Want To Destroy Any Hope Of Serious Cybersecurity? Give The DOJ Its Desired Backdoor Wiretaps On All Communications

from the stupid-ideas dept

Fri, May 17th 2013 2:34pm — Mike Masnick

The Obama administration has supposedly been "considering" the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication. If you don't recall, the FBI asks for this basically every year. The latest version would lead to fines for any company that doesn't build in a backdoor wiretapping ability. We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors.

A new report has been released, put together by some of the best known technologists and security experts out there, saying that the plan, as being considered would effectively undermine any cybersecurity regime. At a time when the administration and Congress keep insisting that we need better cybersecurity, to undermine it all with wiretapping backdoors would be ridiculous. And let's not even begin discussing how this would play out if it passed and number one CISPA backer Mike Rogers then became head of the FBI.

Among the report's authors are names you might recognize, like Ed Felten, Peter Neumann, Bruce Schneier and Phil Zimmerman. You can read the full report (pdf) to see all the details. As Ed Felten told the NY Times:

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report... “That’s a security vulnerability waiting to happen, as if we needed more,” he said.

Once again, all of this suggests that the efforts around "cybersecurity" have always been more of a cover story to try to make it easier for law enforcement to access data, rather than any legitimate effort at improving security.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, bruce schneier, cybersecurity, doj, ed felten, fbi, mike rogers, peter neumann, phil zimmerman, wiretaps

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 17 May 2013 @ 2:37pm

Never give the DOJ the backdoor they desire... they are rough and don't use lube.
[ link to this | view in chronology ]
- Anonymous Coward, 17 May 2013 @ 2:43pm
  
  Re:
  Well, that and they always steal your thoughts as "evidence".
  [ link to this | view in chronology ]
Anonymous Anonymous Coward, 17 May 2013 @ 2:42pm

Economic Development
As I was reading the attached article, it struck me. A vision. I am seeing various competing VOIP companies come up with a way to provide the suggested circumvention, patent their method, and then sue the fuck out of each other for using similar methods. Really...Obama is just trying to stimulate the economy.

/s
[ link to this | view in chronology ]
ScytheNoire, 17 May 2013 @ 2:50pm

It's abundantly clear that no one in politics, law, or government understands technology. You should not be allowed to make laws and big decisions about things you know absolutely nothing about.
[ link to this | view in chronology ]
Some Guy, 17 May 2013 @ 2:57pm

What happens if I post code on my blog which uses encryption and has no back doors? In fact, my blog front page is currently sample code for an encrypted file container. It's not technically a product or something I'm selling. Would this new law then make it illegal to write sample code with no back doors? And couldn't one of my readers just take the back doors out if they have the code? Since I diligently comment my code, I would of course point the back doors out with comments. Or maybe code that demonstrates encryption then itself becomes illegal? It's a slippery slope.
[ link to this | view in chronology ]
- Hephaestus (profile), 17 May 2013 @ 6:49pm
  
  Re:
  Here is one for you. Create a chrome app for Gmail that encrypts your email and do it as open source. Nothing in the world can be done at that point. Back door gets put in ... branch, rinse, lather, repeat.
  
  If Google uses chrome to grab your private keys, spy on your emails as you write them, or puts in hooks to insert code on your machine, end of all trust in one very large publicly traded company.
  [ link to this | view in chronology ]
rww, 17 May 2013 @ 2:58pm

Share the (********)
And soon, here in the USA too:

http://yro.slashdot.org/story/13/05/17/2025227/australian-government-backdoor-internet-filte r-shuts-down-1000-websites
[ link to this | view in chronology ]
Applesauce, 17 May 2013 @ 3:30pm

Criminal Access
the Reason governments don't care about providing back doors that they KNOW will be used by criminals is that they have more in common with each other (governments as rival criminal gangs) than they do with the pesky proles.
[ link to this | view in chronology ]
Miff (profile), 17 May 2013 @ 4:03pm

Well, time to move all our online infrastructure to a government that doesn't care about the Internet. Like China. Or North Korea.
[ link to this | view in chronology ]
Anonymous Coward, 17 May 2013 @ 4:11pm

a new outsourcing opportunity
just think of the new chinese companies the fbi,cia,doj, could outsource their data requests to? forget warrants, just outsource to india for $5 per phone records
[ link to this | view in chronology ]
The Real Michael, 17 May 2013 @ 5:06pm

Funny how no matter what the problem is, the solution is always to give the government more broadsweeping powers. Also funny is how it's NEVER enough -- they'll just want more tomorrow.
[ link to this | view in chronology ]
- Anonymous Coward, 17 May 2013 @ 5:41pm
  
  Re:
  If you give a mouse a cookie...
  [ link to this | view in chronology ]
assemblerhead (profile), 17 May 2013 @ 6:44pm

Re:
I once worked as a sysadmin. The joys of a Root type password in the wild. They are NOT thinking. There will be no way to change it once it becomes publicly known ... Complied in. No resets or changes at the endpoint possible. Update the software? Passwords and Protocols will be broken before they finish a nation wide update.

The people that came up with this idea ... think that rotary phones are a newfangled idea that will never catch on.
[ link to this | view in chronology ]
FM Hilton, 17 May 2013 @ 6:56pm

The experts of idiocy
There is nobody in the Federal government who understands how to deal with the VOIP stuff, emails, websites or other extraneous matters to do with 'wireless' communications. They're all grasping for a piece of the action, without knowing how it works.

They're ignorant and proud of it-but they're the first to grab power to control what they don't understand.

They're all convinced that the terrorists are infiltrating us by all these means when actually most terrorists aren't stupid enough to even dare go on most sites and announce "I are a terrorist, and am going to blow something up."

They're not that obvious to spot..but don't tell the government that-they're convinced 90% of the Internet is nothing but porn and terrorists plotting to take over the world.

Oh, by the way, giving these 'experts' the power to force backdoors will only lead to more insecurity, not less, because they don't know how to make it work properly.

They're dangerous with half-knowledge, assumed knowledge and no knowledge at all. Keep them away from it.
[ link to this | view in chronology ]
Shon Gale (profile), 18 May 2013 @ 5:24am

They can keep it up and I will cancel my internet, my cell phone, my cable TV and have nothing to do with satellites. I will go back to News Papers delivered to my home. I will watch only broadcast television and put my land line back in.
Then it will be just like the old days when the FBI only tried to infiltrate us and set us up in a sting. They can tap my land line and I will make up stuff to talk about. Gotta keep those guys busy listening.
Remember this is a huge country and there's lot of land where no one lives. It's easy to escape the city life. Just get on a bus, Gus, drive your car Lar, and get the hell out of there.
Everytime I think of our current government I think of Star Wars and the wise words of Princess Leia:
"The tighter your grip, the more star systems will slip through your fingers"
[ link to this | view in chronology ]
- Anonymous Coward, 19 May 2013 @ 7:00am
  
  Re:
  I will go back to News Papers delivered to my home. I will watch only broadcast television and
  
  That is what the older, more reliable, system of control was all about. Instead of you being able to see 'citizen reports on the scene' of twitter and facebook comments you'd get what has been filtered to not be offensive to parties like advertisers or regulators.
  
  put my land line back in.
  
  You do understand that the phone companies are lobbying the FCC to get rid of POTS and have everyone be VOIP, right?
  [ link to this | view in chronology ]
Anonymous Coward, 18 May 2013 @ 6:03am

The problem when the Congress asks for better "cybersecurity" they usually mean better "cyber-offense".
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2013 @ 9:04am

"We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors."

At some point the US Federal Government will be the ones with "malicious intent" and will "use those backdoors" in an abusive way. Lets face it they have a track record and it's the kind where they can't for security reasons share with congress or the public how many Americans were illegally spied on.
[ link to this | view in chronology ]
Anonymous Coward, 18 May 2013 @ 9:08am

the back door would be a way of law enforcement regaining the control they haven't lost (but fear they will lose) but tell Congress thay have lost because the public want increased freedom and privacy. we all know what law enforcement agencies think about that, dont we? in fact, some law enforcement officers are so concerned about it, in order to prevent any recordings of it, they beat people to death!!
[ link to this | view in chronology ]
Anonymous Coward, 19 May 2013 @ 12:46am

Job Assurance?
Perhaps they know this and want the back door for that reason. It'd give them an infinite loop of funding and power. Cyber security is terrible so we need more funding and power. They just love "homeland security" heads-I-win tails-you-lose logic. No attacks? Clearly we're doing our job properly. An attack? Clearly we aren't being given enough money/power/impunity.
[ link to this | view in chronology ]
- Anonymous Coward, 20 May 2013 @ 4:43pm
  
  Re: Job Assurance?
  Of course, that's how US politics works these days. Just look at the grandstanding politicians who pop up every time some tragedy happens.
  
  Nothing the DOJ does along these lines will make anyone safer. I've got RedPhone on CyanogenMod, and I'm just some random geek. I imagine any terrorist types would use communications channels which were at least as secure, if not more secure, than mine.
  
  The DOJ is simply killing two birds with one stone here: spying on more people to give them more police state-type power, and creating a nice big target for "cyberhackers" (ugh) to hit so they can claim they need to go even further.
  [ link to this | view in chronology ]
Ninja (profile), 20 May 2013 @ 6:31am

The implications are rather simple. A backdoor would need some sort of lvl0 security hash or something. Eventually those things will be broken and inevitably before it can be patched when it's broken some ill-willed individuals will use it to take control of the current iteration of the software before the company can hope to patch the hole generating masses of zombie computers.

Now imagine if those ill-willed people are the Chinese military...

They should be VERY afraid of giving anyone the key to build a cyber-nuke.
[ link to this | view in chronology ]