Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
That's the stark warning given by a short, clear, and very persuasive paper signed by 20 academic and private sector security experts, including big hitters like BT's Bruce Schneier and EECS Berkeley's David Wagner.
"CALEA II: Risks of Wiretap Modifications to Endpoints" is a quick and relatively easy read. Recommended too, if only to confirm the government's shallow grasp of how the Internet actually works -- allegedly, anyway, because the precise details of the legislative overhaul remain speculative.
Here's the core point: The government is expected to mandate either centralized wiretap access to the Internet communications that continue to elude the FBI's grasp, or access at user endpoints. The former alternative being too onerous and costly to contemplate, the latter is more likely.
The background, as regular readers will recall, is the FBI's concern that surveillance is "going dark," as terrorists and other miscreants peskily abandon landlines, short-wave radios, and walkie-talkies as their preferred means of communication.
Back in 1994, the original Communications Assistance for Law Enforcement Act (CALEA) allowed federal authorities to eavesdrop on suspects by having telecommunications companies tap into conversations from centralized nodes on their networks. Now that communications increasingly involve multiple service providers and multiple access points, this is no longer a practicable option.
While it's possible in theory to extend the centralized wiretapping model to some VoIP services that still channel communications through a single access point, this would miss much of the traffic of interest -- and in any case, the communications might well be encrypted.
The preferred solution might be mandating vendors to modify end-user software to permit wiretap access. Here's where the serried ranks of security experts sound the alarm:
First, an effective modification would -- indeed must -- conceal interception incidents from all parties to the communication. It follows that any bad agents capable of exploiting the breach will also be able to do so without detection.
Second, if the network provider's cooperation is no longer needed, wiretap access will simply be unmediated, as far as we know, for multiple government agencies and their employees. Judicial oversight? That's another story.
Third, once the access software is in the wild, why shouldn't just anyone have access, too -- also unmediated and undetected?
But the punchline features just the kind of techie twist the White House and Congress is capable of completely overlooking. With the increasing popularity of open-source software systems, including browsers, there's nothing to stop developers creating "forks" of the software without the backdoor monitoring capability.
The absurd result, as these bold dissenters point out, could be that terrorists and cybercrooks would use inaccessible, forked versions of the software, while the US government, and domestic corporations, would likely be stuck with the approved version.
@Usman: First and foremost, let me agree with you that I used the word "jihadist" in haste. I would go one step further and not merely calling them terrorists..but call such people thugs and murders. As for the concept of Jihad, I am absolutely aware of the concept as one of the five key tenants of Islam--which teaches all to work to better themselves and to transform themselves to the better for the betterment of all. So that you're aware of the extent of my continued research and studies on this, as I am working away on this long weekend here in the US, I am listening to the Zayunta College Conference on "reclaiming faith" @ http://www.zaytunacollege.org/may25/live.
..and to pick up on Allison's Point, the jihadists have a vibrant presence on the Net and the two kids in Boston supposedly got all their stuff from the Internet. It seems to me that that they ought to be going after who's hosting them and how to foil them--as they inevitabiy did to counter what Wikileaks was trying to do instead of hampering the free and open exchange of information that has been the hallmark of the evolution we've all been witness to and a part of.
It was Ben Franklin who said that, "..."Those who surrender freedom for security will not have, nor do they deserve, either one...". What is tragic about this latest in a series of moves by our esteemed leaders in Washington is not fully realizing what the implications of their moves are. The problem is that the existing laws as epitomized by the Patriot Act frankly gives the FBI the power to do this without anyone actually knowing it. The AP case is a case in point..as the case of the Fox Reporter being tracked. So, frankly, I am not sure why they are even contemplating this.
This legislation sounds like a disaster. While civil order requires that the police occasionally be able to impress our homes, it doesn't require us to ban curtains and windowshades.
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Expert Integrated Systems: Changing the Experience & Economics of IT In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator. READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE! REGISTER HERE
Wanted! Site Moderators Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?
To save this item to your list of favorite Internet Evolution content so you can find it later in your Profile page, click the "Save It" button next to the item.
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
M2M: Rise of the Machines? Not Yet David Weldon In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M. CLICK FOR MORE
Email This
