Lecture 23: Network surveillance and censorship

In today’s lecture, we’ll discuss two threats to the Internet that have emerged over the last few years: network surveillance and network censorship. Network surveillance is the act of monitoring a user’s network activity (e.g., who the user is talking to, what the user is talking about, and when the user is talking). Network surveillance is typically done in secret so that the user being monitored does not alter their behavior because they know someone is watching them. Network censorship is the act of preventing network access to certain kinds of content (e.g., specific web sites, specific Google searches, or specific Wikipedia pages) to users. Network surveillance is passive and doesn’t involve modifications to the user’s network experience. On the other hand, network censorship is active, and the censor modifies the user’s experience in some way. For example, when accessing specific web pages, the user is redirected to another web page that informs them that they are not permitted to access that web page. Or the censor could drop the user’s packets, causing a decrease in TCP’s congestion window, and hence degraded performance. The reason we are studying these two together is that the adversary in both cases is most commonly an entire country that wants to monitor its citizens’ activity or censor their Internet access. We should note here that this lecture uses the term adversary in the computer security sense. The term adversary denotes an opponent that is seeking to monitor/censor a user’s traffic despite the user’s best efforts. Notably, this lecture does not use the term adversary in a moral or ethical sense and does not take a position on the morality of the issue. There might be legitimate reasons for both surveillance and censorship such as identifying national security threats or preventing access to objectionable content. On the other hand, surveillance and censorship may violate a user’s civic liberties, e.g., unauthorized monitoring of a user’s activity or preventing access to content on the Web that espouses idealogies that run counter to the idealogies of the ruling party. An example of country-wide surveillance is the surveillance conducted by the United States’ National Security Agency (NSA), as revealed by the Edward Snowden leaks in 2013. The Snowden leaks also revealed the participation of intelligence agencies from Australia, Germany, and the United Kingdom in these surveillance programs. An example of country-wide censorship is the Great Firewall of China (GFW), which blocks access to many different web sites from China. Similar censorship programs are operated by several countries in the middle east. When an entire country is the adversary, network security properties are much harder to achieve. In this case, the relevant security properties are the ability to circumvent censorship and the ability to access the Internet unmonitored. In fact, there is very little anyone can do in this situation because the adversary (the country) is much more resource-rich (in terms of money, computation power, legal provisions such as court subpoenas, etc.) relative to the average user of the Internet in any of these countries. In the reminder of this lecture, we’ll go over a few ways in which access to almost infinite resources allows such an adversary to monitor or censor as much as they wish.