FCC To Require Backdoor Network Access for Feds

humankind writes "The EFF is reporting that the Federal Communications Commission issued a release [pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA)." From the article: "Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications - to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements."

9/11 changed everything..

[Adult+film+producer]

We can't sit back and let the terrorists win.. err wait, wtf am I talking about? Somehow this is a good thing.. yes.. maybe I should give the feds access to my webcams, this will make america safer :)

Re:9/11 changed everything..

[infonography]

Considering your nick here is Adult film producer (866485) just giving me access to your webcams would be fine. However IMHO 9/11 changed NOTHING!

Re:9/11 changed everything..

[Oktober+Sunset]

If you give up all rights that the US stands for, then the US may as well not exist.

Re:9/11 changed everything..

I wouldn't say that they're winning just because Americans are giving up rights. It just means we (the normal citizens, not the politicians or corporate big-wigs) are losing. The terrorists aren't necessarily winning either because our inept foreign policy hasn't changed at all.

Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves. They likely just interpret our foreign involvement as bullying and wish us to stop.

Re:9/11 changed everything..

[87C751]

The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism.

No, they find that limiting personal freedoms is a viable way to limit personal freedoms. That's the real agenda. Combatting terrorism is just this year's excuse.

Some companies are different that others.

[Rosyna]

Cisco, for example, has complied with this new rule before it even existed.

This is a good idea?

[hobbesmaster]

If you have a backdoor - how long before somebody malicious has access? 30 minutes? If you can get into any box anywhere (because apparently everything will have to have this) then couldn't one little malicious script bring down everything connected to the internet?

Re:This is a good idea?

[sgant]

At the very moment, the FBI is cursing under their breath as they change their passwords from "fbi/fbi" to something else.

DAMN YOU SANCHO!

Re:This is a good idea?

I am once again surprised with the high mod points here. This guy is as niave as hell. It's pretty damned hard to design a secure front door leta alone a back door. This may be flame bait but it goes to show the level of technical knowledge on slashdot is dropping like a rock.

Re:This is a good idea?

[MourningBlade]

I think the fundamental problem here is not one of incompetence but one of interest.

When you have ways to get unlimited access into the phone network, some very unscrupulous people with lots of money begin to think that maybe they should have access to it as well.

In Columbia, they ran a "drug tip hotline" that was supposed to be anonymous. They got a few leads, then it dropped off. Why? Because the drug cartel had someone in the phone company feeding them the numbers of everyone who called in - whom they then killed.

They switched it up and told people to call from a pay phone. Cartel solution? They tapped the line and started identifying people by voice.

The program was eventually shut down.

There's not much you can do about some of these things - but having back doors like this hurts more than it helps, and with enough resources you can get the keys.

Another problem is that law enforcement likes as few barriers as possible to do their work (no surprise there, I'd hate to have red tape to cut through just to start up vi), so they tend to avoid solutions with things like...logging.

I'm told that the older CALEA systems do not track their uses, and there were some very odd occurrences in NJ several years ago regarding a mafia case that suggested that someone had a way into the system - specifically confidential informants who discussed some things over the phone were then killed.

Of course, no way to tell - there's no logs.

My point is that when you set something like this up, you are point-balancing a sword with many edges.

right to privacy

[garstka]

It's funny how you never hear the phrase 'right to privacy' nowadays. Is privacy no longer a concern to people now that we have terrorists to worry about? The things I think about and read and what I do in my personal space (yes, my computer is MY space) is frankly not the business of anybody except me. Get a warrant, then search me - I'll live with the fear of a terrorist attack, I can handle the responsibility.

Re:right to privacy

[bezuwork's+friend]

Just finished the bar. Don't remember it from Constitutional law but for the bar, we studied the fundimental rights pretty thoroughly. The right to privacy is a fundamental, if implied, right which in turn leads to other rights - the right to marry, to procreate, to use contraceptives, to have an abortion, etc.

So for now, it is alive and well in theory.

But scotus has taken rights that once were fundamental and reclassified them as not (forget which ones right now). So it comes down to what the scotus du jure thinks.

There was a guy in my law classes who, after 911, kept saying that we may have passed into an era where privacy must be sacrificed. I don't think it is necessary and hope he was wrong.

Related comment - last year I reported some vandalism on my property. I refused to fill out the fields for age, race, hair and eye color, etc. The police called me and refused to enter the report (I did it online) unless I provided that information. I said "why? You know where I live and I was the victim (sort of - my property was)" Their reply? "The FBI won't like it." Scary.

Re:right to privacy

[hazem]

The 4th Ammendment covers it pretty well:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Now, maybe I'm just a crazy left-wing wacko, but I think one should be able to reasonably extraplotate "papers and effects" to include their own computer networks and files.

Re:right to privacy

[demachina]

"Is privacy no longer a concern to people now that we have terrorists to worry about?"

The stock response is if you aren't doing anything illegal why would you care about privacy. This is only to catch bad people doing bad things. You aren't a bad person doing bad things are you? At this point you can see why only activists will fight it. Your average citizen isn't going to complain because that just makes you ripe for further attention by the authorities. The man in the suit might come knocking and ask, "Why are you wanting to use encryption and hide your activities from us Mr. Garstka."

American's don't really have much of a sensitivity, at present, as to why police states are bad. They aren't likely to start caring until its to late. At the moment its really only Muslim's that are taking the brunt of it and most Americans aren't Muslim. For example two men in Detroit were convicted on terrorism charges by the DOJ. The two main exhibits:

- A homemade video of their trip to Disneyland which the government insisted was really a surveillance tape to plan for a terrorist attack, and just cleverly made to look like a tourist video.

- A conman up on fraud charges was offered a reduced sentence if he testified against them. Predictably he took the offer. Unfortunately for the DOJ he started talking to cell mates and admitted he lied to get his charges dropped and the case was overturned, but not until two Muslim men and their families had been put through living hell for having video taped their Disney vacation.

This instance is covered in the fascinating BBC documentary The Power of Nightmares. If you want a primer on why your right to privacy is being eviscerated by the powers that be, its a good starting point. It also highlights some fascinating similarities between the neoconservatives currently running America and Britain and Islamic fundamentalism. In many respects they need each other and are using each other to attain their goals, the end of western liberalism and liberties. They both want a return to regimented societies dominated by their respective religion's concept of law and order.

Re:Awesome.

[paulproteus]

It's so nice to have market-loving, freedom-creating, innovation-pushing Republicans in power. And we all know Republicans are all for limiting the size, scope, and expense of government.

Wait - you're saying they added regulation that limits busineses' freedoms to innovate with broadband and adds invisible costs to the consumer? I thought that was what commies and big-government Democrats do!

Re:Why do they always have to be insecure?

[paulproteus]

When there's one key to the whole American Internet infrastructure, that sounds pretty insecure to me.

One malicious Fed with the access key can leak it, or eavesdrop on anyone at will. Perhaps he was blackmailed by the mafia, or wants extra money by selling info to spammers, or incentives are otherwise skewed.

Time and time again, we see that eavesdropping systems are abused by insiders. That's why limiting the availability of eavesdropping technology to exactly what's required is the most secure choice.

What's a broadband device?

[ChiralSoftware]

If I use a Linux box as my broadband router, is that a regulated device? What I'm wondering is, where does this law stop? If there is a Linux distro that is specifically designed as a "broadband router on a CD", would that fall under the regulation? What if I have a broadband card plugged directly into my computer? Is the broadband card the device, or is the whole computer the device? What about if the broadband card does everything in drivers which are part of the kernel?

Even regular consumer devices like Linksys routers are running Linux, so that makes me wonder if the changes have to be hardware or software changes. It's my impression that on a Linksys router, basically everything important is done in software, so I don't see how this could be implemented in hardware.

And obviously, if this means that Linksys routers need to have a patched kernel, will they have to be locked in some way to prevent changes to the kernel? What about the GPL? If the backdoor is implemented as a part of the kernel, and then that kernel is redistributed, then the backdoor code would need to be published, right?

Back in the days when everything was hardware, regulations like this would be cleanly enforceable, but now that the work is done almost entirely in software, it's a mess.

-----------------
mobile search

Re:Awesome.

[Surt]

Interesting that they sought these powers all through the clinton administration, yet didn't receive them until the bush administration.

Re:Awesome.

[i_am_not_a_bomba]

Wait,

So your saying that the republicans shouldn't be blamed because they have caved in where the democrats didn't?

Seriously, that's what you've just said in that post.

Sometimes i wonder if you lot would *ever* condem your partys actions, then i read posts like yours and think "no".

(I am not an american)

I'm doin some homework

[2ainman]

... rather than just taking everything I hear from the internet (interpreted thanks to eff.org). Kudos to people like sheetrock, teilo, and others for doing the same. Im not going to bother reiterating some of their previous points regarding "backdooring our routers!". If you're confused ... lookup "backdoor" and "wiretap" on some jargon files or something.

Heres a link to the fcc announcement (NOT eff.org's) http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DOC-260434A1.pdf

Ooooh theres some big telco words in there that I had to look up.

facilities-based isp: isp owns the switches and access servers.

Many isps are non-facilities based or hybrid based, meaning that they buy some access from other facilities-based isps, and have some equipment of their own. It only makes sense that the fcc would want access to the equipment through the people that actually own them.

More specifically the announcement mentioned that they would target the facilities based isps / voIP carriers that allow connection to pstn (public switched telephone network).

You guys have all seen those cop movies where they sneak into the bad guy's house and tap his phone. Well, if a bad guy is using voIP, you can hardly do that. (Well you can, because voIP's standard is not encrypted, although some like skype claim to). So rather than try to tap at the source, which could possibly be encrypted (as teilo said), they just tap it at the point at which it is just pstn traffic again. (Remember they were focusing on services that allowed communication to pstn from voip). So if bad guy A tries to do voIP to bad guy B whos just on pstn, then fbi can listen in, without knowing the location of bad guy B.

This leaves the idea of the bad guys just talking voIP to voIP with encryption. People say that the government can already sniff our traffic and see everything we do, so whats the point of this new legislation? Where are they sniffing from? As of now, I don't think its via these ISPs who are commercially owned with little to no regulation. So maybe this is the government just moving their pieces in to better position on the board.
Just my 2 cents.

Re:...WTF?

[demachina]

"Nobody is at this time limiting your rights, your privacy or your liberty"

WTF are you talking about. If you are taking a subway in some major American cities today you can now be stopped and searched for no reason and with no warrent. If they catch you with a couple of joints I'm curious if you are going to jail and if they can make the charges stick since it is a blatantly illegal search. There is no probable cause and there is no warrant for these searches. They are about as illegal as they get when they start applying them to people commuting to work everyday.

In the UK the police drew guns and started shouting at a Brazilian electrician because he was dark skinned and wearing a heavy coat in summer. He paniced which is not a surprise when people start yelling at you and drawing guns. They tackled him pumped him full of lead, though he had no weapon, purely on the vague suspcion he might have a bomb. The Brits responded with, oops, sorry.

Its something of a fact of life you are surrendering your privacy to get on an airplane but last time I did it they hand frisked, intrusively, a 70 year old man in front of me. The look on his face was sickening and it was worse because they were intimately searching him in front of everyone with a little table being the only thing blocking the worst of it. At this point I'm thinking, how has America fallen this far. He didn't fit the "Terrorist Profile" either and it was probably the first time in his life he'd been frisked. The lady at the metal detector said he looked "nervous" which is apparently why he was one step away from strip search. He was nervous but only because he was deathly afraid of the security shakedown and amazingly he had reason to be.

There is a fair chance you will soon see millimeter wave scanners in airports which will in effect let total strangers see you naked everytime you go to an airport. If they work there then there is a fair chance they will eventually appear in mass transit.

"If I want to keep something private, I sure don't send it via the Internet, snail mail still works good in that respect"

You are totally delusional at this point if you think the Fed's wont open your mail if you or whomever you are communicating with is the target of an investigation.

" The fact that the Patriot Act got pretty much unanimous reapproval in the House and Sentate says it not a bad deal on the whole."

No it says the political climate is such that politicians will vote for almost any piece of security legislation, no matter how bad. If they don't their opponents will pummel them in the next election for being soft on terrorists and it will work. The quality of the legislation has nothing to do with it. The National Intelligence reform act passed by a wide margin and it instituted the first step towards nation ID cards which Americans would have never tolerated 5 years ago. It eliminated most of the safeguards against intelligence agencies spying on Americans which were instituted because J. Edgar Hoover and Richard Nixon were massively abusing those powers to spy on, blackmail and general destroy their political opponents.

" I really don't care as I'm not going to do something to bring him down on me."

Thats the spirit. I'm sure thats how most American's rationalize it. These news powers are currently only being used to hammer Muslims, most of whom appear to be innocent. You aren't Muslim, you don't fit the "Terrorist Profile" so why should you care. Germans didn't care either as long as it was only they Jews that were being persecuted because they weren't Jewish.