For a "Techie" ... The Operational Case for Bulk Power is a Bit of a Difficult Read - Where Did "E" go?

I'm a pure technologist, and cannot properly judge on political issues related to surveillance on the Internet. I "can" add a critical appraisal on the technical nature of the Use Case for Bulk Powers [here], and it struggles, in places, with many generalisations and an over simplification of the problem.

As an academic, too, I review many research papers, and provide feedback on them. Unfortunately the "Operational Case for Bulk Powers" is one of the most difficult documents I have read for a while, as it distills out any complexity and provides an over simplification of the topic. It also feels a little dated in its scope, and presents an Internet of the past.

The superficial coverage of the technical use case is perhaps highlighted by a quick search of keys words:

• Proxy  - zero
• Tunnel - zero
• VPN - zero
• NAT - zero.

These four things are the core of the problems that investigators face, and there is no mention of how the challenge of proxies, tunnels and VPN access will be addressed in the bill.

Back to the Future

A glaring one seems to come straight out a textbox from the 1990s in the explanation of how the internet communications works (please note the difference between "The Internet" - the global communications network which has routable IP addresses - and "the internet" - a localised network):

This model of internet communications is almost laughable in terms of current practice, and I'd love to see the Internet working where it splits "QWERTY" into two: "QTY" and "WER" and then into "WR" (where did "E"?) go ... it is one of the most amusing diagrams I seen for a while on how the Internet works. I really could not imagine the Internet working like this, and you kinda lose a bit of faith in the rest of the document as it is so far short of actual practice.

What we see here is IP fragmentation, where you split packets into two packets, which can take different routes:

This never happens these days. IP fragmentation is a complete non-starter. While TCP segementation is possible,  the packets carrying the TCP segments are highly unlikely to take different routes. The diagram above comes from 20th Century textbooks, and not from the latest ones on routing and segmentation.

While I agree that the IP protocol allowed for packets to take different routes, it doesn't happen now. The IP and TCP were designed in the days when we had unreliable routes, and where the routes could change over time, and where our data can take different routes. Our Internet is now robust, and there's no need for packets to take different routes, so all our packets go the same way, and there's no control on the route that they take. I just couldn't imagine the complexity of the Internet it each packet took its own way through the network, and where there were multiple routes to a destination.

We can, of course, tunnel though parts of it, but our packets still go the same way. My great worry is this statement:

It is split into lots of components (‘packets’) which transit different routes and are re-assembled at the destination

I may be missing something, the transmitting over different routes just doesn't happen. This is perhaps a model of how the first Internet was created, where there were different routes, but it just doesn't happen. IP and TCP were created as generic protocols, and in isolation to routing protocols, but these routing protocols now take over determining the route, and I can't think of any network where our data would take different routes to the destination. The complexity of this would be mind-blowing.

Then:

in response -for example, the webpage a terrorist or serious criminal wants to view - may travel via an entirely different set of routes.

I really have no idea which protocol is used here, as the route that you take to access a Web page is the same as the route that the packets will take to go back. There are a thing called routing tables, and these are often unchanging, and only change when there's a disruption in routes, or where there are improved routes to take.

For example, if your were at home in Manchester and accessed a site in the US, the route that your packets take will go through your ISP, onto  a gateway in London, across a high bandwidth pipe to the US, and onwards to its destination.

Only if someone had control of the routing tables of the main Internet connections could someone modify the route that their packets are going. The notion of packets coming back from a Web page response taking a different route just is a non-starter as a technological method.

The hint of what is really required is then highlighted in the next paragraph:

To intercept the communications of known targets overseas, the security and intelligence agencies therefore have to intercept communications in bulk in order to increase their chances of obtaining target communications. This will still require them to piece multiple fragments of communications together, meaning the intelligence will still yield an incomplete picture of a suspect’s communications.

which is not quite piecing together network packets, but piecing together of the fragments of communications that relate to them. For an investigator it is piecing together communication services from many sources: email, Web, and so on.

The Deep Web

The use case paper is quite simple from a technical point of view, and sees the world defined into three main groups: The Internet; The Deep Web; and the Dark Web. This is one of the most simplistic diagrams I have ever seen:

From many angles this is such as simplistic viewpoint, and binds a whole lots of things together, including binding Web services - just one application of the Internet - with communications protocols.

As an academic the concept of the "Deep Web" is quite challenging, and it's difficult to actually get over the basic concept of it. There's one definition that says it is basically the bits of the Web which are not available through search engines. The complexity of this definition, as there is a feeling that the term mixes "The Internet" (an IP network) with the Web (one of the services on the network). So it is extremely difficult to properly define what the Deep Web is, as the Web is only one protocol used on the Internet (HTTP), there are a whole lot of other protocols used: routing protocols (RIP, IGMP, etc), email (POP, IMAP, etc), file transfer (FTP), remote access (Telnet), and lots more.

The use case then focuses on the Dark Web, and seems to forget that the majority (around 99%) of communications will be encrypted in the future, which means that the part that can be viewed with bulk extract will just be 1%.

I just love the magic wand that the bill gives to investigators. In the narrative around the challenges of the Tor network, all the troubles of cracking Tor traffic are taken away with:

The use of bulk data is among the few effective methods available to counter the illicit use of the dark web.

The word "effective" needs to be fully investigated here, as the only current effective method is to place a back door on the host, or to estimate accesses from the profile of the network traffic.

Encryption by default

While the usage of encrypted tunnels increases by the day, and are a major challenge for investigators, the usage of encryption on IT products is probably a long way off:

Encryption provides a means of making sure communications cannot be read by anyone other than the sender or intended recipient. It is now cheap and almost ubiquitous; strong encryption is typically a default setting in most IT products and on-line services, often without the user ever being aware

This is a fairly sweeping statement on IT products. While many will secure their communications with an encrypted tunnel, the overall state of the usage of encryption is extremely patchy, and there isn't a great deal of evidence to show that IT companies are actually using encryption for their products.

Conclusions

I'm a technologist, and I really worry that politicians don't quite understand the challenges that investigators face. The Internet we have is not the one that we used in the 1990s. If I were to see a diagram of packets taking different routes in an undergraduate dissertation, I would put a red line through it, and mark it down for being out-of-date.