"Packet-tapping" tech may have the ability to see behind encryption
In Korea, foreign services such as Gmail and Hotmail are considered safe havens from government spying. They use HTTPS; encryption protects the packets from being openly monitored by man-in-the-middle government techniques that do not require the equivalent of a search warrant in their countries of origin. As the slightly paranoid (if at all) Christopher Soghoian explains so well in The forces that led to the DigiNotar hack,
When users connect to Facebook, Twitter, or Hotmail—as well as many other popular websites—they are vulnerable to passive network surveillance and active attacks, such as account hijacking. These services are vulnerable because they do not use HTTPS encryption to protect all data as it is transmitted over the Internet.
Such attacks are trivially easy for hackers to perform against users of an open WiFi network using tools like Firesheep. They are also relatively easy for government agencies to perform on a larger scale, when they can compel the assistance of upstream ISPs.
As I described above, because Google will not respond to formal requests for user data from certain governments, it is likely that the state security agencies in these countries have come to depend on network interception, performed with the assistance of domestic ISPs.
Unfortunately for these governments, in January 2010, Google enabled HTTPS by default for Gmail and a few other services. Once the firm flipped the default setting, passive network surveillance became impossible. Thus, in January 2010, the governments of Iran and a few other countries lost their ability to watch the communications of domestic Google users.
And now, with HTTPS increasingly enabled by default as a definite value added feature, it would seem, in the struggle between Good and Evil, that Good may actually have a leg up. Not so. True, "packet tapping" requires a court order -- but faith placed in the security of encryption technology -- or, perhaps, in those holding the keys -- is soon to be tested:
Unlike normal communication tapping methods, packet tapping is a technology that allows a real-time view of all content coming and going via the Internet. It opens all packets of a designated user that are transmitted via the Internet. This was impossible in the early days of the Internet, but monitoring and vetting of desired information only from among huge amounts of packet information became possible with the development of “deep packet inspection” technology. Deep packet inspection technology is used not only for censorship, but also in marketing such as custom advertising on Gmail and Facebook.
The fact that the NIS taps Gmail, which uses HTTP Secure, a communication protocol with reinforced security, means that it possesses the technology to decrypt data packets transmitted via Internet lines after intercepting them.
“Gmail has been using an encrypted protocol since 2009, when it was revealed that Chinese security services had been tapping it,” said one official from a software security company. “Technologically, decrypting it is known to be almost impossible. If it turns out to be true [that the NIS has been packet tapping], this could turn into an international controversy.”
“The revelation of the possibility that Gmail may have been tapped is truly shocking,” said Jang Yeo-gyeong, an activist at Jinbo.net. “It has shown once again that the secrets of people’s private lives can be totally violated.” Lawyer Lee Gwang-cheol of MINBYUN-Lawyers for a Democratic Society, who has taken on Kim’s case, said, “I think it is surprising, and perhaps even good, that the NIS itself has revealed that it uses packet tapping on Gmail. I hope the Constitutional Court will use this appeal hearing to decide upon legitimate boundaries for investigations, given that the actual circumstances of the NIS’s packet tapping have not been clearly revealed.”
Please direct questions or comments to [englishhani[at]hani.co.kr]
NIS admits to packet tapping Gmail: If proven, international fallout could occur over insecurity of the HTTP Secure system
By Noh Hyung-woong
Are the emails encrypted only in transport? Did the NIS actually break the encryption? Did Google hand over the data? Or was more lost than was reported in early September, when Google's offices in Korea were raided over antitrust issues with the Android app?
Be seeing you.