Controlling the Flow of Information in the 21st Century
As we mentioned in last week’s Cyber Risk Report, “The issue at hand is no longer whether or even to what extent the revolution is being tweeted, the question henceforth is how are information networks to be managed.” The capabilities of freely flowing information to influence the command and control of coordinated forces has long been understood by military commanders. Greek historian Herodotus tells in his Histories of a deposed king passing obscured messages to organize revolution, and another king sending warning of impending attack; during World War I, soldiers would shoot at carrier pigeons bearing messages from front-line troops.
Today, when governments face political unrest, a very militarily inspired response is to limit, control, or deprive the free flow of information to the opposition. Organizations do likewise, though often for different reasons, and are quickly understanding how resourceful their users can be as they dodge workforce Internet filters by accessing content on their mobile phones. Over and over again, information that authorities wish to keep secret, or deny access to, is being exposed and shared widely by those under their control. How will confidentiality fare in the coming years?
One of the more interesting developments of the last few weeks was the response by Facebook to allow optional HTTPS encryption of all content sent and received, and not just login information. This came after it appeared a security breach, allegedly by those interested in removing posts critical of the Tunisian government’s response to regional unrest, resulted in credentials being captured and critical content being removed. By attacking the community where the critical posts were being hosted, the perpetrators could cause misinformation while the original posters and their audience could still access content. Content producers and their audience will still see something, although in some cases it’s either altered or removed.
When communications have a specific destination, such as the massive networks of Facebook or Twitter, controlling the destination can be effective. However, this type of control does not fare well when there is fragmentation of destinations (the same content is available many places) and/or uncooperative destinations. At this time, the Facebook and Twitter communities are very centralized, and replicating them in response to attacks on their integrity or availability is difficult or impossible to control. However, under the right circumstances, their operators may be cooperative, given appropriate approaches and the policies of multinationals to consider global or regional modifications based on various laws and policies (e.g. Google’s previous search filtering when providing content to users in China).
In contrast, the response to the attempts to control the hosting of Wikileaks was very quickly avoided by many organizations and individuals. At first, organizations took successive responsibility for hosting the main site; eventually mirroring the main site at a variety of user-hosted locations meant that no single domain held the content, though it was populated from a master version hosted in Switzerland. This mirroring ultimately made controlling the content hosted by Wikileaks on a destination basis infeasible.
Controlling conduits is much more common both by organizations and by governments. Numerous examples include Egypt’s widespread shutdown last week, China’s response to unrest in Xinjiang, Iran’s temporary shutdown following controversial elections in 2009, and many more. On the organizational level, this is typically performed for network compartmentalization, such as the segregation of a voice or management VLAN, the inavailability of Intranet resources to public kiosks or on guest Wifi, restriction of a particular WAN connection for redundant failover only, and so on.
In these cases, there is a requirement that the controlling entity be able to maintain physical control over the conduit itself, and that there are no out-of-band conduits that are accessible in parallel. If so, it may not be possible for complete control to be maintained. For example, there are reports that while North Korea restricts general access to the Internet or international phone calls, unauthorized use of Chinese cell phones is found along the border. Chinese-controlled cell tower signals can penetrate North Korean borders for up to six miles. For organizations, this means controlling unauthorized Wifi hotspots, employee cell phones, or split tunneling for VPN access.
Content control is another common practice. Blocking access to particular sites or classes of sites is one method, or deep inspection may be performed to restrict content based upon particular words or multimedia found. Australia has been considering content-based filtering by each of its service providers, though current plans are facing political opposition.
When filtering content, many of the same caveats that apply to controlling conduits apply, as it is usually up to those controlling conduits to apply content controls. However, within a conduit various means may be used to avoid content-based filtering. Besides overcoming the sophistication of various deep-inspection filters (e.g. the methods employed by spammers to dodge filters and deliver “great deals” on v1ag-ra), if users can access VPN tunnels, proxies, or encrypted anonymizers like Tor, such filtering can be rendered ineffective.
Content control can often be considered transport-independent. If an organization can control any point from origin to destination, then they have an opportunity to filter for content. Because of this flexibility, it may continue to be a common denominator when leveraging control over communications, while that same flexibility may mean it can be most easily routed around by those being controlled.
Origin control is often much harder to enforce, for many of the same reasons that destination control is. Originating endpoints can be numerous, and locking each one’s communication down can be exceedingly difficult. Egyptian protesters who found the Internet and cell phones unavailable were able to turn to landlines and Google Voice, which transcribed their voice mail messages into tweets. In some cases, enforcement can be handled by policies (such as organizations preventing the possession of cell phone cameras within a secure facility). In others, threats of oversight can dissuade users from visiting sites that may be considered objectionable by the overseer, with successful threats resulting in self-censorship.
I suspect that endpoints will be an area where significant changes in censorship resistance will be seen. The developing world has very high percentages of cell phone users, and technologies like Serval are emerging which could keep these cell users connected to each other using ad hoc mesh networking in the absence of cellular infrastructure. As resiliency capabilities like peer-to-peer and mesh networking become available to end users, there will be less reliance on established infrastructure in the event of a disrupting event. Without a centralized way to prevent inter-device communications, it will be quite difficult for data sharing to be constrained. This is essentially the converse of the distributed destination countermeasures employed by mirroring Wikileaks; by multiplying the source of, say, a video of police brutality during a political protest, the chances that the video will be able to spread among individuals and eventually onto the wider Internet increase.
Individuals around the world have embraced the eruption of self-publishing capabilities that define Web 2.0. In response to this explosion of information sharing and increasingly easier globalized publishing, governments and organizations are facing the grim reality that controlling data is becoming much more difficult. Not only will this be a vehicle for advancing social change, it will be a significant regulatory and data security hurdle for confidential corporate information. As John Gilmore is famously quoted, “The Net interprets censorship as damage and routes around it.” How organizations and individuals will respond to these challenges remains fluid; for now, this continues to hold true.