The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking te...
The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.
The revelations made possible by Edward Snowden, a contractor of the US intelligence service NSA, are a sobering reminder that the Internet is not an 'anonymous' means of communication. In fact, the Internet has never been conceived with anonymity in mind. If anything, the Internet and networking technologies provide far more detailed and traceable information about where, when, with whom we communicate. The content of the communication can also be made available to third parties who obtain encryption keys or have the means of exploiting vulnerabilities (either by design or by oversight) of encryption software. Irrebuttable evidence has emerged that the US and the UK intelligence services have had an indiscriminate access to the meta-data of communications and, in some cases, the content of the communications in the name of security and protection of the public. The conventional means of judicial scrutiny of such an access turned out to be ineffectual. The most alarming attitude of the public and some politicians is "If you have nothing to hide, you need not be concerned." Where individuals have nothing to hide, intelligence services have no business in the first place to have a peek. If the public espouses the groundless assumption that State organs are benevolent "( they will have a look only to find out whether there are probable grounds to form a reasonable suspicion"), then the achievements of several hundred years of struggle to have the constitutional guarantees against invasion into privacy and liberty will quickly evaporate. This is an opportune moment to review some of the basic points about the protection of privacy and freedom of individuals. First, if one should hold a view that security can override liberty, one is most likely to lose both liberty and security. Civilized societies have developed the rule of law as the least damaging and most practicable arrangement to strike a balance between security and liberty. Whether we wish to give up the rule of law in the name of security requires a thorough scrutiny and an informed decision of the body politic. It is not a decision which can secretly be made in a closed chamber. Second, protection of privacy has always depended on human being's compliance with the rules rather than technical guarantees or robustness of technical means. It is easy to tear apart an envelope and have a look inside. It was, and still is, the normative prohibition (and our compliance) which provided us with protection of privacy. The same applies to electronic communications. With sufficient resources, surreptitiously undermining technical means of protecting privacy (such as encryption) is certainly 'possible'. But that does not mean that it is permissible. Third, although the Internet is clearly not an 'anonymous' means of communication, many users have a 'false sense of anonymity' which make them more vulnerable to prying eyes. More effort should be made to educate the general public about the technical nature of the Internet and encourage them to adopt user behaviour which is mindful of the possibilities of unwanted surveillance. Fourth, the US and the UK intelligence services have demonstrated that an international cooperation is possible and worked well in running the mechanism of massive surveillance and infiltration into data which travels globally. If that is possible, it should equally be possible to put in place a global mechanism of judicial scrutiny over a global attempt at surveillance.
* AI 자동 식별 결과로 적합하지 않은 문장이 있을 수 있으니, 이용에 유의하시기 바랍니다.
성능/효과
1) 광케이블을 통한 정보 수집(Upstream collection): 미국의 국가안보국은 대량 데이터를 처리하는 광케이블망을 관리하는 업체들로부터 데이터를 확보하는 프로그램을 가동하고 있었다(Blarney, Fairview, Oakstar 그리고 Stormbrew 라는 코드네임으로 비밀리에 운영해 온 프로그램). 영국의 교신정보총국 역시 이와 유사한 대량정보 수집프로그램을 Tempora라는 코드네임으로 운영해 오고 있었다.
3) 암호화기술 무력화를 위한 활동: 미국과 영국의 정보기관은 막대한 예산을 투입하여 현재 광범하게 사용되는 암호화 알고리즘이나, 암호화 프로그램의 취약점을 공략하는 기술적 가능성을 연구, 개발하여 이미 일부 확보하고 있는 것으로 보인다. 암호화 기술의 허점을 연구하는 행위 자체는 전적으로 정당하고 바람직한 것이지만, 그 성과를 비밀에 붙이고 기존의 암호화 기술을 은밀하게 무력화하는 행위는 - 그 행위가 어떤 용도에 사용되는지 여부에 따라서 - 부도덕하고 파렴치한 것으로 평가될 수 있다.
질의응답
핵심어
질문
논문에서 추출한 답변
해외정보감시법이 도입된 계기는 무엇인가?
즉, 감시 대상이 될 당사자는 정보 수집이 자신에 대하여 이루어지는지 자체를 알 수도 없고, 모든 절차는 비밀리에 진행되며, 정보수집허가가 발부되었는지 여부조차도 비밀에 붙이도록 되어 있다. 이러한 내용의 법 개정은 9.11 테러 사건의 여파로 도입된 것이다.
인터넷이 익명성을 제공하는 교신 수단이 아닌 이유는?
인터넷의 기술적 기반을 이해하지 못하는 자들은 마치 인터넷이 '익명성'을 제공하는 교신 수단인 것처럼 전제하고 이런 저런 주장을 펴고 있지만, 웹서버나 메일서버의 로그파일을 한번이라도 들여다 본 적이 있는 사람이라면 인터넷은 교신 당사자의 행적을 이때까지의 어떠한 오프라인 교신 수단보다도 더 철저히 매순간 기록하고 있음을 쉽게 이해할 것이다. IP주소 역시, '익명성'을 보장하려는 것이 아니라, 해당 교신을 수행하는 node를 네트워크상에서 '특정'하기 위한 것이다.
사생활의 비밀이나 프라이버시는 어떻게 보호할 수 있는가?
기술적으로 가능하다고 해서, 규범적으로 그 행위를 해도 무방한 것은 아니다. 사생활의 비밀이나 프라이버시는 애초부터 기술적으로 방어되고 유지되어 왔던 것이 아니라, 규범적 금지를 준수함으로써 유지, 보호될 수 있었던 것이다.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.