Is "Lessig's worm" comparable to internet backbone taps?
(originally posted 22.01.2016 on Google+)


This blog post is a result of a discussion on Twitter[1], where I argued that internet backbone cable taps are reasonable and constitutional. Then I was asked whether allowing internet cable taps wouldn't be the same as allowing "Lessig's worm".

In short, my answer is: "Lessig's worm" is not comparable to internet taps, but even if it was, and if the worm would be feasible, it would be clearly unconstitutional, while internet taps are not.

Short introduction: The internet is a "packet switched" network, in which a single cable carries packets of numerous of different and independant communications. This means that when a law enforcement or intelligence agency taps a cable in order to extract specific communications, they necessarily need to “search” all data carried in the cable.
"Lessig's worm"[2] is a hypothetical analogy from Lawrence Lessig, a worm that propagates from computer to computer, touches nothing, and only reports back if it finds some specific illegal content.

And here the argumentation of some is: If you declare cable taps constitutional, then the worm should be too, because both perform basically the same: Search everything, but "only" collect very specific content, leaving everything else untouched.

But this comparison is misleading, for several reasons.

First, and this is something I criticize quite often about the argumentation of internet activists, it compares something that is real, and that actually works (like internet taps), with hypothetical and absurd "analogies". "Lessig's worm" simply would not work in the real world. The worm would be detected, considered as malware, and every antivirus protection would immediately remove it.

And this leads to the first serious flaw in Lessig's argumentation: The worm would not be invisible. It would be detected plenty of times, it would be traced back to the government, and consequently destroy the trust in the government. The worm would simply be no option in a democratic society, while cable taps are. Cable taps are really invisible, they -- if performed in a reasonable, limited, rule-based manner -- don't spread fears, they don't destroy trust in democratic authorities.

Another difference is that cable taps are dumb. They have no hidden intelligence. There are just simple selectors like email- or IP-addresses, and everything that matches to them is extracted. The worm however had to be very sophisticated, to be able to propagate from computer to computer, and to search in different kind of computers, with different operating systems and different storages. The worm had some human-like intelligence. You cannot compare it to a cable tap.

The next big difference is the location of the search. The cable tap is performed in the network, in the internet. From the very beginning, the internet was considered as a public medium, where per default everything is transmitted in cleartext, and where it is relatively easy to forge or alter communications. This is why it was always the recommendation to encrypt every private or sensitive communication over the internet (and BTW, if you do so, cable taps are pretty much worthless for eavesdroppers). The worm however would search in computers, a place everybody expects to be private. So again, absolutely not comparable.

Another important difference is that cable taps are targeted surveillance, while the worm would be indiscriminate. Even if you stress the fact that under cable taps everything must be searched, you nevertheless know in advance your target. You have his email- or IP-address, and you extract only what matches to it. The worm however is not targeted, it would look for content, and then reveal the person who owns the content. This would be classical, indiscriminate mass surveillance. (As a side note, of course cable taps pretty much depend on what kind of selectors are used; my argumentation relies on "strong selectors" like email- or IP-addresses, which can be associated quite reliably to real people or targets; if "soft selectors" like "bomb" or so are used, it would be a completely other discussion ...).

Another point is appropriateness. Cable taps are appropriate, and be it only because there are no other options. If there is a suspect, and the government decides it has to monitor his electronic communications (be it for law enforcement or intelligence reasons), cable taps are the only option. If you argue you cannot do this, because while doing it the communications of uninvolved people need to be touched too, then this would consequently mean that electronic surveillance of internet communications would be completely impossible. That cannot be the answer of democratic countries to the internet age (as a side note, here is some difference between law enforcement, which is almost always domestic, and where the authorities can almost always investigate the "last mile" line of suspects, and thus it is almost always possible to monitor without tapping backbone cables; so my argumentation applies here mostly to intelligence, where the targets are almost always abroad). The worm on the other side would not be appropriate, because the government has an obvious option: First look for a suspect, a target.

As a final remark, the German constitutional court ("Bundesverfassungsgericht") already decided 1999 about internet backbone taps[3]. It said they are constitutional because they are necessary for technical reasons, and the data of uninvolved people is only stored for a very limited time, without being really searched.

[1] https://twitter.com/Ethan_Heilman/status/690223947661598722 
[2] http://www.nehrlich.com/book/codelessig.html 
[3] http://www.bundesverfassungsgericht.de/SharedDocs/Entscheidungen/DE/1999/07/rs19990714_1bvr222694.html