David Le Page South African law enforcement agencies are increasing their capacity for electronic monitoring of Internet communications, in large part to curtail the transmission of child pornography. The Scorpions said this week that they are in constant contact with the FBI over technical methods for monitoring and intercepting electronic communications. They are also working with the directorate of sexual offences in the National Directorate of Public Prosecutions and plan to have personnel trained in the specialised use of computers for crime prevention. According to advocate Thoko Majokweni, the directorate met with various parties, including the Publications Board and representatives of the Internet industry, in May, when methods of curtailing the spread of child pornography were discussed. The Publication Board’s Iyavar Chetty was quoted at the weekend as saying: “We want [Internet service providers] to accept [legal] responsibility for the information passing through their systems.” In the views of some, that is like asking Telkom to accept legal responsibility for everything that is said over the phone, or blaming the Post Office for forwarding child pornography on CD-ROM. Majokweni does not agree with Chetty, saying it is enough that Internet Service Providers (ISPs) demonstrate their commitment to helping combat the problem.
But the monitoring capabilities of police, the Scorpions and the National Intelligence Agency remain far behind those of other countries. The FBI aroused controversy in the United States two weeks ago with the revelation of a system called Carnivore, essentially a small search engine which is physically installed in an ISP to monitor all the traffic passing through it. What concerns privacy groups in the US is that such systems have to examine all data traffic to catch just a few communications. Depending on how such systems are set up, they’re as likely to capture the e- mail of welfare groups discussing “kiddie porn” as they are the communications of a paedophile they have a warrant to intercept. A classic wire tap on the phone line of a suspect will only intercept those Internet communications made from that one phone number. Dial-ups from other numbers to the ISP, or through cellphones, would escape examination.
Outrage has greeted the introduction in the United Kingdom of legislation to allow interception and monitoring of Internet communications. The Regulation of Investigatory Powers Bill (RIP), approved last week by the House of Lords, essentially demands that most UK ISPs will have to install “black boxes” similar to Carnivore, which can permanently be monitored by a mass surveillance facility run by MI5. An extremely repressive piece of legislation, it has been criticised for placing the burden of proof on the innocent, requiring you to prove – somehow – that you have forgotten passwords used for encrypting messages, and making it a criminal offence just revealing that you have been asked to give up such keys. Even without a warrant, authorities will be able to see who’s e-mailing whom and who surfs which websites. There are concerns that RIP will drive the UK’s burgeoning Internet industry – the biggest in Europe – into other countries. Most critically, it leaves ample loopholes for technically competent criminals who can use encryption techniques or smaller ISPs without black boxes to evade interception.
Recommendations made by the South African Law Commission in 1998 imply that telecommunications service providers will be required to install, at their own cost, equipment for the monitoring of any electronic communications. It remains to be seen exactly how these recommendations will be implemented. Until now, ISP cooperation with police has gone little further than supplying logs of when particular users are online. The details in records of individual usage vary from ISP to ISP.
A staff member of the South African Internet Service Provider’s Association says that the association has an extremely good relationship with law enforcement, and has provided Internet training to police. Majokweni says that in each province two police officers and two prosecutors are receiving specific computer-related training.
Of course, it is always possible for a skilled hacker – who may be employed by the state – to intercept e-mail and other communications. If your ISP provides access to your e-mail via the Internet, it may be as simple as guessing your e-mail account password – and studies show 80% of people choose easily guessable passwords. Computerised bugs called packet sniffers can be installed on network cabling to relay data to a third party. A colleague in a target’s office, or sharing the network, could be bribed to run such software on his or her PC to intercept other users’ communications. It is almost certain that most people’s e-mail has already been monitored by the international electronic eavesdropping system called Echelon, run by the intelligence agencies of the US, UK, Canada and others. This shadowy entity, only recently accepted by intelligence experts as actually existing, has massive capabilities for intercepting communications such as datastreams from satellites. Echelon listening stations around the world use the “Dictionary”: a massive search engine which looks for certain words or phrases. According to Duncan Campbell, author of a report to the European Union Parliament, “for every million communications intercepted, only one might result in action by an intelligence agency. Only one in a thousand would ever be seen by human eyes.” This statistic is of little comfort to those who consider their privacy inviolable.