FCC Asks For Comments On Internet Wiretapping
SECURITY GURU writes "Security Focus has posted a story about The Federal Communications Commission (FCC) launching a public comment period on its plan to compel Internet broadband and VoIP providers to open their networks up to easy surveillance by law enforcement agencies. The 1994 Communications Assistance for Law Enforcement Act (CALEA), a federal law that mandates surveillance backdoors in U.S. telephone networks, is what would allow the FBI to start listening in on Internet communications. The EFF, ACLU, and the Electronic Privacy Information Center all opposed the plan, and an ACLU letter-drive generated hundreds of mailings from citizens against what the group called 'the New Ashcroft Internet Snooping Request.' If you have a comment on why you don't want the governemnt reading your email please post it here. All comments are due by November 8th."
If you ever thought your unencrypted traffic was safe from snooping over the Internet, you get what you deserve. If you don't like the idea of a company divulging your secrets, don't use that company, or add another layer of encryption on top of it. PGPPhone over VoIP anyone?
We're already implementing https and ssl irc over our network... not that they'll see even that far, they'll likely never see past the exterior VPN tunnels.
- Setup several email accounts. Most are reserved for sending bogus traffic (trolling for ye olde jack-booted thugs). One or two will be reserved for actual correspondence.
- When zero-hour approaches, send messages indicating "something will happen in (some place) on (some date)" using the trolling accounts. The message is intended to draw attention and resources away from the actual target and attack methodology. These would be encoded using a method with known problems. The encoding method used should be crackable, but not easily - We can't appear to be too st00pid.
- Send all "real" correspondence via high security encryption. To make it more interesting, I would pre-arrange with my cohorts that only messages sent at certain times of day, even using the "real" accounts, would be considered valid. All other messages would be "bait".
I'm sure I'm not the first to come up with something like this. I'm pretty sure the Allies sent many bogus messages prior to the Normandy invasion.The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
1 - We all go to the bathroom. Everyone does. It's biological. Nothing wrong with it. At one point or another, we've all made embarrasing sounds in the bathroom. Again, nothing wrong. But who would welcome an intrusion in that private moment? I wouldn't. There are times where I am engaging in activities that aren't wrong, but I'd be really upset if someone was watching/listening in. The same goes for comunications of any kind. We all discuss things with people that we don't want others to know. Even if the person listening in is benevolent and has no interest in revealing our secrets (or honestly doesn't even care), we'd still rather have that unknown third party not know. For your wife, ask her if she'd have a problem with some government terrorist sniffer listening in on a conversation she had with her doctor about a yeast infection. The spook doesn't know her, doesn't care, and would likely rather not have been privy to the details - but I doubt that would comfort your wife. All she knows is that an intimate discussion with a medical professional has been monitored and possibly recorded in a massive databse, JUST IN CASE.
2 - Sounds a little tin-foil-hattish, but here goes. Let's assume that we can trust the government of today not to abuse the power. We can pretend that everyone in power has the genuine intention of using this technology/law to stop suicide bombers (not a safe assumption to make, but hey - for the sake of argument, why not). What assurance do we have that the government of a year/5 years/10 years from now are just as trustworthy? We don't know that, we can't know that. But the law/technology will still be there, but the honest people it was meant for may be gone and replaced with a government you cannot trust. These things happen, even in American history (see: McCarthy, Hoover). Even if we can trust the leaders of today, it won't be the leaders who actually use the laws/technology. It will be hundreds or maybe thousands of government employees -- and anyone who has ever had experience with a civil servant can tell you that not all of them can be trusted. Maybe someone tries to get a job as a 'line sniffer' just so that they can listen in to private calls and jack off later to them (not likely, but hey - sick people exist). I know I'd feel violated because if that happened. Or maybe one of them hears something like a call between someone (such as a respected member of a conservative community) and asubstance abuse councelor about their secret addiction? Well, lookie-lookie. All of a sudden, this line sniffer has blackmail info. Or a more likely scenario - a call to a shop-by-phone company. With that one call, a crooked sniffer would have your name, address and credit card number. What's to say that government employees aren't subject to the same temptations as the rest of us? All it will take is time before you get the right combination of a morally-loose sniffer and the big promise of enough cash.
Hope that helps!
A man who can't pronouce "nuclear arsenal" shouldn't have one -sig ends here.