Slashdot Mirror

← Back to Stories (view on slashdot.org)

FCC To Require Backdoor Network Access for Feds

Posted by Zonk on from the come-on-in-boys dept.

humankind writes "The EFF is reporting that the Federal Communications Commission issued a release [pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA)." From the article: "Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications - to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements."

6 of 492 comments (clear)

  1. This is a good idea? by hobbesmaster · · Score: 4, Interesting

    If you have a backdoor - how long before somebody malicious has access? 30 minutes? If you can get into any box anywhere (because apparently everything will have to have this) then couldn't one little malicious script bring down everything connected to the internet?

    1. Re:This is a good idea? by MourningBlade · · Score: 4, Interesting

      I think the fundamental problem here is not one of incompetence but one of interest.

      When you have ways to get unlimited access into the phone network, some very unscrupulous people with lots of money begin to think that maybe they should have access to it as well.

      In Columbia, they ran a "drug tip hotline" that was supposed to be anonymous. They got a few leads, then it dropped off. Why? Because the drug cartel had someone in the phone company feeding them the numbers of everyone who called in - whom they then killed.

      They switched it up and told people to call from a pay phone. Cartel solution? They tapped the line and started identifying people by voice.

      The program was eventually shut down.

      There's not much you can do about some of these things - but having back doors like this hurts more than it helps, and with enough resources you can get the keys.

      Another problem is that law enforcement likes as few barriers as possible to do their work (no surprise there, I'd hate to have red tape to cut through just to start up vi), so they tend to avoid solutions with things like...logging.

      I'm told that the older CALEA systems do not track their uses, and there were some very odd occurrences in NJ several years ago regarding a mafia case that suggested that someone had a way into the system - specifically confidential informants who discussed some things over the phone were then killed.

      Of course, no way to tell - there's no logs.

      My point is that when you set something like this up, you are point-balancing a sword with many edges.

  2. What's a broadband device? by ChiralSoftware · · Score: 4, Interesting
    If I use a Linux box as my broadband router, is that a regulated device? What I'm wondering is, where does this law stop? If there is a Linux distro that is specifically designed as a "broadband router on a CD", would that fall under the regulation? What if I have a broadband card plugged directly into my computer? Is the broadband card the device, or is the whole computer the device? What about if the broadband card does everything in drivers which are part of the kernel?

    Even regular consumer devices like Linksys routers are running Linux, so that makes me wonder if the changes have to be hardware or software changes. It's my impression that on a Linksys router, basically everything important is done in software, so I don't see how this could be implemented in hardware.

    And obviously, if this means that Linksys routers need to have a patched kernel, will they have to be locked in some way to prevent changes to the kernel? What about the GPL? If the backdoor is implemented as a part of the kernel, and then that kernel is redistributed, then the backdoor code would need to be published, right?

    Back in the days when everything was hardware, regulations like this would be cleanly enforceable, but now that the work is done almost entirely in software, it's a mess.

    -----------------
    mobile search

  3. Re:Awesome. by Surt · · Score: 4, Interesting

    Interesting that they sought these powers all through the clinton administration, yet didn't receive them until the bush administration.

    --
    "Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
  4. Re:right to privacy by bezuwork's+friend · · Score: 5, Interesting
    Just finished the bar. Don't remember it from Constitutional law but for the bar, we studied the fundimental rights pretty thoroughly. The right to privacy is a fundamental, if implied, right which in turn leads to other rights - the right to marry, to procreate, to use contraceptives, to have an abortion, etc.

    So for now, it is alive and well in theory.

    But scotus has taken rights that once were fundamental and reclassified them as not (forget which ones right now). So it comes down to what the scotus du jure thinks.

    There was a guy in my law classes who, after 911, kept saying that we may have passed into an era where privacy must be sacrificed. I don't think it is necessary and hope he was wrong.

    Related comment - last year I reported some vandalism on my property. I refused to fill out the fields for age, race, hair and eye color, etc. The police called me and refused to enter the report (I did it online) unless I provided that information. I said "why? You know where I live and I was the victim (sort of - my property was)" Their reply? "The FBI won't like it." Scary.

  5. I'm doin some homework by 2ainman · · Score: 4, Interesting

    ... rather than just taking everything I hear from the internet (interpreted thanks to eff.org). Kudos to people like sheetrock, teilo, and others for doing the same. Im not going to bother reiterating some of their previous points regarding "backdooring our routers!". If you're confused ... lookup "backdoor" and "wiretap" on some jargon files or something.

    Heres a link to the fcc announcement (NOT eff.org's) http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DOC-260434A1.pdf

    Ooooh theres some big telco words in there that I had to look up.

    facilities-based isp: isp owns the switches and access servers.

    Many isps are non-facilities based or hybrid based, meaning that they buy some access from other facilities-based isps, and have some equipment of their own. It only makes sense that the fcc would want access to the equipment through the people that actually own them.

    More specifically the announcement mentioned that they would target the facilities based isps / voIP carriers that allow connection to pstn (public switched telephone network).

    You guys have all seen those cop movies where they sneak into the bad guy's house and tap his phone. Well, if a bad guy is using voIP, you can hardly do that. (Well you can, because voIP's standard is not encrypted, although some like skype claim to). So rather than try to tap at the source, which could possibly be encrypted (as teilo said), they just tap it at the point at which it is just pstn traffic again. (Remember they were focusing on services that allowed communication to pstn from voip). So if bad guy A tries to do voIP to bad guy B whos just on pstn, then fbi can listen in, without knowing the location of bad guy B.

    This leaves the idea of the bad guys just talking voIP to voIP with encryption. People say that the government can already sniff our traffic and see everything we do, so whats the point of this new legislation? Where are they sniffing from? As of now, I don't think its via these ISPs who are commercially owned with little to no regulation. So maybe this is the government just moving their pieces in to better position on the board.
    Just my 2 cents.