more powerful global network named Echelon. Run by the U.S. and its allies, Echelon is able to intercept and decrypt almost any electronic message sent anywhere in the world. What ruffles the feathers of privacy advocates is Echelon's potential for misuse, because it intercepts both sensitive government data and corporate information.
Echelon appears to have been in operation since the 1980s, but it wasn't until the 1990s that journalists such as Duncan Campbell and scholars using the Freedom of Information Act were able to piece together a rough picture of how it works.
Essentially, Echelon is a massive keyword-checking system that's able to reference any form of written - and possibly many types of spoken - communication. Its effectiveness lies in the fact that it taps into the major channels across which information is sent globally: fiber-optic cables, satellite ground-receiving stations and spy satellites.
By January 1998, revelations about the massive scale of Echelon's interception of information led the European Union to commission a report, "An Appraisal of Technologies of Political Control" (http://cryptome.org/stoa-atpc.htm). The report analyzed Echelon and asked whether it was a threat to Europeans' civil liberties.
Last September, the EU released a report blasting the UKUSA - an alliance of the U.S., U.K., Canada, Australia and New Zealand - for using Echelon to intercept confidential company information and divulging it to favored competitors to help win contracts. The report alleged that Airbus Industrie in Blagnac Cedex, France, lost valuable contracts because of information intercepted by Echelon and used by The Boeing Co. in Seattle to obtain a competitive advantage.
How will companies know if their communications are being monitored by systems such as Echelon? They won't.
Potentially, the system can intercept almost any electronic communication and then check it against various dictionaries containing keywords of interest.
Despite the hype, a senior U.S. Central Investigation Agency official speaking on condition of anonymity says systems such as Echelon don't have enough computing power to effectively sort through everything intercepted. Often, technology is the least of the agency's concerns. Since we can't process anywhere near the volume of stuff that people generate, we need a hint about what to go after," says the official.
Campbell, a pioneer in Echelon reporting, says he believes that Echelon has no problem with written materials but that the science of speech recognition isn't advanced enough for a real-time global listening system to transcribe hundreds of thousands of simultaneous calls. What Echelon is able to do, he asserts, is voice-pattern matching, to detect who is speaking.
Supposedly, the National Security Agency (NSA) had a hand in designing Echelon.
What troubles many is that the U.S. foreign intelligence agency seems to have had a hand in designing other things such as commercial software, possibly to make it more susceptible to Echelon interception and decoding. Last September, a North Carolina security company analyzing the Windows NT 4 Service Pack 5 noticed developers had forgotten to strip out debugging notations, and next to two keys found the labels "KEY" and "NSAKEY." Though inclusion of an NSA key is supposed to make it easier for government workers to trade confidential documents, such a key could also allow software with built-in "back doors" to clip information, encrypt it and then forward it to the NSA for processing. A Microsoft official says the key is labeled "NSA key" because the NSA is the technical review authority for U.S. export controls, and the key ensures compliance with U.S. export laws. He says Microsoft hasn't shared this key with the NSA or any other company or agency.
Windows isn't the only potential Echelon hole in an enterprise. Various telephone digital private branch exchanges are purported to have back doors for intelligence eavesdropping. The Swedish newspaper Svenska Dagbladet reported in November 1997 that non-U.S. versions of Lotus Notes contained an NSA co-designed way to more easily analyze e-mail. Every time Notes sends a message, the report claimed, it broadcasts along with the encrypted message part of the key it used to make the message more secure. The partial key is encrypted using an NSA public key. When the NSA intercepts the e-mail, the newspaper reported, it can use its private key to unlock the key, which is a guide to how the e-mail itself was encrypted.
Any involvement between the NSA and software makers is rumored, at best (Lotus officials weren't available for comment). But through Echelon, and with a bit of software engineering, someone who wants to listen to a company's communications might be doing so.