NSA – Another Blow Against Internet Anonymity
Dec 29th, 2008 by sherri
Last week, the NSA was granted a patent which supposedly allows them to “Spot Network Snoops.”1 At first glance, the patent seems rather obscure and boring. However, it could have major implications for anonymity and privacy on the Internet.
Back in 2005, the same NSA inventor, Michael Reifer, and a colleague were granted a patent called “Method for Geolocating Logical Network Addresses.” At the time, this made a bit of a splash. It was a technique for matching IP addresses to physical geographical locations, based solely on packet timing information.
“‘If someone’s engaged in a dialogue or frequenting a “bad” Web site, the NSA might want to know where they are,’” said Mike Liebhold, a researcher at the Institute for the Future.2 Rather than examining packet content (which could be encrypted, or require a warrant), looking up registrant information (often incorrect) or soliciting information from an ISP/law enforcement (slow, may run into privacy laws), the NSA’s 2005 patent “relies on measuring the latency, meaning the time lag between computers exchanging data.”3 The NSA would have to place numerous sensors throughout the Internet and measure the packet latency between the sensors and many other IP adresses, effectively generating a “network latency map.” Then, to geolocate an unknown IP address, they would measure the amount of time that it takes to connect to the unknown system, and look up the location in the network latency map.
One hurdle for geolocating IP addresses using this technique is that content filters, firewalls and other devices can add to the latency time of a route, thus skewing the results and diminishing the accuracy. Furthermore, attackers could intercept and retransmit traffic, also skewing results. To effectively geolocate an IP address, the NSA would need more information about the devices on the path.
Enter last week’s patent by the same inventor, “Method of detecting an intermediary communication device,” (Michael Reifer). This new patent is built on the same general technique– it uses timing information alone to detect stepping stones on a path, and identify their functions.
Using this second patent in conjunction with the first, the NSA could track Internet users with better accuracy, and also maintain an increasingly comprehensive map of Internet topology and devices. One application of these network geolocation and mapping capabilities is to catch crooks. Another is to track communications en masse and locate everyday Internet users.
Timing information isn’t the most precise method for finding the origin or path of a transmission. However, this technique has several benefits. It allows the NSA to track and analyze Internet communications:
1) Without analyzing content (often requires a pesky warrant, and sometimes inaccessible due to encryption)
2) Without sending out traffic (this would tip people off and cause network congestion)
3) Without capturing timestamps “at many places on the Internet” (minimizes equipment)
The patent author detailed this explicitly towards the end of “BACKGROUND OF THE INVENTION.”
The NSA’s Internet geolocation and mapping patents require a network of sensors throughout the Internet, which the NSA explicitly states “may be passive or active.” Each sensor could either send out its own test traffic, or just silently monitor existing traffic.
What level of precision could the NSA achieve today? It’s likely that right now their results would not be very granular, but consider that thirty years ago, computers were the size of a room. The foundations of communications monitoring today are merely crude outlines of what could evolve into a sophisticated global analysis system.
As with any technology, the NSA’s Internet geolocation and network mapping technologies can be used to facilitate free communications or as a method of control. I don’t know to what extent this technology has been implemented, or how it is being used. I do know that if the NSA can get it to work with reasonable accuracy, then this will have major consequences for anonymity and privacy on the Internet. For better or for worse, the Wild West would be gone.
Sherri Davidoff
1McMillan, Robert, “NSA patents a way to spot network snoops,” December 2008, http://www.itworld.com/networking/59610/nsa-patents-way-spot-network-snoops
2McCullagh, Declan, “NSA granted Net location-tracking patent,” CNET, Sept 2005, http://news.cnet.com/NSA-granted-Net-location-tracking-patent/2100-7348_3-5875953.html
3McCullagh, Declan, “NSA granted Net location-tracking patent,” CNET, Sept 2005, http://news.cnet.com/NSA-granted-Net-location-tracking-patent/2100-7348_3-5875953.html
Actually, they had this idea much earlier. I remember to have a conversation about possibility of using our distributed computer network for this purpose back in 2000. If somebody is really concerned with this particular method of net location tracking there is still something that can be done relatively easy. Some code may be injected in the network layer (as done by network simulators like NIST) to artificially delay packets in such a way that it will make it impossible to rely on the latency information only.
without reading all of the links, i think anonymity nets like the tor onion router (and offshoots) may make it difficult to use this method.