Feds Pushing For New Legally Required Wiretap Backdoor To All Internet Communications
from the unintended-consequences... dept
The unfortunate, if not surprising, news story making the rounds today is that the feds in the US are looking to pass new laws to legally require a wiretap backdoor in every kind of internet communication offering. Yes, you read that right. If there's any way to communicate online, the US government is demanding the right to be able to wiretap it. Any company that doesn't comply will face fines. This despite the long history of the US government massively abusing its wiretapping privileges repeatedly throughout history.And, yes, this would supposedly apply to non-US communications services as well:
Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.Yeah, that'll go over well. It's difficult to see how this is any different than foreign governments demanding access to others' communications as well. It's pretty ridiculous for President Obama to talk about open internet principles to the UN, while cooking this up at the same time. Pushing for this also means that the US will have no excuse when the governments of Iran, China and elsewhere also demand backdoors into all US-based communications.
And, really, that's the biggest problem with this law. Beyond the inevitable privacy violations by the feds, putting backdoors into communications technologies guarantees that those backdoors will be used by others (outside of the federal government) to snoop on communications. The FBI and the NSA (who are pushing for this) are being totally and completely naive if they think that they're the only ones who will use this. We've pointed out in the past how large scale surveillance systems mean large scale security risks, and this is no different. We showed how a similar surveillance system in Greece was hacked into to spy on government officials. US officials should be aware that they're opening themselves up to these same potential risks.
And, the simple fact is: this won't help and it won't matter. The people who really want to communicate secretly will still use tools to communicate secretly. The feds are (once again) being naive to think that such tools won't exist and won't be widely known and widely utilized. Instead, all this will do is open up everyone else to abuse of the system by other governments, organized crime, people with malicious intent and (of course) the US government.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, feds, privacy, security, wiretap
Reader Comments
Subscribe: RSS
View by: Time | Thread
Subject
My concerns are exploits. It would not be long before hackers find these exploits and start using this for their own gains. Not to mention letting it loose on the internet and having every psycho, sicko and pedophile spy on any one they choose. It can also be turned against the government officials and lawmakers themselves by domestic and foreign spies.
Yep. Let them pass this. It will cause chaos and then higher grade encryption, stricter firewalls and computers operating systems that do not comply with their crap.
[ link to this | view in chronology ]
Re: Subject
[ link to this | view in chronology ]
Re: Subject
If you manage to find a backdoor on a widely distributed piece of open-source cryptographic software, you will become famous overnight. It is easy, the source code is even available!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
From the department of redundancy department
Methinks you are being redundant.
[ link to this | view in chronology ]
GNU Telephony Statement on new Internet Surveillance Laws
In the United States the 4th amendment did not come about simply because it was impractical to directly spy on everyone on such a large scale. Nor does it end simply because it may now be technically feasible to do so. Communication privacy furthermore is essential to the normal functioning of free societies, whether speaking of whistle-blowers, journalists who have to protect their sources, human rights and peace activists engaging in legitimate political dissent, workers engaged in union organizing, or lawyers who must protect the confidentiality of their privileged communications with clients.
However, to fully appreciate the effect of such surveillance on human societies, imagine being among several hundred million people who wake up each day having to prove they are not a “terrorist” by whatever arbitrary means the government has decided to both define the terms of such a crime and whatever arbitrary methods unknown to you that they might choose to define you as such, and where even your prosecution is carried out under the immunity of “state secrets” that all police states use to abuse of their own citizens. Such a society is one who’s very foundation is built on the premise of everyone being guilty until proven innocent and where due process does not exist. It is the imposition of such a illegitimate society that we choose to openly oppose, and to do so in this manner.
David Alexander Sugar
Chief Facilitator
GNU Telephony
[ link to this | view in chronology ]
Biden strikes again
Back in the 1990's, Biden proposed exactly the same thing in the Comprehensive Counter-Terrorism Act and Violent Crime Control Act.
These bills are what spurred Phil Zimmermann to create PGP.
In fact, throughout Biden's entire political history, he's had an almost fanatical hatred of technology and been deep in the pockets of Hollywood and the recording industry.
The sooner Obama gets rid of this clown, the better.
[ link to this | view in chronology ]
Re: Biden strikes again
Wow. I love people who say silly stuff like this. AS if this is a course of action that is going to happen, or even would. See also all the "impeachment" whiners, and that goes for either side's (Bush or currently Obama) president. Dont you people get it? It takes an EXTRAORDINARY (with emphasis on the EXTRA) set of circumstances for a sitting president to turf out his VP, or get any of them on trial and kicked out via impeachment. It just doesnt happen, yet the call goes forth from the Neocon crowd with EVERY presidency, and twice as loud if they are Dems. Look at your history, and see how many presidents have been actually removed from office, let alone been subject to an impeachment trial (hint: you can count them on less than 1 hand). All the whining in the world isnt going to make it happen. Spend your energies on something that IS possible, like voting out incumbents, and getting better people in office. This "get rid of him/impeach him" rhetoric is just pissing in the wind.
[ link to this | view in chronology ]
Re: Re: Biden strikes again
Dreaming is possible is it not?
Let people have hope, we all know Bidden is not going anywhere the creep is there until the next election, where people can vote him out.
[ link to this | view in chronology ]
Re: Re: Biden strikes again
Not to mention that the corporations own both parties anyway, so the choice of candidate really doesn't matter. They both report to the same boss. We can't fight them like that, on their ground. Part of winning a battle is in choosing the battlefield, I think. And I think we have to keep it in here in the digital as much as possible, because it is here online that we have the advantage.
It is here online that the money and power of the corporatocracy is meaningless, because whatever technological measures they implement can and will be hacked and circumvented. It is here that any attempts at control and secrecy that they make are rendered useless and ineffective, simply by the very nature of the internet and the web. And so I think it is here that we should stand against them, on ground of our choosing, and show them just how impotent they really are in the grand scheme of things.
[ link to this | view in chronology ]
Re: Re: Biden strikes again
If I could actually vote out the vice president, I would. But I can't, so in order to get rid of Biden, I'd have to throw the baby out with the bath water.
[ link to this | view in chronology ]
Re: Biden strikes again
Seems unlikely, if this recent Biden profile is accurate:
http://www.theatlantic.com/magazine/archive/2010/10/the-salesman/8226
[ link to this | view in chronology ]
Re: Re: Biden strikes again
[ link to this | view in chronology ]
Re: Biden strikes again
Excuse me? Why the hell put the burden on the President? Why not put it on the asses who voted him into office in the first place?
Oops. I always forget how some Americans like to put the blame on someone else for the mistakes of others.
[ link to this | view in chronology ]
Re: Re: Biden strikes again
All of this means that McCain would have kept every last Bush detail and had the power to stop any progress on anything.
[ link to this | view in chronology ]
Re: Re: Biden strikes again
Because you can't vote for the vice president.
[ link to this | view in chronology ]
Re: Re: Re: Biden strikes again
You can vote for a vice president. It is called splitting the ticket. Not that it would actually do anything anyway..but it is possible.
[ link to this | view in chronology ]
Re: Re: Re: Re: Biden strikes again
But even if I could, it would mean I'd have to vote for Palin instead. A dead musk ox would be a better VP than her, so it'd have to be Biden by default.
[ link to this | view in chronology ]
Re: Biden strikes again
We voted Obama & Biden in based on false promises of "hope & change" and what we've gotten has not been that. In fact, when it comes to tech issues, they've been far worse than Bush.
Then Obama turns around and says he supports an 'open internet' while his RIAA & MPAA (Hollywood) friends & Democrats are writing up things like ACTA...
we have all been deceived.
[ link to this | view in chronology ]
If secure encryption is outlawed...
[ link to this | view in chronology ]
Re: If secure encryption is outlawed...
; P
[ link to this | view in chronology ]
This isn't like a situation where making certain firearms illegal actually lowers the amount of people who end up acquiring them. This is zeroes and ones we're talking about. Making certain combinations of zeroes and ones illegal will have literally no effect on their availability, especially to criminals and terrorists.
[ link to this | view in chronology ]
It's not about protecting people, health issues, environment or any of that... It's about control.
I'm not saying those things don't need looking into - but the current implementation isn't about 'protection' or 'conservation' - it's about control.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
More Revenue
[ link to this | view in chronology ]
Pfft
[ link to this | view in chronology ]
[ link to this | view in chronology ]
What exactly can US government do to enforce such law?
1. They can threaten or punish a person or a company producing any technology that allows secure communication (let's call it 'secure technology' for now).
2. They can block servers hosting secure technology to suppress its distribution.
3. They can block bank accounts of the person or company providing secure technology or block users from sending money to those accounts to make sure nobody will not be able to profit out of it.
4. They can make it illegal to use secure technology and punish users.
5. They can force hardware producers to make sure that it would be technically impossible to use secure technology.
What did I forget?
It seems to me that in order to communicate securely, we have to make sure that there is NOT a single point of failure in any of these five things. How?
1. secure technology should not depend on any single person or company - it should be some open source technology with distributed development model - everybody is fungible, developers live in different countries to minimize the risk, if any developer is removed - the technology survives.
2. secure technology is distributed from 'distributed source' (bittorrent or something like that). No single server to block.
3. secure technology is developed for free by idealist freedom-fighters or is financed by some kind of (distributed?) payment channel that is difficult to block/trace.
4. secure technology is not easy to spot and distinguish from other traffic. No specific port or protocol - just some kind of tunneling or VPN like when you are communicating with your bank or company, or maybe transparent end-to-end encryption - because it would be necessary to make illegal the whole internet to suppress this.
Secure technology is also easy to use because it needs to be widely adopted - any law is not practically enforceable when it's broken by everybody - that's the best 'security' from the bad law.
5. well... if any government is able to control hardware production globally - then we are all screwed.
Please consider this some kind of RFC - I am looking forward to your comments so we would be ready in case US democracy fails ;-)
[ link to this | view in chronology ]
Re:
Not possible. Most encryption is software based not hardware. Only allowing certain data formats to route over the internet would literally cripple it. And it would be childs play to write software to pretend to be a video stream, ftp file transfer, or image file, while in all actuallity being an encrypted VOIP call or what ever.
[ link to this | view in chronology ]
Operation Dark Heart
Remember when the US Government decided to build a huge datacenter in Utah? I wonder if this and the Utah Data Center are connected in some way.
This seems to be an expansion specifically to require Blackberry and a few other straggler applications have a backdoor. It's also possible that some cable/telecomms companies that either didn't have the capital or hardware didn't exist to install wiretap capability.
Mandating it will ensure that the bad dudes get caught, I'm sure. And it should be mandated because crime is DOWN over the past decade.
Maybe it's one of those things about working in a bureaucracy. Someone's out there doing something bad like eating pork or hoofed animals.
[ link to this | view in chronology ]
Interplanetary DUH! If you put backdoors into every communication device, even the FBI and the NSA will become easy targets to the spying. It's incredibly easy for someone to leave an unsecure connection open somewhere that any git can use (through the convenient backdoor) to steal sensitive information or gain access to more critical systems.
Also, every critical system must have an access point to the outside world somewhere. Imagine some hacker slipping viruses into your nuclear power plant controls. Chernobyl remix anyone?
Bottom line: Leave secure systems secure. They are secure for a reason! And knock it off with the spying. The cold war is over for a while now.
[ link to this | view in chronology ]
Another perspective
First off, the number of intelligence contractors skyrocketed since 9/11. This was partially to address monitoring of citizens through bank, telephone, sms, and other technologies. Today, there are
http://blog.washingtonpost.com/spy-talk/2010/09/intelligence_authorization_bil.html
http://ww w.huffingtonpost.com/eric-margolis/cias-new-shadow-army_b_740291.html
The US Government decided to build a huge datacenter in Utah recently. I wonder if this and the Utah Data Center are connected in some way. It's logical, because of the recent discussions concerning the number of intellegence contractors with top secret and higher clearances.And Intelligence Contractors writing reports that never get read. It seems to be a desire to get costs under control.
An expansion to allow internet traffic to be tap-able under warrant means that the equipment and applications have to support intercept. Most people think oh, this is good because I'm not going to have a warrant against me.
But I tend to believe this is specifically in place to require Blackberry and a few other straggler applications to have a backdoor. It's also possible that some cable/telecomms companies that either didn't have the capital or hardware didn't exist to install wiretap capability.
Mandating a connection for intercept (lawful or not) will ensure that the bad dudes online get caught. And this should be mandated because crime is DOWN over the past decade.
[ link to this | view in chronology ]
Re: Another perspective
Nope, this isn't about telcos or RIM, this is about Skype, Facebook, JahJah, Numbr, and a bunch of future communication solutions that haven't been invented yet. Our gov't wants to make a sweeping law that says that any developer that wants to sell into the US needs to install a backdoor, and give them the keys.
Not only will this invade our privacy (4th amendment rights) and make us more vulnerable to crime, but it will also slow down innovation and reduce our range of communication options.
Sucks to the power of 3.
[ link to this | view in chronology ]
Needle
What's that you say?
"http://www.techdirt.com/articles/20100914/15553611015.shtml"
D-oh!
[ link to this | view in chronology ]
outlaws already pwn feds this changes nothing
for the people who don't use Tor : http://rmuqt2gq7awlrmxg.tor2web.com/polyfront/index.html
http://rmuqt2gq7awlrmxg.onion/polyfront/index.html
[ link to this | view in chronology ]
PROTEST: censor yourselves first!
This push and recent Copyright legislation/rulings are designed to make website owners liable for their viewer-supplied content AND shill for the .gov if their visitors are anyone the .gov does not like or is interested in.
The net effect of both combined will be to put a stranglehold on self-publishing to the 'web', FOSS and Linux, all personal freedoms to communicate privately in pubic.
Give the public a taste of that world before the law gets passed or say goodbye to what we all have come to cherish.
[ link to this | view in chronology ]
Isn't it time to stop belieiving they are naive?
[ link to this | view in chronology ]
It will be treated with the contempt it deserves
[ link to this | view in chronology ]
:(
So sad.
[ link to this | view in chronology ]
This Will Deter The Casual Terrorists
[ link to this | view in chronology ]