Slashdot Mirror
FCC To Require Backdoor Network Access for Feds
humankind writes "The EFF is reporting that the Federal Communications Commission issued a release [pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA)." From the article: "Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications - to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements."
If you have a backdoor - how long before somebody malicious has access? 30 minutes? If you can get into any box anywhere (because apparently everything will have to have this) then couldn't one little malicious script bring down everything connected to the internet?
Cable modems don't terminate the SSH connection, the computer behind them does! The modem itself is powerless to decrypt the SSH packets. If you can trust the computers running on both ends of the SSH connection, the modem itself is irrelevant.
I was just thinking, this is the point at which I stop buying US Robotics broadband routers and start pondering the benefits of using either a Mac Mini or a small-footprint intel PC as a linux router...
I have been a user for about 10 years. This ends Feb 2014. The site's been ruined. I'm off. Dice, FU
If you use open source router software, and tunnel or SSL or SSH to everything, this should not be a problem.
The question is, why aren't people assuming that plaintext is a bad thing already?
AFAICS, all the linked press release says is that VOIP should be subject to the existing laws on telephone tapping....
Or am I missing something?
This is true. I work for a telco, and I have received calls from FBI personnel stating that they need an entire switch tapped when entities like the President and VP are in the area. Most recently was Dick Cheney's visit to the Las Vegas area.
I think it's a great idea. As you point out, within 30 minutes someone will have malicious access. Within a month every script kiddie on the net will have access to every PC in America.
At which point, I welcome the government's attempt to successfully prosecute me for anything whatsoever: "No, that file of Dubbya, the underage pretzel salesgirl and the goat wasn't mine. You idiots left the backdoor to my system wide open. Literally anyone on the net could have used my PC to host it and you guys are responsible for that one. And may I just say thank you for establishing 'reasonable doubt.'"
The legal definition of guilt in a criminal case is beyond all reasonable doubt (as opposed to balance of evidence for civil cases). If they're absolutely determined to ensure it's completely impossible to achieve 'beyond all reasonable doubt', and thus any successful prosecutions, I'm all for it.
This is one where, legitimately, they can claim it's only for catching terrorists - because they've destroyed any legal standing for a successful prosecution (suspected terrorists not getting prosecutions, just export to a country that uses torture).
Even regular consumer devices like Linksys routers are running Linux, so that makes me wonder if the changes have to be hardware or software changes. It's my impression that on a Linksys router, basically everything important is done in software, so I don't see how this could be implemented in hardware.
And obviously, if this means that Linksys routers need to have a patched kernel, will they have to be locked in some way to prevent changes to the kernel? What about the GPL? If the backdoor is implemented as a part of the kernel, and then that kernel is redistributed, then the backdoor code would need to be published, right?
Back in the days when everything was hardware, regulations like this would be cleanly enforceable, but now that the work is done almost entirely in software, it's a mess.
-----------------
mobile search
Looks to me like more and more people are going to gt into wireless mesh networks and pgp/gpg just to avoid big brother.
Its' like back in (IIRC) the '60s, when one guy who was being watched by the FBI made it a habit of writing "Fuck the FBI" on sheets of paper in every hotel room he stayed in, shredded them, then dumped them in the trash. So the agents had to waste lots of time re-assemble the "messages", just in case ...
It'll be the same thing - even if you don't have anything to hide, you still don't want anyone snooping on you, on general principles.
Oh stop blaming the Republicans for this. The FBI has been seeking this type of capability for a LONG time, including during the entire Clinton administration.
An ODDLY - the simple fact is that the manufacturers are happy to comply because the capability is likely already there.
A few years ago I had a discussion with a friend who was the CEO of a networking company (before it got bought by Alcatel...) He told me that the companies build this type of backdoor into the routers, etc. for their own reasons anyway. The government therefore, is only codifying what the manufacturers are likely doing anyway. The ISPs want this capability TOO!
Have you compiled your kernel today??
Interesting that they sought these powers all through the clinton administration, yet didn't receive them until the bush administration.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
So for now, it is alive and well in theory.
But scotus has taken rights that once were fundamental and reclassified them as not (forget which ones right now). So it comes down to what the scotus du jure thinks.
There was a guy in my law classes who, after 911, kept saying that we may have passed into an era where privacy must be sacrificed. I don't think it is necessary and hope he was wrong.
Related comment - last year I reported some vandalism on my property. I refused to fill out the fields for age, race, hair and eye color, etc. The police called me and refused to enter the report (I did it online) unless I provided that information. I said "why? You know where I live and I was the victim (sort of - my property was)" Their reply? "The FBI won't like it." Scary.
I'm old enough to remember when this _was_ a free country. What they call freedom these days strongly resembles something quite else.
If you will read the Constitution, you'll notice that they don't have any right to look, even if you _do_ have something to hide. They have to have probable cause in the first place.
But, like the drug warriors, homeland security doesn't really give a flying damn about the Constitution.
OT, a bunch of terrorists from Saudi Arabia hijack some planes, and committed vile acts with them. The result? We lose our rights. We get searched.
Enough is enough.
Time for to recall the whole bunch of them.
... rather than just taking everything I hear from the internet (interpreted thanks to eff.org). Kudos to people like sheetrock, teilo, and others for doing the same. Im not going to bother reiterating some of their previous points regarding "backdooring our routers!". If you're confused ... lookup "backdoor" and "wiretap" on some jargon files or something.
/ DOC-260434A1.pdf
Heres a link to the fcc announcement (NOT eff.org's) http://hraunfoss.fcc.gov/edocs_public/attachmatch
Ooooh theres some big telco words in there that I had to look up.
facilities-based isp: isp owns the switches and access servers.
Many isps are non-facilities based or hybrid based, meaning that they buy some access from other facilities-based isps, and have some equipment of their own. It only makes sense that the fcc would want access to the equipment through the people that actually own them.
More specifically the announcement mentioned that they would target the facilities based isps / voIP carriers that allow connection to pstn (public switched telephone network).
You guys have all seen those cop movies where they sneak into the bad guy's house and tap his phone. Well, if a bad guy is using voIP, you can hardly do that. (Well you can, because voIP's standard is not encrypted, although some like skype claim to). So rather than try to tap at the source, which could possibly be encrypted (as teilo said), they just tap it at the point at which it is just pstn traffic again. (Remember they were focusing on services that allowed communication to pstn from voip). So if bad guy A tries to do voIP to bad guy B whos just on pstn, then fbi can listen in, without knowing the location of bad guy B.
This leaves the idea of the bad guys just talking voIP to voIP with encryption. People say that the government can already sniff our traffic and see everything we do, so whats the point of this new legislation? Where are they sniffing from? As of now, I don't think its via these ISPs who are commercially owned with little to no regulation. So maybe this is the government just moving their pieces in to better position on the board.
Just my 2 cents.
Folks, lets put this in perspective. What they're proposing to do is to backdoor the internet. But today, we have good crypto protocols which were designed specfically to defeat exactly this threat - of man in the middle and active packet capture. So why should the knowledge that the feds wish to engage in this behavior on an active, routine basis, cause anyone any alarm? The bad guys (and I admit, it's damm hard these days to tell the "good guys" and "bad guys" apart...) are already doing this. Right now. They're just doing more work and trying to be inconspicious about it. The feds simply want to say open-sesame and be let in.
The tools exist for many people to effectively secure their communications against exactly this threat. The question is however, how do we convince more people to begin protecting themselves?
Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves.
:)
Indeed, they just wish to create fear as a deterreent. The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism. It just doesn't work. There's a lot of European countries that suffered terrorism for much longer and never resorted to such measures.
They likely just interpret our foreign involvement as bullying and wish us to stop.
Actually, the rest of the world feels that the US foreign involvement has little to do with terrorism. I should know, i'm part of them
The backdoor was called The Clipper Chip.
Search for it.
A lot of civil libertarian types were against it.
Clinton was for it, along with the V-chip. Both were part of his administration's desired goals of using tech to keep things Big Brother ish and MomAndDadish. Of course, I agree with Bob Novak and say it is all B---S---!
Whatever became of that "NSA backdoor "in Windows that had the Chinese gov't so irked?
Ok, so the for profit router manufacturers may be required to create back doors for the feds (which, of course, will be discovered & exploited by others). This will not stop, & in fact should encourage, the use of linux routers & firewalls without these holes. If I make it & don't sell it, I don't see how the feds can say shit about it.
1: RIAA/MPAA sniffs out a pirate on a P2P network, they send an automatically generated electronic form to the Department of Homeland Security, which has an Intellectual Property enforcement team, complete with IP address. In moments, the DHS automatically fills out another form, which is stored on a computer, then sends the hack signals to the cable box in question to begin sniffing network packets. This system then automatically checks the data of the packets to see if the data is similar to any files the RIAA/MPAA doesn't want provided.
...Is there any good use for this?... ... ... ... ...
Or anything else the government doesn't happen to like.
The DHS then begins seizing computers out of homes with search warrents obtained with said data, at gunpoint.
Depending on the dissident or resident, they then go in unnannounced and when they raise their hand above to block the light from going into their eyes during a night raid, they get shot for making a wrong move...
2: A political dissident radio network, TV network, website, ect is broadcasting all over the world wide web. The ADL, APAIC, Oil corporation, wood corporation, ect doesn't like this. DHS gets a sniffer on the line going from their place, then sniffs IP address and begins sending hack signals to the IP's requesting services to the box they are sniffing. They then systematically send signals to each box in line to shut it off or ban it from getting onto said website, radio network, ect.
3: Is there such a thing as secure transmissions on that kind of a line if they can intercept the encryption key going over it?
4: You are now on a "Internet Terrorist Red List" where if you don't do what we will just keep sending disconnect packets to your cable modem every 10 seconds so you can't get on.
The ISP's already have to oblige by federal regulations regarding searches and seizures. So if they've got the evidence they go over the CO, hook a tap on the DSL or tap the phone line itself.....a phone tap works for any residential or other internet service if you've got access to the other end.
"but I really don't care as I'm not going to do something to bring him down on me."
Forgot to add I'd laugh my ass off if you were communicating with someone who is doing something that the man doesn't like, and who is a target of an investigation. If you are you fall under guilt by association and you wouldn't even know it.
For example you may remember the programmer who was a citizen of Canada, who was snatched by the Feds, questioned and then deported to Syria where he was jailed and tortured for over a year. His crime as I recall, someone in his family asked him to sign as a reference on a lease of this other guy, who had been targeted in a terrorism investigation. His second mistake was he flew through New York on his way from Europe home to Canada.
You see you don't have to be guilty of anything in this wonderful world we live in. You can be targeted for just communicating with someone under suspicion, or you can be falsely accused by someone being pressured through interrogation and threats. For example in the UK now its a crime to withhold information about a terrorism investigation. Three people in the UK are being charged for just this in the wake of the London bombing. If they are falsely accused the only way they can escape this charge is to make up false information to give to the authorities and the easiest thing to do is falsely accuse someone else.
@de_machina
It is doubtful that Clinton would have received all that was given in the Patriot Bill. His attack using cruise missles upon a camp in Afghanistan, when he had intelligence that bin Laden was there was often referred to as "wagging the dog". Ashcroft, as a Senator, helped to shoot down lawful roving wiretaps being inserted into crime omnibus bills, voting no to amendments on multiple ocassions. It is also doubful that the Clinton Administration would have had the audacity to claim they needed these extreme methods right after they had miserbly failed to perform their duty of defending America.
And even if my analysis is wrong, there is still no justifiable reason for the government enabling themselves with these extra powers.
It would be a shame if our elected politicians had to actually honor their oaths to protect and uphold the Constitution, wouldn't it? It seems that anyone who reads the Fourth Amendment to the US Constitution would have a difficult time justifying the legitimacy of this action by the FCC:
Our Congresspersons are, after all, a class of known liars who haven't even a small amount of honor within them; politicians.
The "terrorism" rationale just does not hold muster here. It is nothing more that a tool being used by politicians in a quest for power not rightfully theirs. The Rights of Humans are being eroded away, a byte at a time. The wellspring from which all legitimacy for the actions of our government flows is the Constitution. To act in a manner contrary to it, is to engage in tyranny. Each time our politicians make an exception to the Constitution, for any reason whatsoever, they have weakened all, and have made it easier for the future's politicians by giving them precedents to cite when they too tear away at the limitations rationally placed upon power, one thread at a time.
The Dreamtime America is fading away.
Rush Limbaugh is a perfect real world example of an oxycontinmoron
Government will always seek an excuse to exercise more control over its people - it is a natural tendency. The reasons may seem benign at first, and may be made out of a sincere desire for peace and prosperity for all, but governments are invariably run by people, and people are notoriously unreliable.
The good people who start something get replaced by less-adequate, or even corrupt, people, and eventually things go wrong. Not an absolute, but history has shown this time and time again.
There has never been a "safe" time in human history. Every century has seen a score of wars across the globe. Terrorism is just the latest name for it, but the cause and effect are the same. Do something to fight the enemy, but don't sacrifice the very thing you're fighting for in the process. How can the USA claim to be the "land of the free" if we sacrifice freedom in the name of, well, freedom? It doesn't make sense. We've forgotten what we're fighting for, and worse yet, who we're supposed to be fighting, and now we're turning it in on ourselves.
There was a great time in French history when the aristocracy was overthrown and a true government of the people was established to allow them to finally be a free, democratic people. It came later to be known as Robespierre's Reign of Terror. They lacked a Department of Home Security, but they did have the Department of Public Safety.
"Give a man fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life