By Poul-Henning Kamp
Communications of the ACM,
July 2022,
Vol. 65 No. 7, Pages 42-44
10.1145/3511661
Comments
Credit: Da_art / Shutterstock
During his keynote address, risk management specialist Dan Geer asked the 2014 Black Hat audience a question: “What if surveillance is too cheap to meter?”
As is the case with electricity from nuclear power, technology has little to do with it: This is a question about economy, specifically the economy of the path of least resistance.
Surveillance is ridiculously cheap for governments. Many have passed laws that obligate the surveillance industry—most notably, the mobile network operators—to share their take “at cost,” and we know law enforcement uses it a lot.
So why is so much cheap surveillance available for purchase?
Telephones work because telcos can route calls to and from them. The backbone and its routing tables are trivial compared with the airgap from the mobile base station to the wireless device, where there is no escape from knowing which phones are where. Because bandwidth is limited and everybody and their Internet of Things (IoT) gadget has a SIM card these days, the density of mobile base stations has increased, which has reduced the uncertainty of the position from tens of kilometers in the 1960s to tens of meters today.
In theory, a mobile network company could throw away that information the moment the mobile phone moved to a different location—and they do anything but.
First, collecting data is deep in telco DNA. If you try to convince them not to, Mr. Prosser answers, “It’s a call data record! You’ve got to collect call data records!” If you really press the networks, they will tell you old tales of people refusing to pay for long-distance calls being taken to court and shown the evidence. Never mind that today, nearly all contracts are fixed price and people complain only when they get hit with predatory charges from third parties, cruise-ship networks, in-game purchases, among others.
Second, the data can help diagnose trouble in the network for the first few days. This was quite important in earlier generations of mobile networks, but not so much now.
Third, it is truly interesting data. AT&T used to send out press releases about how many holiday calls they had handled each year; similarly, modern telcos often boast how many handsets have been at sports events and stadium concerts.
But, most importantly, it is cheap data. It pours out of the system whether you want it to or not, and disk space costs nothing.
To stop the surveillance, the mobile networks would have to get their equipment suppliers to make changes; they would
