Not Being Able To Spy On Everyone Online Is A Feature, Not A Bug
from the tell-the-FBI dept
With the recent news coming out that the feds plan to introduce dangerous legislation early next year to mandate backdoors for wiretapping into every form of internet communications, plenty of people have expressed their horror at such a plan. It's not just the basic questions of due process and privacy, but the massive burdens lumped upon all sorts of companies, combined with the equally worrisome security holes opened up by such demands.Julian Sanchez has a wonderful article over at the American Prospect discussing just how problematic this plan would be:
But the current proposal is far more radical, in part because the Internet is not much like a traditional phone network. To see why, consider Skype, a popular program that allows users to conduct secure text chats, phone conversations, video conferences, and file transfers. Skype is designed as a distributed peer-to-peer network, meaning there's no central hub or switching station through which calls are routed; only the login server used to register members as they sign on to the network is centralized. Calls are encrypted end-to-end, meaning that only the end users who are parties to a call hold the secret keys to secure the conversation against online snoops. There's no device Skype can install at their headquarters that would let them provide police with access to the unencrypted communications; to comply with such a mandate, they'd have to wholly redesign the network along a more centralized model, rendering it less flexible, adaptable, and reliable as well as less secure.Sanchez also has a wonderful line towards the end. In discussing why law enforcement would obviously love this kind of access (while also highlighting its widespread past abuses of wiretapping ability, he notes:
Skype is just one of the thousands of firms, large and small, that would be burdened with the obligation to design their systems for breach. We've already seen how this can cause security vulnerabilities on traditional phone networks: In 2005, it was discovered that unknown hackers had exploited wiretap software built into Vodaphone Greece's computer system for law-enforcement use to eavesdrop on the cellular phone conversations of high Cabinet officials and even the prime minister. Designing for surveillance means, more or less by definition, designing a less secure, more vulnerable infrastructure. It's for just this reason that similar proposals were wisely rejected during the Crypto Wars of the 1990s, a decision that helped give rise to a thriving online economy that's wholly dependent on strong encryption.
It's not just hackers who could exploit such vulnerabilities, of course. A network architecture designed for the convenience of American law enforcement also necessarily makes eavesdropping easy for the many regimes whose idea of a "national-security threat" includes political dissent or blasphemous speech. And there's always the threat of interception by insiders: An engineer at Google was recently fired for using his privileged access to snoop into the private accounts of several teenage users. One way to alleviate such concerns is for firms like Google to enable end-to-end encryption, so users can feel secure that even the company's own employees won't have the keys needed to read their communications. The government's proposal would deny them the ability to make that promise.
But while governments may consider it a bug when network architecture renders such sweeping surveillance infeasible, citizens should probably regard it as a feature.An important feature, too, and one that we shouldn't easily part with just because a government with a history of abusing surveillance rights doesn't want to do any legwork anymore.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: internet, spying, surveillance, us government
Reader Comments
Subscribe: RSS
View by: Time | Thread
A fair idea
[ link to this | view in chronology ]
Re: A fair idea
[ link to this | view in chronology ]
Re: Re: A fair idea
[ link to this | view in chronology ]
Re: Re: A fair idea
The DCS systems are the ones formerly known as "Carnivore" and mandated by the CALEA.
[ link to this | view in chronology ]
Re: Re: A fair idea
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: #3
[ link to this | view in chronology ]
Re: Re: #3
It's doable, but it does open up a lot of security holes though.
[ link to this | view in chronology ]
Re: Re: #3
Among Mike's point are one that this might break Skype. Another is that it would make Skype much less desirable by users.
Making things suck for government's convenience, or making technology crawl so that our own governments can spy on us is policy more becoming of North Korea or China. Not the USA.
The consequences are dire. If this passes, all residents of New Hampshire will die. (Or at least need to change their license plates.)
[ link to this | view in chronology ]
Whats shocking
[ link to this | view in chronology ]
Re: Whats shocking
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
If it's true, it could be big business.
Why else do you think AT&T was allowed to go on its M&A spree a few years ago?
Answer:
It was because they had a solid business plan with forward-thinking, marketplace defining, consumer-friendly business practices that place customer satisfaction as #1 priority and at the center of their business.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
For The Children! (tm)
[ link to this | view in chronology ]
Subject
Yep. Sounds like a good idea!
Here's another great idea, why not let the movie and music industry spy on your family and children too? They would LOVE to do this, and no doubt these "spy" laws can be helpful to them too!
YAY!!!!
[ link to this | view in chronology ]
Re: Subject
[ link to this | view in chronology ]
Dan Brown
[ link to this | view in chronology ]
Skype wouldn't be hard to change
Admittedly one of the users might notice that Skype was using more bandwidth than usual - or that it's now transmitting to two places instead of one - but there are various ways to make it harder to spot. For example, they could increase the compression so the perv/scammer/spy/carefully-vetted law enforcement officer gets a lower quality but still audible signal. Or just pay a few people to spread rumours about Skype's ridiculous new encryption that interferes with its compression under certain circumstances...
[ link to this | view in chronology ]
1984
[ link to this | view in chronology ]