Why Internet surveillance will never work

Few tech subjects get as much attention from governments as content filtering and data collection. All over the world, it seems, governments want to make sure that they know what the general public is doing on the Internet, and they want to keep that information to themselves for their own purposes. Turn on the news, and you’re almost guaranteed to learn about some new government scheme to clamp down on the Internet.

We read about how the IRS believes it has the right to read your email. We discover huge data mining operations in place in the United States with the purpose of collecting as much data as possible from Internet traffic. We hear about how legislators want to protect us from ourselves by banning pornography from the Internet or public Internet connections. We see horrible ideas like CISPA pop up like a Hydra, even though few legislators are really aware of what they’re voting for.

[ Cash in on your IT stories! Send your IT tales to offtherecord@infoworld.com. If we publish it, we’ll keep you anonymous and send you a $50 American Express gift cheque. | Get the latest practical data center advice and info in Matt Prigge’s Information Overload blog and InfoWorld’s Data Center newsletter. ]

The focus, the means, and the impetus vary wildly, from “child-safe” filtering at the ISP level on a broadband connection to the great firewall of China. Where once upon a time we were overjoyed to transmit any and all data around the globe reliably, now we’re seemingly in a rush to hobble those data paths under the guise of protection. (NB: Protection for and from whom varies by country, YMMV.)

In and of itself, filtering isn’t a terrible idea. Providing a means to limit access of certain adult content by children is a worthy ideal, and there are ways to provide that protection that do not require massive deep packet inspection installations at NOCs around the globe. I’m not going to Godwin my own column, but let’s just say there’s an interesting quote about just this situation from a certain mid-20th century madman.

The raw, blatant fact of the matter is that NOC and government-level content filters do not and cannot work reliably or sustainably without curtailing the use of the Internet to a trickle. The methods of evading content filters and data collection are many and diverse, from Tor to VPNs, darknets, and the Deep Web. The inevitable result of such filters is that anyone intent on evading them will find it exceedingly simple, while the overwhelming majority of Internet users will have unwittingly allowed their information to be retained by any number of sniffers along the way.

To put it as simply as possible, those who need to evade a content filter or data collector will do so successfully. Legislation like CISPA does nothing more than impede normal, legal information sharing, and allows for unprecedented violation of privacy. As a very minor example, think about the fact that language that would prevent an employer from requiring you to divulge your email and social media passwords was struck from the bill.

To be clear, I’m not talking about private or enterprise networks here. If a company owns the network and the Internet connection, it can block or hamper attempts to evade acceptable use of those resources through a variety of means, both proactive and reactive. Do not under any circumstances think that your use of Tor on a company network will go unnoticed. I am, however, talking about government monitoring of private broadband connections, filtering and inspecting the data at higher levels, and sharing information with private companies in order to combat “cyber security threats.”

If you do not want the IRS to read your personal email, there are ways to ensure that can’t happen. If you want to evade a content filter placed on a public network, such as public Wi-Fi or 3G or LTE network, that’s just as simple, once you know how. This is how the tech works. Throwing laws at this perceived problem ultimately helps increase the odds that a bad actor will be able to communicate without interference or appraisal.

At no time in history was it possible to maintain constant surveillance on an entire population. Many authorities believe this opportunity now exists, but they are incorrect. It may now be easier to keep tabs on the mundane and inconsequential at the expense of the right to privacy, but by doing so, it becomes much harder to gain visibility into criminal communications. By trying to track everything, government will effectively limit its information gathering to that of law-abiding citizens and unskilled criminals. The smart ones, the ones that truly bear watching, will be nowhere to be found because they’ve long since evaded such measures.

Unfortunately, there are those who believe that this is a surmountable problem, and their answer is further, harsher restrictions on Internet traffic. The only effect this will have is to further burden an otherwise open network with blockades and further reduce its usability to share information globally or even regionally.

If we continue to see a pattern of governmental espionage (legal or otherwise) and content control exerted over the Internet, we run the very real risk of the past twenty years looked at as an aberration, a time when somehow, ideas and communication between people throughout the world was free and open. It will be a world essentially bookended by AOL-style cages, and as a race, we have nothing to gain by being placed in that box.

This story, “Why Internet surveillance will never work,” was originally published at InfoWorld.com. Read more of Paul Venezia’s The Deep End blog at InfoWorld.com. For the latest business technology news, follow InfoWorld.com on Twitter.