What we mean by electronic communications interference is the malicious intervention by a third party in the integrity of communications between two persons undertaken by electronic means. There are two types of electronic communications interference, at least in principle, but in practice they are often mixed together. One is interference with the apparent identity of either the sender or the recipient. Examples include emails or instant messages appearing to come from a certain individuals but in fact they have not originated with that person at all. Another example is the blockage of emails or instant messages such that a sender imagines that his/her message has been sent and delivered to the intended recipient but in fact it has not been. It may not have been delivered to anyone; or it may have been delivered to someone other than the intended recipient.
The second form of electronic communications interference is interference with content of an electronic communication. This may take place by way of rewriting the text of the communication; or adding attachments; or removing them; or replacing them; or it may come in the form of interference with the drafting of such a communication in a malicious way, such as for example suggesting malicious changes in the course of drafting that are intended to cause the draftsperson damage. This stands in contrast to what we have previously called “suggestivism”, which is a presumptively benign form of electronic communications interference in which the suggesting party tries to make suggestions to the receiving party about better ways of drafting documentation or communications. This may take place by way of artificial intelligence algorithms (many computers and mobile telephones have predictive text functions); or those algorithms may be adapted for the purpose of manual or semi-manual suggestions intended to convey helpful or useful messages.
Amidst all the discussions of supposedly infallible encryption, that we have dismissed as fantasy, it is often imagined that the forms of electronic communication that we take for granted in our everyday lives, including electronic instant messages and email, are in some fundamental sense secure when in fact this is not so. Consider the following methods by which the supposed security of an electronic communication may be compromised.
At its most simple, a password to an email account can be obtained illicitly by another private person. There are various ways of doing this. One of the most common is a so-called keystroke logger, which is a piece of software that records every stroke of the key that a person takes on their laptop or mobile telephone and sends all of those keystrokes by electronic means from the victim’s electronic device to the recipient’s electronic device. From the log of keystrokes, the attacker can then decipher the user’s password to his email account and then log in remotely and start sending and receiving emails in his name. The attacker may also even set up auto-forwards, so that even if the victim changes the password to the account the attacker may still receive the emails. There are many variants on this idea, and pieces of software that will allow an attacker to clone an email account of another person virtually imperceptibly.
Another way of illicitly obtaining a user’s password is called “phishing”. This is a technique of sending a person an email or other communication that invites them to log into the account in question but in fact the interface which invites a person to log into their account is fictitious or fraudulent. For example, one might receive an email that suggests that one’s account details may have been compromised and that one should click on a certain link and enter one’s email address and password on a website that looks the same as the usual internet portal for the email address in question. In this way the malicious third party has obtained access to the password to a relevant account.
Some email service providers have introduced so-called “two-step verification” as a means of trying to mitigate the risks involved in phishing attempts. In other words, a separate code or question is required, often an SMS sent to a mobile telephone or a confirmation sent to a separate mobile telephone application. The problem with this is that it is clunky and people can often lose mobile telephone numbers or change them. Nevertheless it adds an element of protection if imperfect.
However the third form of electronic communications interference is potentially the most insidious, in which government or private software is installed on one’s electronic device to record one’s location, personal data, access electronic communications and interfere with them, record telephone conversations and use the device to record and transmit sounds and video scenes. Mobile telephone cameras or cameras on computers can be turned on without the camera light being illuminated. You may imagine that your mobile telephone has been turned off but it can be turned on again without your knowing and used to record. Data collected through electronic communications interference of this kind can be conveyed through different types of internet connection, or the data can be stored until internet becomes available and then the stored data will be transmitted.
Information collated from different mobile telephones can be cross-referenced from CCTV footage which is typically not encrypted and CCTV footage is conveyed by the internet and can be intercepted. Therefore different sources of data about an individual can be cross-referenced. This is what makes it so difficult to go “off grid”. Modern CCTV has improved to a level at which retinal scans can be captured as can facial shapes, so that people may be identified even without cross-referencing with their mobile telephones. CCTV can also read books, magazines, handwriting and mobile ‘phones. However mobile telephone interference is the principal means of surveillance available to governments in the modern era. So unless you can live without a mobile telephone (and very few us are able to for any period), you have to reconcile yourself at least to the possibility of constant surveillance.
Underlying all these matters is that so-called “end to end encryption” has to have two ends; and it is at these two ends that the frailties lie. At some point the encrypted information must be dis-encrypted, and the device in which this is done can be the subject of interference. The power of contemporary mobile telephones and computers is such that it is very hard for anyone to be able to prevent this, or even to know that it is happening. Modern mobile telephones are used to running dozens of applications simultaneously, and another one that records and interferes with data running in the background is barely likely to be noticed. Moreover if friendly governments can do this kind of thing, so can unfriendly ones. The software required to undertake this kind of thing is now available for sale under the name “Pegasus”, and that represents just one form of the ever-increasing sophisticated with which electronic communications interference takes place. This is the brave new world in which we live.
Kommentarer