The NSA's massive dragnet could be ripped apart by tools that make it impossible to know what you are doing on your computer

THE US National Security Agency’s internet surveillance apparatus is big. It collects 1.6 per cent of all internet traffic – that’s some 29 petabytes of data every day, or a bit more than the experiments at the Large Hadron Collider produce in a year. The agency spends billions of dollars annually on collecting and analysing this information. And until Edward Snowden outed it, the NSA was very good at keeping all this secret.

But the dragnet may be about to come crashing to a halt. A rising tide of frustration with NSA policies has led technologists to build tools to hide internet traffic in plain sight. If implemented widely, they could send government spy programmes packing, along with anyone who seeks to filter or censor information online.

Brandon Wiley at the University of Texas at Austin has built one of these tools. His system, called Dust, detects what types of traffic are being blocked or filtered – say, anything containing the “http” used when a user surfs the web. Dust then generates a new protocol to make all the traffic passing though it appear the same.

The effect on surveillance and censorship could be profound. It would leave watchers unable to tell the difference between protocols – like those used for email and web browsing, or streaming video. “For surveillance, the goal is to classify and then log,” Wiley says. “The purpose of Dust is to defeat classification.”


For surveillance, the goal is to classify and then log. The purpose of Dust is to defeat classification

Wiley plans to crowdfund an RSS reader including Dust through the Kickstarter website. This should let people anywhere read news feeds without censorship or monitoring. A later version could be made available as a browser plug-in to disguise what websites are being visited.

Those who build and maintain the internet’s architecture are increasingly speaking out against government surveillance. At a meeting of the Internet Engineering Task Force (IETF) in Vancouver, Canada, earlier this month, the group’s members called for the internet to be made secure. “What’s been going on is essentially a technical attack on the internet,” says IETF member Stephen Farrell.

Another tool designed to thwart this attack and obfuscate traffic is ScrambleSuit from Philipp Winter of Karlstad University in Sweden. And FTE, developed by Kevin Dyer of Portland State University in Oregon, has already been used to get traffic past the great firewall of China, which restricts access to many websites for those in that country.

Other tools, like the Tor anonymising client, can get around web censorship, but they usually need to bounce traffic to third-party servers. The downside of this is that those servers could potentially be run by people looking to capture or block anonymised traffic streams.

However, none of these systems works for email, and the NSA is fond of collecting data like the “to”, “from” and “subject” fields in messages (see diagram). If this email metadata is encrypted, a server that routes messages can’t tell where to send them. Tools for sending emails securely exist, but most are cumbersome and hard to implement.

Technology can only go so far, says Farrell. To shut down government surveillance programmes, society – not software – must apply the pressure. “I think our understanding of privacy will evolve over the coming decades,” says Farrell. “It will evolve to a new steady state where either we’ll accept the monitoring, or we will end it.”

This article appeared in print under the headline “Stopping the spooks”