How traffic shaping can be used to evade oversight for Internet surveillance

02 Dec
Friday, 12/02/2016 12:00pm to 2:00pm
Computer Science Building, Room 150/151
CSSI Lunch
Speaker: Sharon Goldberg

Lunch will be provided, beginning at 12:00 pm
Talk begins at 12:30 pm

Abstract: The talk considers that possibility that the protections for Americans built into in U.S. surveillance law can be circumvented by exploiting the Internet's protocols.

We start with a look at the Foreign Intelligence Surveillance Act (FISA), which roughly regulates surveillance on US soil. We then describe Executive Order (EO) 12333, which roughly regulates surveillance abroad. Surveillance under EO 12333 is subject to fewer legal restraints than surveillance under FISA. We therefore consider the possibility that FISA can be circumvented by collecting traffic abroad under EO 12333.

First, we discuss why U.S. persons Internet traffic might *naturally* flow abroad, where it can be swept up as part of bulk surveillance programs under EO 12333.

Second, we discuss the possibility that Internet technologies can be exploited to*deliberately* redirect traffic from inside the US to abroad. The NSA uses the term *traffic shaping* to describe the redirection of traffic for any purpose. Can traffic shaping lawfully be used to redirect Internet traffic from inside the U.S. onto foreign soil so that it can be collected under EO 12333? Given the classified nature of many surveillance programs and surveillance laws, it is impossible to know exactly what the intelligence community is doing with its traffic shaping capabilities. However, we present a possible interpretation of the law that suggests that traffic shaping might be regulated entirely by the permissive EO 12333 regime.

We conclude by with an argument in a favor of more robust legal protections for Internet traffic collected on foreign soil.

Bio:  Sharon Goldberg is an associate professor in the Computer Science Department at Boston University, and a member of the BU Security Group. She uses tools from theory (cryptography, game-theory, algorithms) and networking (measurement, modeling, and simulation) to understand the hurdles practitioners face when deploying new security technologies, and to develop solutions that surmount them.

Faculty Host: Phillipa Gill

Co-sponsored by