Many Americans
are blaming new technology for aiding terrorism, writes Duncan Campbell
As United States forces converge on Afghanistan, Osama bin Laden’s satellite phone has not been cut off. But calls to his satphone relayed via an Inmarsat satellite 40 000km over the Indian Ocean are going unanswered.
His number 00873 682505331 was disclosed during the trial of his associates for bombing the US embassy in Kenya. Callers now hear a message stating he is “not logged on or not in the dialled ocean region”.
Bin Laden’s satphone was used frequently during the 1990s. National Security Agency (NSA) officials even played recordings of him talking to his mother to visitors at their headquarters, as a trophy of their prowess. After failing to warn of the September 11 attack, the agency has fallen silent.
According to US intelligence, the satphone has not been switched on all year. Experts believe Bin Laden was aware of US eavesdropping, which is simple to do. Even amateurs can tap Inmarsat using an antenna made of DIY parts and a scanner. He may, however, have been unaware that NSA “sigint” satellites, listening from space, could pinpoint his location when he was logged on.
Using this method, US intelligence believed in 1998 they had found him. In 1998 president Bill Clinton authorised a missile attack on a training camp in Afghanistan. By the time the missiles landed, Bin Laden had gone.
Having failed to forestall the worst attack of all, many Americans have taken to blaming new technology.
Congress will shortly debate a new Anti-Terrorism Act of 2001, which will further loosen controls on electronic surveillance. The NSA already operates a global communications surveillance system in conjunction with Britain’s GCHQ.
The potential use by terrorists of the Net and encryption have for years been a major target of intelligence agencies and politicians. They have demanded curbs on privacy and the banning of encryption. Throughout the 1990s the IT community was continually focused on whether security software that used encryption should also use “escrow”. Escrow requires keys allowing private messages to be decoded to be given to the government.
In 1999 the US government abandoned controls on the use of “strong encryption”. It was also forced, on commercial grounds, to abandon the demand that encryption be illegal unless escrowed.
In the US and Britain some advocates of escrow had seemed almost eager to see a major terrorist disaster using Internet encryption, to prove them right. Privacy campaigners countered that banning strong encryption would never prevent terrorism but would damage e-commerce.
Within hours of the carnage in the US, these arguments were back in the headlines. A day after the attack it was asserted that the Net and encryption was undoubtedly to blame, and must have been used to coordinate the attacks.
Seven months earlier a newspaper report had claimed that Bin Laden’s followers were operating a communications network based on encrypted messages concealed inside pornographic pictures. This technique, steganography, hides a coded message inside a picture or music file by making numerous small changes to data. The changes are invisible to ordinary viewers or listeners but can be read by special software.
The report alleged that his group had relayed the “encrypted blueprints of the next terrorist attack against the US”, including maps of targets, inside “X-rated pictures on several pornographic websites”. However, such allegations have so far proven unfounded.
Last month’s attacks have provided the first, tragic test of who was right about the Net, encryption and terrorism. The answers, so far as they are known, were given last month by the FBI. Assistant director Ron Dick, head of the US National Infrastructure Protection Centre, said the hijackers had used the Net, and “used it well”.
FBI investigators had been able to locate hundreds of e-mail communications, sent 30 to 45 days before the attack. Records had been obtained from Internet service providers (ISPs) and from public libraries. The messages, in both English and Arabic, were sent within the US and internationally. They had been sent from personal computers or from public sites. They used a variety of ISPs, including accounts on Hotmail.
According to the FBI the conspirators had not used encryption or concealment methods. Once found, the e-mails could be openly read.
Dr Brian Gladman, formerly responsible for electronic security at the British Ministry of Defence and Nato, believes the reason the terrorists didn’t use encrypted e-mail is that it would have “stood out like a sore thumb” to NSA’s surveillance network, enabling them to focus on who they were. There is also evidence that, when communicating, the terrorists used simple open codes to conceal who and what they were talking about. This low-tech method works. Unless given leads about who to watch, even the vast Echelon network run by NSA and GCHQ cannot separate such messages from innocuous traffic.
NSA’s problem, says Gladman, is that “the volume of communications is killing them. They just can’t keep up. It’s not about encryption.”
NSA has been attempting to keep up with the Internet by building huge online storage systems to hold and sift e-mail. The first such system, designed in 1996 and delivered last year, is known as Sombrero VI. It holds a petabyte of information. A petabyte is a million gigabytes, and is roughly equivalent to eight times the information in the Library of Congress. NSA is now implementing a Petaplex system, at least 20 times larger. It is designed to hold Internet records for up to 90 days.
Gladman and other experts believe that, unless primed by intelligence from traditional agents, these massive spy libraries are doomed to fail. The problem with NSA’s purely technological approach is that it cannot know what it is looking for. While computers can search for patterns, the problem of correlating different pieces of information rises exponentially as ever more communications are intercepted. In short, NSA’s mighty technology apparatus can easily be rendered blind, as happened here, if it has nothing to start from.
The new legal plans may therefore do more harm than good. According to Cambridge computer security specialist Dr Ian Miller, bringing back escrow “will damage our security in other ways, and divert an enormous amount of effort that would far better be spent elsewhere. It won’t inconvenience competent terrorists in the least.”