Facebook Faces Big Brother Monitoring

Posted by DK

March 25, 2009

Millions of Britons who use social networking sites could be having their accounts “secretly” monitored in the near future.

Kelly was responding to a speech made by Home Office security minister Vernon Coaker on 18 March at a meeting of the House of Commons Fourth Delegated Legislation Committee. Coaker said the EU Data Retention Directive, which requires internet service providers to retain traffic data for at least 12 months, did not go far enough, as the directive did not apply to social-networking providers.

Coaker said the government was considering retaining traffic data for all instant messaging and communications on social-networking sites, including Facebook, MySpace, and Bebo, as part of its Intercept Modernisation Programme (IMP). - ZDnet

Many governments employ whats known as “deep packet inspection” to monitor and record data. There is obviously way to much data to sift through manually, so an automated application is logically built around this to look for key phrases, words, names etc. Once detected, it is likely they will investigate the account manually and in much more detail.

The government already has permission to monitor and record traffic for suspects of criminality, this new law would permit monitoring and recording of any Joe Soap’s data.

Facebook and others are concerned of the business and privacy implications this may cause. On the one hand, allowing the government to “snoop” on our instant messaging and social networking traffic may help them prevent future crimes, however, on the other hand many people may stop using these services due to privacy concerns.

Can the old adage, “I’ve got nothing to hide”, apply here? Others argue this mentality equates to “I don’t care what happens, so long as it doesn’t happen to me”.

Privacy is older then civilisation itself, yet the subject continues to evolve with new applications, making each situation a fascinating case study.

I guess the proof is in the eating, but ff the “bad” guys have ever used Instant Messaging (i.e. MSN) or a social network to plan and recruit, would this new government action stop them or get them caught?

How difficult is it to throw off the “deep inspection” scent:

Ghost entries – if they are looking for keys then give it to them by creating millions of fake entries. Yes, there is a real message in there somewhere, good luck finding it though;
The MySpace Samy worm taught us that Web 2.0 worms can spread faster then other network based worm in history. Exploiting these flaws could mean having honest, legitimate people sending messages on the “bad guys” behalf, complicating data mining further;
Using peer to peer encryption systems which are readily available, although, it would be difficult to read the contents of the communication, the traffic itself may be suspicious;

The list is certainly not exhaustive and put together by myself in about 5 minutes. Who knows what someone could come up within 24 hrs or a year.

So will this government action help at stopping the “bad guys”? I think it could help if implemented correctly, however, as security evolves so do the attackers techniques. At the end of the day, does implementing this law outweigh the privacy onslaught and the risk to Internet development and businesses?