Slashdot Mirror
FBI Adds to Wiretap Wish List
WorkEmail writes "A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police. The FBI's request to the Federal Communications Commission aims to give police ready access to any form of Internet-based communications. If approved as drafted, the proposal could dramatically expand the scope of the agency's wiretap powers, raise costs for cable broadband companies and complicate Internet product development."
Invest in encryption products.
Next, they will come for your encryption. Maybe not today, maybe not tomorrow... but soon.
if they can't, then whats the point. anyone who's doing anything illegal & knows the FBI can listen in, will just encrypt.
Big waste of time
You tried your best, & you failed miserably,
The lesson is:
Never Try
Regardless, this is pretty intrusive on the FBI's part. Even though it isn't a blatant intrusion into our private lines located within our home, it may as well be, since our direct line to the internet for 99.9% of the population runs through commercial ISP's. I hope someone cries foul on this proposal in support for the protection of privacy. However, with the state of most American's line of thinking, such a hope is far-fetched.
To avoid any potentially deadly misunderstandings, I'd advise you not to play a Counter-Strike "terrorist."
Some visionary should write a book about a future dystopia and call it 2040. Then Apple can come out with a cool new commercial in 2040, with a dubbed over voice saying, "god damn it. it's happened.", and have a gunshot fire with the sound of a body falling to the ground. right?
The FBI seeks to appoint a senior AOL linguist. The successful candidate will form a 1337 team able to translate AOL to American English in real-time as part of a stimulating new FBI initiative...
If you boil a frog, it doesn't know that it's in trouble until its legs are paralyzed and can't escape. Yup.
This is probably more for the "VoIP" segment of the universe than "XBox Live", this is a perfect reason to enable IPSEC over VoIP.
Too often the open source community thinks of the unreasonable approaches before the reasonable, and that's only because you have to fight fire with fire. In this case, you have to have as much reason as a politician will -- and yes, that sometimes means being as evil as they can be -- that is to say, with transparent encryption, it makes it unreasonable for a state agency to tap because it would mean confiscating servers and disrupting business (the state, in the US, must have a compelling state interest to do just about anything). This can have two effects: (1) Hosts increasingly require unreasonable agreements (CYA). (2) The disruption of business is so much that is becomes a burden for politicians to support.
My point being: look guys, we're Slashdotters, and we administrate public networks, and we're smarter than them, and with no disrespect, we can make prior art out of whatever aged notions of data security they have. That's what open source is about; the gathering of the people above those with green and power.
We should assume our data is being intercepted in the first place -- that's why you provide data security. Thou shalt encrypt.
ALSO SEE: Due Process, Fourth Amendment.
ON the other hand, if the government pays for the upgrades, it will be with tax dollars, so either way the consumer/citizen gets screwed. And, actually, if you look at the number of court cases that are successfully prosecuted nationwide using legitimately-garnered wiretap evidence, it's more like forcing 99.99999% of the people to pay for something the FBI needs only .000001% of the time, or worse. Ridiculous on the face of it: all the numbers I've been able to find simply don't justify this ongoing crusade for advanced wiretapping capabilities. Those boys just hate like hell to have anything kept from them. The problem, as I see it, is that the ease with which the FBI (and the Federal Government in general) was able to grab new powers in the wake of 9/11 has simply encouraged them to go for more of the same, although they've been trying for a national wiretap center for a long time prior to that. This is much like the FBI excesses decades ago, under Hoover, that resulted in Congressionally-mandated restraints upon its' behavior. Back then, of course, wiretapping was a relatively simple affair involving a lineman's handset and a pair of clip leads. Times have changed, and in the modern world the costs of allowing them to run in this open-loop fashion for very long are going to be significant, both in terms of money (tax dollars or on your Internet bill, take your pick) as well as civil-liberty abuse. Congress is the only entity that has the power to reign these people in, and I don't see a lot of effort being expended there on our behalf.
The higher the technology, the sharper that two-edged sword.
Next they'll bill the suspect for being investigated and failing to produce justification for an arrest warent.
Improves law enforcment and cuts the budget.. What could be wrong?
Oh right.. paying for being innocent.
I don't actually exist.
Or simply encrypt your transmissions. The Federal Government has been aware of this possibility for many years (predating the opening of the Internet to the public) and tried mightily to get encryption effectively outlawed for private use. Fortunately they failed that time around, but that doesn't mean they won't try again. If all significant Internet traffic was adequately encrypted it wouldn't much matter if they could tap the packets, it would be too costly to decrypt it. That's where it's heading anyway, if nothing else to keep the RIAA from peeking at our upload folders. The question is whether or not the Feds have the balls to try and make that illegal.
The higher the technology, the sharper that two-edged sword.
I can't believe the government is actually considering putting a backdoor in every cable modem. Karnivore, while of debatable, legitimacy, is at the very least, secure because its physical components are kept very far away from crackers (in secured buildings of Tier one providers). Thus, it works on a fairly good premise of obscurity and limited access.
If this type of backdoor was inside the cable/DSL modem next to your computer, imagine how quickly both the obscurity and limited access factors disappear. You can kiss any type of sibilance of security on the internet goodbye because, in no time, every script kiddie running windows will be able to packet sniff your computer.
Sometimes, I really wonder how highly funded groups like the FBI can ignore common sense problems. If there's ONE thing I think we've all learned in the past twenty years in regards to computer security is: if it's even minutely possible for them to do so, they (geeks) will figure it out. If you put an encryption scheme on every DVD drive in the world, they will figure it out. If you don't address a security bug in a prominent piece of software, they will figure it out. And if you put some uber-packet sniffing device on every cable/DSL modem in the country, they will figure it out with probably an extra sense of haste.
So if this does come to pass, how long do you think it'll take for it to be cracked? My guess is a week. *sigh* Your hard earned tax dollars at work.
-Grym
...among many other opportunities, to use the sharp minds many here claim to have and contact your congresscritters...in writing. on paper. that will always bear more attention than an email (or even a phone call).
People really need to stop bitching about this stuff in web fora and actually try to interface with the people that can put a stop to some of these intrusive inanities.
ISP's have been forced to install tapping devices since december 1998. Accroding to the Dutch Telecommunications Act 1998. http://www.ez.nl/english/docs/tweng.pdf
Wouldn't worry about this.
1. The FBI is only "asking" the FCC which, anyway, lacks jurisdiction to tell IRC programmers how to program.
2. The Internet is becoming more decentralzed (e.g. anonymous wireless LANS,P2P networks, etc.) so there will be too many small time non compliant ISPs to go after. And the government, not for want of trying, has so far shown only futile attempts at regulating the Internet.
3. The only people for this are the FBI and a few conservative politicians. They're going up against the communications giants and equipment manufacuters -- financially secure industries with campaign contributions, lobby groups, and lots of lawyers.
4. Besides all that, they just don't get it. Any two connected nodes communicating by pulses (ones and zeros) can always encrypt their conversation. Language is a secret handshake.
Besides the privacy, police-state implications that I'm sure other people will point out, here are several points:
Firstly, if there is a easily available backdoor for everything, what's to stop criminals and terrorists from using it as well? People don't seriously think that they are not going to be able to get the technical information easily. Especially if *every* software program that allows communication the way they describe requires these backdoors. There's no-way you can keep all those civilian mouths shut. These backdoors will be built-in security holes. Just like mandating only low-level encryption may mean that it is easier for the US government to break into your data, but it also makes it easier for criminals to do so as well. The likely ease with which the technical information will spread will mean that hackers will probably make versions of the programs w/o the backdoors and spread them through the underground. Real (smart) criminals and terrorists will use these backdoorless programs leaving the American government to spy on harmless citizens and the inept.
Secondly, I can see governments like China rejecting any protocol or programs which has these backdoors installed. They are already paranoid enough about rumoured backdoors. If they are sure they exist (say through a FCC mandate) they are going to drop American software like a hot stone. While the Chinese government is a police state and would love the ability to spy on their *own* people, the last thing they want is to allow the American government to spy on *them*. Other countries, like the EU, UK might have a few qualms of letting the US government spy on *them*, though I wouldn't put it past them (esp. the UK ie. Blunkett) to start thinking of mandating their own spyware for their citizens....Say goodbye to the American software export industry...
I also wonder how these things would work in conjunction with Trusted Computing?
The last thing is, I presume that all rules and regulations will apply to open source software as well. So I guess all open source developers of the mentioned program types will have to submit their programs to the US government for approval before they can release it. And how does this affect the open source nature of development if you need government oversight *every* time you want to release any sort of new code?
I disagree. Social programs have been decimated in the past four years. The Great Society has been destroyed in favor of corporations and the wealthy. Defense spending has been astronomical and does not need to get any bigger. If greater power is given for wiretapping we will be running headlong into a police state. At this point the government already has too much power and needs to cut money out of programs that only serve to arm the government to the teeth, only to attack its own citizens and other nations unilateraly. If we need anything right now it's programs that will get the people of this country back on their feet.
Time makes more converts than reason
It's funny to see one of these incorrect corrections.
Everyone else has fixed your error, I'm just here to laugh at you.
According to Charles Stross, the CIA has a cache of alien portals that they use to travel to other planets, and the Russians are keeping Cthulhu in a bunker near the Baltic Sea.
What was your point?
Mod down posts with a "Free Mac Mini/iPod" sig, they're spam!
Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.
I am going to keep in mind that this is seen through the filter of cnet, which tends to be somewhat Slashdottish -- kind of liberal, pro-tech, anti-regulation. I really need to see the "85-page document" to decide.
That being said, this is possibly the most disturbing thing I have heard proposed from the federal government yet. Besides the obvious issues of holding back innovation, I find the privacy issues unacceptable. If you want to wiretap someone, fine. Go to wherever they are, and use a parabolic mic or physical bug or something similar. Yes, it doesn't let you tap the population en-masse. There is no justifiable reason for this request. The only thing it does is make cheap, easy, and hard-to-detect-abuse-of wiretapping much more feasible and tempting. I *want* it to be a pain in the ass to wiretap people. It's worked well for hundreds of years, and I see no reason to change this.
I also want to make it clear that I will not follow any such directives requiring programs to including monitoring backdoors. If I have to, I will develop anonymously, through Freenet or similar (no, I'm not brave enough to do something like this openly as a protest and get hammered for it), but I will not begin inserting backdoors into the software I work on.
I am absolutely appalled that something like this would be suggested. It is the sort of thing that people that I considered "tin foil hatters" were worrying about for a long time. I would like to see an EFF analysis of this. If this is as bad as the article makes it out to be, this will be the thing that tips me over the edge to sending money to the EFF.
I would like to know what evidence cnet has for claiming that the Bush administration backs this. If they really are, they are going well beyond even what I thought Ashcroft's most tyrannical police-state aspirations were.
Among other things, I claim that this will:
* Limit innovation. This is a *real* issue, not a "we can't bundle Internet Explorer and now innovation is being suppressed" whine. Putting backdoors in protocols is a serious issue.
* Damage US credibility internationally when it comes to secure software. The cryptographic export restrictions did a phenomenal amount of damage to the US computer security industry, and let foreigners take over the market. When you want smartcard systems, you don't go to a US company. This is absolutely unacceptable, as computer security is becoming ever more important as more and more people are using it.
* Provide an impediment to international software projects. The United States is not the world, nor is it even "effectively universal" on the Internet. If you ban something like development of a VoIP system without key escrow, development will simply move overseas. Sure, you could make *using* software without escrow a federal offense (thank you Britain, which has set the path for this wonderfully stupid approach). It will do *nothing* to stop propagation of software. The last time the FBI tried to meddle with the Internet via legislation like this was when they arrested Mr. Zimmerman for releasing PGP. It *didn't work*, and wouldn't have protected their ability to snoop on people. We have come up with many approaches to deal with US laws limiting computer security, and can be used again in this case.
* Is stunningly short-sighted. You can't make a single effective law like this. What if I ssh to a system and use an IM system there to talk to someone else on the same system (and I *have* sshed in and used talk or phone on a Unix or VMS system before).
May we never see th
I agree generally with the intent your statement, but have two concerns:
1) The government still should not have the right to monitor packets; you don't want them use the 'well, you can always encrypt your traffic' argument to support general sniffing, and
2) Even if they can't decrypt the payload efficiently, they can still tell where the packets are going and presumably draw conclusions from that. Most likely they'd use such conclusions to get warrants for further access to your systems.
For example, you get spam or other traffic from some hijacked computer in Syria/Chad...these days that would be enough to establish possible terrorist links--especially if the payload was encrypted.
No monitoring whatsoever is appropriate.
In principle I have no objection to altering the existing wiretap laws to account for new technologies such as VoIP. However, make no mistake that once this occurs, the next thing on the chopping block are encryption products. The argument will be "We cannot effectively monitor terrorists and child pornographers because strong encryption has become commonplace."
We'll be back to either mandating weaker forms of encryption or requiring backdoors be installed at the encrypted tunnel layer. SSL/TLS, IPSec and SSH all come to mind (key escrow, anybody?). By designating the tunnel endpoints as "service providers" (they ARE in fact providing some sort of service or else you wouldn't be communicating with them), they could require a backdoor be installed at the endpoint.
Shape of things to come...
Yeah, I've met people like that too. They're definitely a small percentage of society, but they do exist. But there are a few points I'd like to raise:
1 - I have a problem with this Puritan idea that work is a moral obligation. "Work" should be something you do to solve a problem: If there's not enough food, you grow more food. If there's a hole in the roof, you fix the hole. If people are dying of disease, you make a vaccine. Our society has reached a point where there aren't enough of those problems to keep everyone employed; so what do we do? We create problems where there weren't any before. 20 years ago, were people truly suffering from the lack of GameBoys?
2 - As a former manager in a small business, I can tell you that I wouldn't want those slackers working for me. I don't want employees who are forced to work for me; I want employees who do the work because they find it interesting, or because they like their co-workers, etc. If I have to give up 0.2 % of my paycheck to keep these lazy fucks out of my hair, I consider that a worthwhile investment.
3 - If we do accept the above-mentioned Puritan work ethic, then we should apply it equally to all. What about the hereditary billionaires who never did a day's work in their lives? If they were forced to work for a living, it might keep them out of mischief. Like running for office.