Slashdot Mirror
FBI: We Need Wiretap-Ready Web Sites — Now
TheGift73 writes with news that the FBI is pushing a proposal to update old wiretap legislation so that modern web firms would be forced to build in backdoors to facilitate government surveillance. Quoting CNET:
"In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned. The FBI general counsel's office has drafted a proposed law that the bureau claims is the best solution: requiring that social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail alter their code to ensure their products are wiretap-friendly. ... The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. The Federal Communications Commission extended CALEA in 2004 to apply to broadband networks."
Time to move my mail/chat server out of the US.
Go green: turn off your refrigerator.
How does Skype deal with this anyway?
Other than gathering data on connection times and destinations, frequencies, and statistical correlation techniques, I'd long assumed traditional wiretap is dead.
Am I incorrect?
..don't panic
GoodBye Freedom! Hello FBI!
Because we don't have enough problems with crackers already!
If the FBI was actually able to hire the best and the brightest, then there would be no no need for a "wiretap-friendly" software. Social networking sites are the easiest. VoIP, IM, and E-mail is just a matter of Wireshark and the proper filters applied. Maybe they need to put up some job advertisements on /.
sudo make me a sandwich
Security has gotten so good these days that all the holes in security we used to defend against are now be mandated by government to be put back in! In all the genius lets put all our data at risk again. Provide a backdoor for one party on the Internet and you provide a backdoor for everybody. We need more attack vectors!
I get wanting to be able to monitor data, there is zero reason this should be easy however.
Handing over your private encryption keys to the FBI and leveraging existing wire taps with ISPs could accomplish the same thing. Not? Not much need to re-write software to capture data since all they really need is inside your tunnels.
What could possibly go wrong...?
They always say they need this or that then want to pass the bill to the industry and consumer.
Second why do they need this? If it's to fight terrorism then I'm all for it but if it's to fight "drugs" and "crime" then I'm totally against it.
The FBI bill should be completely restricted to terrorism investigations only and not "crime" or "law enforcement" or "drugs", and no they shouldn't be allowed to use the "child porn" language to sneak "crime" and "drugs" in. The main reason the internet doesn't trust the FBI and law enforcement is because while they talk about wanting to use their new powers to fight terrorists and pedophiles when we look at the bill we always find copyright infringement, piracy, drugs, and "crime" in there that we politically don't want in there.
The more criminals will slip through your fingers... by using communications methods you can't intercept, either through end to end encryption, or by other means. The only people you're likely to catch after basically announcing you're going to be listening in are people stupid enough to use compromised means of communication.
I guess what I'm saying is, only a moron would plan a heist (or kidnapping, etc.) via Skype, etc.
I don't care if websites are "wiretap-ready." Phones already are.
What I care about is if data can be collected (not used; COLLECTED) from these sites wiretap-ready sites without a warrant.
And this, of course, is all "to protect our democratic way of life".
Coming up soon: Government-mandated Java and PHP methods that your website code will have to call.
If Syria or China were doing this, it would be called tyranny or dictatorship.
I'm not a lawyer, but I play one on the Internet. Blog
Thanks for weakening our infrastructure, FBI! Also, after seeing how widely abused CALEA is, it's the last thing I want to see pushed on the American public.
I went to eat some animal crackers and the box said, "Do not eat if seal is broken." I opened the box and sure enough..
So the FBI is now mimicking the *AA's: Their job is harder with the Internet, so they make laws to stop the Internet from ruining their old ways of doing things.
Opposes SOPA/CISPA. Opposes warrantless wiretapes or backdoors into websites. - Just thought I'd point that out. - For all the hate directed at him in the other article, I think You and Paul are in 99% agreement on these topics.
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
The Wired Elemental Routine Executable Federal Unlawful Collection Kernel Encryption Datagram
If this goes through, does this mean that providers such as Comcast, Verizon, et al, who both provide the physical means of communications and who also offer the services described in the article, will now be treated as telecommunication companies, subject to all the rules and regulations therein?
If so, does that mean we can finally get competition for broadband without those companies wanting to charge exorbitant rates to competitors for line usage?
We will bankrupt ourselves in the vain search for absolute security. -- Dwight D. Eisenhower
I know quite a few dictators who would agree with this brilliant idea. Much easier to find the activists this way.
We should set about to implementing it right away!
There's nothing in the Constitution that says we have to make invading our privacy easier on them. Already we are facing all our car's movements being trackable and now they want to make sure every form of communication is easily accessible. At what point does unreasonable search and seizure kick in? This almost ties into the TSA story. The Supreme Court needs to define "Unreasonable search and seizure" since the government seems to think ALL search and seizure is reasonable. Need I bring up drug forfeiture? You can take a tourist on a day fishing trip and if he has a brick of cocaine with him they seize your boat and the government feels that's reasonable even when you had no way to know without illegally searching your customer.
In meetings with industry representatives, the White House, and U.S. senators, senior FBI officials argue the dramatic shift in communication from the telephone system to the Internet has made it far more difficult for agents to wiretap Americans suspected of illegal activities, CNET has learned.
Do not accept any bill which contains overly broad or vague language. Be watchful of FBI objectives which claim to focus on "illegal activities" and "crime". Also be careful of emotional keywords like "kiddie porn" and "pedophiles".
When it comes to fighting terrorism I'm for the FBI. When it comes to fighting pedophiles I'm for the FBI. When it comes to fighting "illegal activities" and "crime" I'm not for the FBI because that isn't specific enough to give them broad powers. Since everyone is a criminal, if we empower them to fight "illegal activities" we are giving them the power to abuse entire communities in the name of combating "illegal activities" and "crime". The purpose of the FBI should be to protect communities, and we universally agree that terrorists and pedophiles are the bad guys regardless of our political stance on other issues.
We need bills which remove the political issues such as piracy, "illegal activities" and crime and focus more on terrorism and violence. If someone is a serial killer the FBI should be able to do a wiretap, but don't want to see the day when the FBI sees everything we do online and starts arresting people on piracy and other trivial offenses. Yes some people are going to say these offenses are economic crimes, but these offenses aren't good enough to put backdoors in every website.
When a government fails to protect those rights, it is not only the right, but also the duty of the people to overthrow that government. In its place, the people should establish a government that is designed to protect those rights. Governments are rarely overthrown, and should not be overthrown for trivial reasons. In this case, a long history of abuses has led the colonists to overthrow a tyrannical government.
Make it real easy for them to monitor what you are doing. Start CC'ing the head of the FBI on all your emails etc. and send him daily reports as to what you are doing as well as well. You should also sen this required data to the members that sit on the committees approving such a thing.
Undetectable Steganography? Yep, there's an app fo
Dearest agents of the FBI,
It should please you to know that all of my websites are already amenable to wiretapping, and my networks are all designed to allow you to insert your sniffer wherever you want. Please do note, however, that most of my internal support services communicate via the pDonkey protocol, where all data is encoded as a series of pictures of donkeys copulating.
It will be left to you to decode messages transmitted in this manner, as the protocol is intended to send a clear message to any eavesdro[ppers on our secure systems. The message is "Fuck you, jackass".
Sincerely,
Sarten X
You do not have a moral or legal right to do absolutely anything you want.
So let's say someone manages to find a crack in the backdoor.
Via this crack they detect criminal activity at an investment bank.
They collect incriminating evidence and turn it over to the FBI.
Rhetorical question: Who goes to jail?
There was an interview with Babak Pasdar about the so called "Quantico Circuit":
http://www.wired.com/threatlevel/2008/03/whistleblower-f/
Welcome to fascist America! Now, lets see those papers, or we have to ship you off to G-Bay.
IPv4 makes it necessary to have in-betweens like Skype for VoIP calls. With the advent of IPv6, encrypted phone conversations can take place without middle-men. So far IPv6 adoption has been so slow that nobody has actively attacked it or tried to prevent it from spreading. But sooner or later the corporations and the government are going to wake up to the challenge and put up some road blocks. Maybe they'll rush an IPv7 specification and force Cisco, Google and others to adopt it overnight. It'll be great but will prevent the wide use of end-to-end encryption.
Another possibility (maybe already in active use) is to lean on the certificate authorities to have forged TLS certificates appear authentic.
When it comes to fighting terrorism I'm for the FBI.
Do you realize that every single domestic terror plot foiled by the FBI was created by the FBI?
Give me Classic Slashdot or give me death!
Fuck you.
That is all.
The FBI operates on the "stupid crook theory," which basically states that there are no criminal masterminds out there, just idiots who will use systems with widely publicized law enforcement back doors.
Palm trees and 8
When it comes to fighting terrorism I'm for the FBI.
Do you realize that every single domestic terror plot foiled by the FBI was created by the FBI?
I'm aware. But if someone is trying to talk you into bombing innocent people and you don't have a conscience about that or any reservations about loss of life then you're still a threat to society. I do understand that the FBI could trick people into saying stuff and every case is different, but I also recognize that there are real terrorists out there and this is the only way to catch them.
How do you catch the next abortion clinic bombing terrorist if you don't do a sting? If you have a better way of doing stings then why not suggest some better ways? But the fact is we cannot as a society allow extremist domestic terrorism and that includes the KKK, the Nazi's, the Militias, anyone who wants to be violent.
wiretap at the isp, not the hosting provider's, end. the former is an incestigative tool, the latter is a fishing expedition.
But if someone is trying to talk you into bombing innocent people and you don't have a conscience about that or any reservations about loss of life then you're still a threat to society
I thought we were talking about the FBI, not republicans.
In all seriousness though, if you are trying to talk an innocent person into bombing people and you don't have a conscience about that, then you're a threat to society.
Give me Classic Slashdot or give me death!
But if someone is trying to talk you into bombing innocent people and you don't have a conscience about that or any reservations about loss of life then you're still a threat to society
I thought we were talking about the FBI, not republicans.
In all seriousness though, if you are trying to talk an innocent person into bombing people and you don't have a conscience about that, then you're a threat to society.
You still haven't answered the question. How do you catch a terrorist without pretending to be one?
"Good idea. Perhaps this will help spawn decentralized, encrypted social networks. Something like a mixture of Diaspora and Tor would be pretty freaking sweet."
We already have them. Some of them have been around for a long time. Like FreeNet and OneSwarm. Both of which I have had for years now.
The fuckers were snooping far too much already anyway. Or was that the NSA? Now the FBI wants its own cookie jar? Not playing well together then, what? Get a grip, you government sanctioned kiddie fiddling terrorists, you. Oh wait, that's the TSA. Sorry. All those agencies, so confusing.
That's a very tricky statement. Many terrorist cells are tracked by FBI informants, and of course said informants must take an active role as part of their undercover persona.
The key thing to ask is whether or not the terrorists would have acted without the FBI presence. It seems to me that in many cases the answer is clearly yes.
http://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-plots-helped-along-by-the-fbi.html
Go ahead punks...make my day...
hey FBI... we'll get back to you when we're done with that.
where is a good GPL3 video over IP server and client?
1. Oracle wins judgment against Google / Android and everything using the Java API belongs to them.
2. Congress mandates that all web sites must include exploitable security defects.
That's okay. There are plenty of other first world nations that want talented software developers.
We wanted our VOIP services to be free of CALEA backdoors, so we based ourselves in Luxembourg, where they do not have such regulations, and are not likely to have them anytime soon.
This could be a big win for open source. Are you concerned about your privacy? Then you'd better not be running proprietary mail or web software because the government backdoors are pre-installed (actually, they're probably there already today, but now you'll know for sure). Only if you're running open source will you be able to inspect the code yourself, verify that there are no government backdoors, or remove them if they are present. I'm sure the clever among us will even go as far as to send the FBI to a honeypot while directing private communications to the real servers.
Tired of FB/Google censorship? Visit UNCENSORED!
I'm not afraid of terrorists. The chances of me being hurt by a terrorist are infinitesimal compared to any other cause of death. The right thing to do is ignore them.
Give me Classic Slashdot or give me death!
FBI evidence room guys should double-check their stock, I bet there's a few pounds of their goods missing
tcpdump works very well.
Said it before and I will say it again, the list keeps growing:
You might be a criminal if:
you use the internet.
You might be a criminal if:
you want to get on a plane
You might be a criminal if:
you post bird songs on you tube.
You might be a criminal if:
You build a better widget than a big corp and try to sell it.
You might be a criminal if:
You run an SMTPD server
You might be a criminal if:
You run Linux
You might be a criminal if:
you take photos of police officers.
Feel free to add your own.
You are still under the delusion that all this Secret Police infrastructure is about stopping terrorism? You poor, gullible person, I'm sorry for you. The threat of terrorism is just the excuse used to justify building an enormous security apparatus, not the real reason. The people building out the giant security control machine don't care about protecting you from terrorists, they care about protecting themselves (the elite) from you (the unwashed masses).
You should assume any communication over public networks is subject to eavesdropping. In some countries more than others, but it's only relative, not absolute. Besides, this doesn't change the requirement to obtain a warrant first, just makes it a bit faster to implement.
I see too much clucking and feather rustling from you hen house Cheeto beaters, grow some personal responsibility and protect your own communications, encrypt, obfuscate, otherwise get active in politics by starting a web site to fund Internet issues (Turn "Citizens United" to your favor) or support one already in place with your dollars. (like I do)
"If any question why we died, Tell them because our fathers lied."
I put the shotgun in an Adidas bag and padded it out with four pairs of tennis socks, not my style at all, but that was what I was aiming for: If they think you're crude, go technical; if they think you're technical, go crude. I'm a very technical boy. So I decided to get as crude as possible. These days, thought, you have to be pretty technical before you can even aspire to crudeness. I'd had to turn both those twelve-gauge shells from brass stock, on the lathe, and then load then myself; I'd had to dig up an old microfiche with instructions for hand- loading cartidges; I'd had to build a lever-action press to seat the primers -all very tricky. But I knew they'd work.
the preceding comment is my own and in no way reflects the opinion of the Joint Chiefs of Staff
There, fixed that subject line for you.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Why wouldn't business should have a strong objection to this? All sorts of intellectual property, internal financial data, client data, medical records, financial records, and/or personnel files could be compromised, and not just by the FBI or a rogue agent. This is the practice of intentionally creating a backdoor with standard access mechanisms that's usage will inevitably be undetectable.
Do they expect all software developers on the fucking planet to add backdoors for the USA government?
They're fucking insane.
How do you catch the next abortion clinic bombing terrorist if you don't do a sting? If you have a better way of doing stings then why not suggest some better ways? But the fact is we cannot as a society allow extremist domestic terrorism and that includes the KKK, the Nazi's, the Militias, anyone who wants to be violent.
Let's not be coy, by the word 'sting' you mean 'solicitation' or 'entrapment'. This is not how you investigate, this is how you manufacture criminal behavior.
You wanted a suggestion, how about police investigations. In other words, FBI detectives should be detecting...
Yes, crime detection is harder than just creating a criminal act, but it is actually locating and stopping a criminal, rather than duping some nut into it. Sting... what a cute colloquialism for fraud.
I'm not afraid of terrorists. The chances of me being hurt by a terrorist are infinitesimal compared to any other cause of death. The right thing to do is ignore them.
So if a terrorist poisons the food and or water supply what then? What if a league of snipers shoot random people? Or if you're driving over the bridge and it just explodes?
You are still under the delusion that all this Secret Police infrastructure is about stopping terrorism? You poor, gullible person, I'm sorry for you. The threat of terrorism is just the excuse used to justify building an enormous security apparatus, not the real reason. The people building out the giant security control machine don't care about protecting you from terrorists, they care about protecting themselves (the elite) from you (the unwashed masses).
Who did you think I meant when I said "terrorists"?
The fact is I want to restrict the terrorist list to only include certain threats while others like the types you mention want to include everyone on the terrorist list by calling it "crime" and "illegal activities".
This has nothing todo with preventing crimes.
This is all just plain old unethical illegal spying made legal by the ahole gov't and the ignorance of the general public.
This is all about control and making money off YOUR information.
Dont let someone be able to look into your ideas and thoughts.
They are getting to the point where AES and other encryptions is getting them weak, tired, and lazy.
This is a key point in time for them, to place into law, the ability to circumvent with ease, some of the only technologies you have to protect yourself.
Not only are they investing billions upon billions of dollars on data centers, used for what should be illegal spying and code breaking; they are using your tax dollars against you in yet another way.
Also, who can guarantee that these backdoors are only used by law enforcement.
Sorry for repeating, but his has nothing todo with preventing actual crimes, but it is a crime, in of itself.
Stop This Madness!
Protect civil rights and the constitution.
Stop allowing the government to use tax payers dollars to oppress the tax payer!
Why hasn't there been a huge campaign against this?!
This is even worse the other recent legislation such as SOPA/PIPA, and malignant CISPA!
-HasHie @ trypnet.net
"This is BULL..."
Now every programmer will be at risk of going to jail if their software becomes popular, since most internet enabled software can be used to communicate with other people.
And oppressive governments would love it if this evil technology is built into all software.
Do you realize that every single domestic terror plot foiled by the FBI was created by the FBI?
I don't think "created" is accurate. The plots the foil are because they intervene in time to stop an attack. Sometimes they don't act in time and people are killed. Is that what you would prefer?
You can "what if" all day long if you like. That doesn't change the fact that the actual threat of terrorism is infinitesimal.
Besides, how exactly is giving a maladjusted loner some fake C4 going to protect against that?
Give me Classic Slashdot or give me death!
How do you catch the next abortion clinic bombing terrorist if you don't do a sting? If you have a better way of doing stings then why not suggest some better ways? But the fact is we cannot as a society allow extremist domestic terrorism and that includes the KKK, the Nazi's, the Militias, anyone who wants to be violent.
Let's not be coy, by the word 'sting' you mean 'solicitation' or 'entrapment'. This is not how you investigate, this is how you manufacture criminal behavior.
You wanted a suggestion, how about police investigations. In other words, FBI detectives should be detecting...
Yes, crime detection is harder than just creating a criminal act, but it is actually locating and stopping a criminal, rather than duping some nut into it. Sting... what a cute colloquialism for fraud.
The only way to catch a terrorist is by being a terrorist. You can't catch a terrorist if you're not a terrorist and you can't get intelligence from terrorist organizations if you're not a terrorist.The FBI uses false flag operations, they become Al Qaeda and they contact the new recruits and train them in a mock terrorist training camp and bring them up to the point of launching an attack and then arrest.
I understand your concerns, this activity should be overseen and somehow regulated by someone other than the FBI itself or perhaps the jury can decide if its entrapment or not. The point is in some situations there is no other way.
How do you catch a spy? You use a false flag operation. The FBI pretends to be the foreign spy agency and recruits activists to spy for Iran. The activists agree and think they are spying for Iran when actually they are working for the FBI. When they aren't useful to the FBI anymore the FBI can just arrest them.
I'm not afraid of terrorists. The chances of me being hurt by a terrorist are infinitesimal compared to any other cause of death. The right thing to do is ignore them.
So if a terrorist poisons the food and or water supply what then? What if a league of snipers shoot random people? Or if you're driving over the bridge and it just explodes?
I can't tell if you are serious or just trolling. You are positing extremely low probability events that even in the worst case would have relatively low death tolls compared to, say, car accidents. No one is seriously suggesting that a determined terrorist can't kill people, just that it is so rare that someone dies that way that it is not worth worrying about on a large scale.
Once again, LEO needs to learn there is no tool they can request that will not be used directly against them (or the taxpayer).
Time to write a chat client or talkie-game.
I mean--seriously, I for one would love the opportunity to comply with a CALEA order.
They just have to deliver to me the complete specification I need to implement to comply with it. I mean...the gov't does have a spec right? And they're going to furnish the development resources for this? Oh...well, if you can't furnish the resources to write the software, then you're going to have to pay for technical support to decode the wireshark packet dump...
Or failing that, they'll be able to write a SOAP client to query/request an encrypted stream according to my unpublished blob-in-XML trade-secret specification that I license for $10,000 per seat right? The format of the XML blob may change on a per-user-conversation basis, so you're gonna need to license a new copy per wiretap-conversation.
I mean, the access is free..but the license to the decoder from my wholly-owned subsidiary corporation that sells to me at a loss...I have to cover my costs.
And the moment they give me a specification to publish or permit access by -- I'm portscanning the Internet for any service that matches that interface's fingerprint, and proxying the authentication calls against any authentication against my own service.
I do hope the FBI's own phone and mail server's implement their own protocol so they aren't in violation of law... I mean, it'd be an absolute shame of some Chinese national wrote a simple chat program and leaked the keys or address of the auth server...
What's that you say-- wiretapping is a manual process? So's my tech support desk and their $450/hr, 3 hr minimum / incident rate. Just sign on the line and provide a credit card with your purchase-order on letterhead Mr. Agent -- don't worry, just like a hotel, we'll bill your expected expenses up front, and cancel the order and rebill if you come out under. I will be happy to return the call (please leave cell, home, and desk number) the moment our general counsel have finished review for compliance purposes -- sometime in the next 48 hours.
Don't worry-- we will wake them up and demand overtime because I know you're in a hurry. Their after-hours rate is only five times normal, and we'll be expensing against your newly established account as soon as your line-of-credit is opened... just sign here.... here.... here...
Will you be requiring on-site training to assist you in use of our application?
We have lovely offices in Barbados & Mexico City...
$mainstream_crap_rag headline, "Ten best places to expatriate: the top ten places American's are flocking to"
No, you are underinformed. They create the plots. The FBI has not foiled a single terrorist plot that would have existed without the FBI.
Give me Classic Slashdot or give me death!
Only the bridge issue has any chance of being defeated by these means, and only because it's hard to build explosives capable of knocking out a bridge without buying detectable items.
The other two are close to impossible to stop.
Personally, I'd rather live with the risk than oppress everyone in a vain effort to eliminate that risk.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
After CALEA, Gore failed to get the Clipper Chip and key escrow passed. He must loving this new one, his vision of total government access to your communication realized.
Yes, that's what I'd prefer. We don't need to devolve into a police state to battle this tiny risk.
For comparison, being able to drive our own cars affords us a freedom of mobility. But at a cost of roughly 10 9/11s worth of killings per year. Time to give up our freedom to drive?
And if not, why should we give up even more important freedoms to achieve a smaller reduction in death?
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
One of the interesting and anachronistic things about the original CALEA is that it applied to telecom providers. With IP, though, we tend to think of "providers" as just ISPs, totally orthogonal to the software you use.
The FBI is not ever going to be able to force VoIP or websites to be insecure, unless they switch their legislative focus from providers to the client software implementations. At this point, it does no good to make the networks themselves more insecure, because anyone with even half a brain is going to design protocols based on the assumption that the entire network is already hopelessly compromised. You don't even need to be a paranoid loon ranting about what the CIA is doing to your tooth-fillings at this point; you can use Googbook or Iran or malware-spreading h4xx0rs as your bogeyman. There are so many different possible threats on networks now, that it's not considered paranoid to suspect that at least one of them might be credibly real. The news is full every day of instances where it was real, so the only question is whether or not something is snooping you, and at this moment.
Legislating what software you're allowed to run, is the only way to go from here, which makes any sense at all. If they don't do that, then a new CALEA isn't even a new and more-threatening "Big Brother" law, nor is there really any civil rights vs law enforcement debate; it's going to merely be another cash grab for some lobbyists somewhere -- run of the mill corruption.
Yet, I see the words VoIP "provider" here, not "software" or "client" or "implementation" or whatever. If you run a well-designed VoIP client, or if you're pasting PGP-encrypted text into web forms and copying PGP-encrypted text from web pages, then a new law can't hope to accomplish anything.
So is this an attempt to regulate endpoint software, disguised (i.e. is there an actual legitimate civil rights vs crime prevention/deterrence debate here)? Or have they given up the pretense already? And if so, then who benefits from the economic waste associated with building more systems to intercept ciphertext? Telecom companies? Government contractors? I know I'm missing something.
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Lack of saying how to pay for it, might be a criticial key to the motivation.
First of all, remember "they" never pay for anything; it would be "we," If, say, our taxes were to go up n% in order to fund such an effort, some people might complain or watch where that n% goes, making it harder for whoever the beneficiary of this law is, to remain undetected.
On the other hand, if a new law doesn't say how to pay, but rather, simply demands that services be "certified insecure" (yeah, it needs a better name) where the insecurity certification authority is presumably whoever is buying this new law, and they are paid not by one government program, but by skimming a little bit from every business in the country individually, there's less to talk about.
When the government spends $40 billion on something, someone might ask an embarrassing question about it. When you spend an extra $400 per year amortized across all goods and services in order to pay for those things' advertising on your phone, which in turn funds your phone's developers, who have to pay $40000 for an insecurity audit, to prove that your phone will always reject attempts to communicate high-entropy data (i.e. can't be used as a dumb pipe by some secure application), then there's no good question to ask.
Things just cost more than they used to, and don't work as reliably as they used to, and that's how things are. That's just something for weirdos to bitch about, not for the press to ask about.
People are willing to pay anything, as long as it's not called a tax. Why do you think Republicans still get votes?
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
You can "what if" all day long if you like. That doesn't change the fact that the actual threat of terrorism is infinitesimal.
Besides, how exactly is giving a maladjusted loner some fake C4 going to protect against that?
That's because you don't know the vulnerabilities. Just about everything in our infrastructure is vulnerable and because everything is so centralized maximum damage and maximum casualties.
Terrorism might not be something that you worry about but I know it can reach me.
I'm not afraid of terrorists. The chances of me being hurt by a terrorist are infinitesimal compared to any other cause of death. The right thing to do is ignore them.
So if a terrorist poisons the food and or water supply what then? What if a league of snipers shoot random people? Or if you're driving over the bridge and it just explodes?
I can't tell if you are serious or just trolling. You are positing extremely low probability events that even in the worst case would have relatively low death tolls compared to, say, car accidents. No one is seriously suggesting that a determined terrorist can't kill people, just that it is so rare that someone dies that way that it is not worth worrying about on a large scale.
That depends on how successful the attack is. Also it depends on who is targeted. Just because you assume it wont be you, it doesn't mean it wont be someone you know.
You also aren't considering the technological and cultural trends which favor lone wolf terrorism.
Only the bridge issue has any chance of being defeated by these means, and only because it's hard to build explosives capable of knocking out a bridge without buying detectable items.
The other two are close to impossible to stop.
Personally, I'd rather live with the risk than oppress everyone in a vain effort to eliminate that risk.
The problem is the increased centralization and reliance on technology will result in a maximization of casualties. It's not so much that you just have to worry about bridges blowing up, you have to worry about biological weapons such as weaponized flu, you have to worry about radiation, you have to worry about chemicals, from both domestic and foreign sources. So no it's not impossible to minimize casualties even if its impossible to stop all acts.
As far as I'm concerned we should catch as many terrorists as we can. All of our technological resources should be directed toward this effort. Maybe protect the environment also, as this is a priority.
Yes you have a right to fear the government, but you should fear the most immediate threat. The are enough militias, hate groups, religious groups, and nuts in this country to require a focus on preventing violence. If we don't make it a priority the result is inevitable civil war between groups with massive casualties.
I have ranted for years that no government would ever allow free communications between citizens. I will accept major kudos for making the call.
Terrorism is something I don't worry about because the incidence is so low. It was low before 9/11 and low after 9/11. The activities of the FBI have nothing to do with that.
If you'rre really worried about terrorism, the best thing we could do is stop our imperialistic adventures in the middle east. An ounce of prevention is worth a pound of cure, and the snake oil the FBI is peddling isn't worth anything at all.
Give me Classic Slashdot or give me death!
In Soviet America, Computer surfs you!
Do you realize that every single domestic terror plot foiled by the FBI was created by the FBI?
I don't think "created" is accurate. The plots the foil are because they intervene in time to stop an attack. Sometimes they don't act in time and people are killed. Is that what you would prefer?
Unless I'm on the jury I cannot decide one way or another. I'm not against using these sorts of sting tactics provided the FBI isn't coercing suspects into saying and doing stuff. It all depends on how it is handled.
In many cases it's apparent that the FBI while they might have put on a ruse, the individuals involved did have the intent even if they didn't have the tools and plans. In this case they are still a threat and should be arrested because they went along with the plan without backing out, questioning it, basically they put the bombs on the bridge so they are a terrorist conspiracy now.
The FBI does the right thing when it stops terrorism at the conspiracy level. That is the best time to stop it. I do understand the FBI could brainwash and coerce individuals who have nothing to do with terrorism into saying stuff or doing stuff against their will. This is why there should be a jury and a review process and why an informants word should be taken with a grain of salt. We should let the jury decide but we should also consider that the FBI can set up a scenario on their own to frame someone and consider that too.
End result is I think most terrorist suspects arrested in these sorts of conspiracy stings are actual terrorists. I think in some instances they aren't actual terrorists such as that instance where the muslim informant was going to mosques trying to radicalize them into violence and they reported the informant to the FBI. That situation was very diferent.
Also the situation with Sabu and LulzSec, I don't really know what happened in that situation. That could have been a situation where the snitch actually framed some people because looking at some of what was said about Sabu he went to people who were staying out of involvement and practically begged and guilt tripped them into getting involved specifically so he could entrap them. Sabu is a scumbag if that is the truth and no I don't think informants should try to trick or coerce people into committing crimes for them with "you owe me a favor" type guilt trips or making up lies about their sick family member needing surgery, but you know sometimes this happens and the jury ought to know how the informant convinced the suspect into committing the crime.
It's one thing for already existent terrorist cells to be tracked by FBI informants. It's quite another thing altogether for FBI informants to create new terrorist cells where none existed.
No, you are underinformed. They create the plots. The FBI has not foiled a single terrorist plot that would have existed without the FBI.
No, you are underinformed. They create the plots. The FBI has not foiled a single terrorist plot that would have existed without the FBI.
I understand your concern but that's not really true. The FBI does foil some plots. It's just sometimes they rely on complete scumbag informants who will basically do anything and say anything to get a crime committed. If you let informants practically trick people into it then sure it can happen. The informants could lie and say it's legal and then when they do it they find out that it wasn't.
But the casualties in each event were growing. From hundreds in bombings at one time to 911 which was around 3000 people.Are you going to wait for a football stadium to blow up during the superbowl?
And the casualties will continue to grow because the technology keeps making it easier.
Other countries like the UK are taking away civil liberties too.
I thought the FBI already had geek chicks like Penelope Garcia working for them?
If the operator can't crack Facebook and code the SQL themselves on the fly then they really aren't useful. Most people are OK with that because while one person has lots of keys, they have seen it all and could really care less about you.
On the other hand, the FEDS really want to MINE the social data, and collect it and pay pseudo-political-religious-corporations to recommend laws. For comparison, demand ALL US MAIL is opened and scanned. That's essentially what they're asking for online. It's about collecting data to verify THEIR opinion not what the facts REALLY say..
is Host Proof sites. We're getting there. Working on it, day and night, this is my life. Fully homomorphic encryption to run encrypted programs on encrypted data, clueless agents to safely go forth and perform searches, the party is just getting started. Oh yeah, fuck em.
In Physics we trust.
Even if it meant getting assraped by a gang of huge black guys
Are you implying that this would be somehow worse than being assraped by a gang of huge white guys?
You know that's racist, right?
Fuck that. If the populace keeps electing people who pass these laws, then representative democracy is working as it should. You don't withdraw your support from a government by "resisting". You lawfully withdraw your support from a government by expatriating (paying any required exit taxes on your way out the door), and denying it the revenue stream from your future taxes.
The US has a very effective financial Berlin wall built around the country. American Citizens and Permanent Residents (Green Card holders) are taxed on the basis of their citizenship/residency, irrespective of where they live. Want to renounce your citizenship? Fine. You'll still be taxed for an additional 10 years.
Good luck "sticking it to the man" through emigration.
The Future of Human Evolution: Autonomy
Actually if the sterotype is true then it would be far worse from the black gang then the white gang, at least until they pulled out the toys.
My grandfather fought in WWII.
My father fought in Korea.
I fought in Viet Nam.
And for this ?
Well, I still know how to shoot. Come and get me, motherfuckers.
What we need is back door to every website, program, app, house, doghouse, dollhouse... or we can't protect you.. from you.
Apart from obvious thought that you can't have any serious security with backdoors...
This post is provided without warranty as to reliability, accuracy or otherwise or fitness for any particular purpose.
Prison life is racist. It's not very politically correct but, from what I've read real prison rape is most often multiracial with whites most often on the receiving end. Rape is not as common in US prisons as it once was, but it still happens from time to time. I'm just reporting what I read from real prisoners. It may be unpleasant, but the rapists in US prisons are usually black (who are usually the largest racial group anyway) and the victims are almost never black themselves. I've read that it's partly a racial revenge kind of thing. In prison movies you often see whites raping other whites, but I've read that it doesn't happen nearly as much in real life. I personally wouldn't care whether my rapist was black or white or hispanic. I'd do my best to kill him regardless of his skin color. I just mentioned the race issue because from what I've read it is a more realistic scenario. Well except for the gang thing. Presumably it would be just one guy.
Quite an experience to live in fear, isn't it? That's what it is to be a slave.
Well we could look at it this way "At least they are now trying to ask for permission to do this instead of just doing it"...
Let's get past all of the Constitutional chest thumping and onto a deeper look at this.
Let's not look at what they said as much as WHY they said it. First let's agree that what they asked for is nothing short of insane. For us in these current climes, that proposal is ludicrous. So why ask for them? What sort of mentality is at play here for that kind of boldness?
What is going on that we don't know about? What kind of clime are they operating in that they expect these "easy bake" implementations. What gross acts are being carried out that acclimate them enough to ask for something like this with a straight face.
Whatever their motivation, this is a blinking red warning light on the dashboard of liberty.
Take the Red Pill.
It's hard to wiretap Americans suspected of illegal activity... oh you mean ALL Americans? Yeah, that be hard...
of bureaucratic turd.
I understand, though, they want their jobs to be "easy" too. Right?
It has the sound of a rash and emotionally charged reaction to their own paranoia. I don't expect they've really thought it through, as such.
And yeah, that's the government for you ... and if not for you, then for themselves, "Cos that's what matters*"
* What matters to the political narcissists, at least. They don't define the entire political climate of the nation, I would like to assure the reader.
I don't mean any tomfoolery in my wording my response as so, just to take some brief liberty with the lexicon, in being no less genuine than salt and mud: Your comment intrigues and compels. Though I may not be able to produce any immediate answer to such a question, myself, but I can definitely see where there is a place for the question - and I would say that that place is on the very grounds of democracy. I hope that that question will be a recurring one, in these times.
The FBI will not be satisifed until the contents of every brain and storage device is centrally searchable in realtime.
The FBI will not be satisified until all erase operations on disk drives logically erased the file but forever keep data on disk hence as files are modified disk capacity is reduced until the drive is full and needs to be handed over to the FBI for replacement.
The FBI will not be satisified until they can see inside of and listen every building and every square inch of land in realtime.
LEA always wants more more more... They are incapable of seeing beyond their narrow mission or understanding the secondary effects of their power grabs. They will NEVER be satisified.
It is very important everyone make their elected representatives aware of their position. Write a letter.
"Twinkies deficit halts Congress"
"Numbers: How the do they work?"
"I'm ok, you're a paranoid schizo ... with a badge, so you're ok - news at ll:07 if we get around to it"
----
Complacency is the new modern disaster
I'm with lexisrd - I agree wholeheartedly that we should ask Why this kind of legislation is being proposed - namely, to the question of what kind of climate is giving rise to it?
I don't like playing the cliche cards too easily, but I think it reeks of conservative dominionism. The FBI still being a democratically controlled body, though - assuming we haven't lost track of the Constitution in our ongoing rush to a 110% secure non-democracy - the people can still respond to it rationally and in all normal democratic means, as (in the near term) to prevent the passage of such draconioan legislation. Perhaps - in the more intermediate term - we should reconsider how much we've let "pass" so far, at that.
Yes you have a right to fear the government, but you should fear the most immediate threat.
That would be the government, by a huge margin.
That you don't think so leads me to believe all of your history teachers should be publically flogged.
It is a miracle that curiosity survives formal education. - Einstein
France is the only democracy I can think of that would flip off the US government, and that has the nuclear weapons to back it up.
Well, I suspect France is not the right place at this time. I suspect Sarkozy would do anything to please the US. But that may change tomorrow, as he is heading the way out.
Right. But the allegation is that ALL successful FBI actions to thwart domestic terror activity were the result of the FBI planning the operation. That's a very high bar to get over.
I'd rate the government going out of control as a far more imminent threat. Terrorists kill way less people than government every year.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Like before it was opened up to private companies. Just nationalize everything and put the whole thing under Federal government control. Stalin-net will be awesome.
Yes you have a right to fear the government, but you should fear the most immediate threat.
That would be the government, by a huge margin.
That you don't think so leads me to believe all of your history teachers should be publically flogged.
What about all the other governments and their state sponsored terrorists? Don't you fear them more?
I'd rate the government going out of control as a far more imminent threat. Terrorists kill way less people than government every year.
What about government sponsored terrorists?
Giving government greater capabilities seems unlikely to deter them from sponsoring terrorists.
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Didn't I *just* see a /. post about how the NSA is logging all sorts of domestic net traffic? Why doesn't the FBI just ask for a copy of that?
Big Brother is watching: http://en.wikipedia.org/wiki/Big_Brother_(Nineteen_Eighty-Four) Now we just have to wait for Skynet to be born...
Who says one has to use a USofA Server?
Use a NON US server and the issue goes away.
All of the voice and e-mail sevices will work very well with off shore servers.
The US Gov. agencies can't touch them.
I mean, if two parties have pre-shared a key phrase, then there's nothing they can do to prevent any "bad guys" from encrypting their data. I mean, this just makes it possible to spy on innocent citizens. Bad guys who blow shit up aren't going to care about violating a gods damned law about social sites they run.
>_< DERP!
I created an algorithm that turns a one way hashing algorithm into a two way cipher via key expansion, HMAC, and Cypher Block Chaining. My fellow indie game devs and I use the Retrograde Cipher to exchange credentials related to our project (like our Youtube account password) on our forums. (Yes, it's open source and registered with the BIS, per requirement). If anyone gets access to our SQL database or private forum archives, they don't get all our other passwords in the posts with our encrypted blobs.
If I can invent an extensible encryption system just for grins, then what can the "bad guys" do?
So, what about bugging every house in the nation? I mean, do we still have the right to whisper in each other's ears?! If so, then I don't think any sort of online back-doors are going to help against anyone who really wants to secure their data. This is a very slippery slope.
Now, I'm required per export control regulations to provide the source code of my encryption algorithm at a specified address (the above address is the one registered) -- The source code is JavaScript (the horror!), but that means that I'm legally required to provide *this* encryption service to the world, not some changed version with a back door -- Even if I did put a back door in, I'd still be LEGALLY required to provide the old version too! There is NO WAY for me to insert a back door! If you encipher something with Retro Cipher, I can't decrypt it! Say you enciphered a message and posted it somewhere, like, on Faceblock or even in this very post. Tap as they might, it's not going to help anyone decipher the data without the secret key! Furthermore, you can download the code and run it locally. Post enciphered blobs all over the net and only your buddies with the secret key can read it. WHAT'S THE POINT OF TAPPING? All they'll really get is IP addresses to prove who sent what to whom (Thank gods for TOR), but that's already recorded elsewhere -- They don't need to do this.
I run a "social network" (an online forum), and I CAN'T COMPLY WITH THEIR DEMANDS, per US law. How the hell will Slashdot or Facecrook or Twanker change their code to decipher such enciphered blobs? If we Really wanted, we could be using PGP keys to encrypt our posts. Is that what they really want us to do?! Cryptography has already made Wire Tapping obsolete.
Here's a Retro Cipher sample:
cJTF22rC292_8d5hw-aTsCYefnY.40mum
Kh0G0xToPXIAJzAJynBPzg.0rnI5Tft6i
n05ftyYSKRlCowxAyZlIHgA5lb9XVFxQ
The secret key is: 1eyed-Kid
If things like this are serious possibilities, then maybe it will provide the required boost for people to get off their asses and learn how to use anonymous remailers, GPG encryption, email-over-TOR, and all other privacy and anonymity enhancing tools already available. I haven't yet started, mostly because I'm a little afraid of losing plausible deniability but I guess it's just a matter of not signing anything! And besides, so far, the amount of anonymity and privacy with plaintext email (which I realise is appx. zero) is enough for me - i.e. for someone to trace my emails etc, there'd already have to be some prior reason they're interested in me. Since I'm not doing anything illegal, there's no reason for that. What does /. think? If enough people were motivated, then world-wide encrypted email might acquire critical mass.
no really who are the dummies still doing any business in the usa?
YOUR an idiot to do it now and its only going to get worse.
OH and canada ought to close its border to the usa now before the flood of americans ( 700 K are here now ) start trying to come here too escape.
how they have to ask. Ha.
You aren't going to kill anyone, and you know it.
Slashdot is full of posters who are pissed off and talking about revolution, but it is all bark and no bite. Every one of you has a high standard of living and goes to bed each night with a full belly. Having your linux distro taken a way makes you scream and shout, but what you have still got is still something to lose, and you are still the same little coward you have always been.
Each of you secretly hopes that by making strong words you will somehow motivate someone else to get up and fight for you. And when it doesn't, you still won't get up and fight yourself. It isn't in you, and even if it was the circumstances simply aren't as desperate as you make them out to be.
Enjoy your seat on the government watch list (the one they give to the new guys because nobody on it is actually dangerous). That is all your best game will ever win you.
I will be busy contributing to a lobby, voting, writing to my representatives, and raising awareness among my peers.
Yes... I do have things to hide... like when I let my spouse know while I'm away on work trips that I have diarrhea or letting her know what I really think of her best friend's husband.... He's a douche.
Why do authorities insist on having free reign access to this information?
At least as long as the current German immigration rules on Americans are sustained. The other way around is not so.
Telecom services (including everything internetty) are a convenience even to criminals. They know it can be monitored and a large percentage of them still use it in some kind of (semi-) plaintext mode. It works for quite some time and then they go to jail. The "pros" have learned this and use different modes of communication - mainly meeting people in meatspace. Allegedly, the IRA used couriers with paper-in-mouth messages, ready to be swallowed and digested upon police search. The German army had motorbike courier and special edible paper for the same purpose until recently. If you think about that, it makes a lot of sense, as it thwarts both SIGINT and HACKINT (my term). An American Admiral apparently fucked his buddy generals/Admirals with that tactic in a war game, a few years ago. They were totally reliant on SIGINT. http://www.spiegel.de/spiegel/print/d-43375922.html http://www.multi-board.com/board/index.php?page=Thread&threadID=38363
From a purely technical POV, it can be done. Simply encrypt the session key with a gubbermint-provided public key and emit the result in the cipherstream. As long as they can keep the corresponding secret key actually "secret", it could be quite secure. I just guess that they will invent some super-stupid alternative way to do it.
"They can't jail you for refusing to provide back-door access to a service that no longer exists." Shurely they have something in the books which would make you a suuuper-nasty terrorist-supporter/enemy-aider/abetter in that case. After all, their aim is to listen to the dirty messages of someone they don't like and you screw that attempt. I am quite sure they have some kind of law which would make YOU to go to jail for several years for doing that. Yes it is sad, but that is what the whole western world is silently accepting as "legitimate".
They surely send the crypto keys to some MSFT server, ready for gubbermint download.
The government is having a difficult time making sense of all the different ways media is being packaged electronicly, so now they want the internet to package it for them in an easier, more convenient way? It's hard enough making technology that interfaces with the public let alone now having to do the job of being FBI for the FBI. Not my problem. Not my job. You wanted the data, here it is. Why do I have to write a frigging interface for you? What, do I also have to provide software support and beta testing and whatnot, too? OMG!
"The only way to catch a terrorist is by being a terrorist. You can't catch a terrorist if you're not a terrorist and you can't get intelligence from terrorist organizations if you're not a terrorist.The FBI uses false flag operations, they become Al Qaeda and they contact the new recruits and train them in a mock terrorist training camp and bring them up to the point of launching an attack and then arrest." So what you are saying is that the FBI is a Agent-Provocateur Agency ? They make their own "Customers" ? So that they can justify their very existence ? Now quickly give them the powers of the NKVD ! It is said Stalin gave them quotas for Terrorits, errm, counter-revolutionaries. Every rayon had to supply 20 traitors per quarter to be shot; if they didn't deliver this was proof of them being themselves traitors - who had to be shot. So the NKVD-FBI produces their own "terrorists" to justify their existence. NIIICCE !
You cry slippery slope that we can't have these things, but the KKK has been protected by the first amendment for a long time. As long as the talk of violence does not create an eminent danger, such as yelling fire in a crowded theater, then it's protected.
I'm not sure the only way to catch them is to entrap them. That's what a lot of these cases are, where they manufactured the whole thing and told them what webpages to go to and what to do. That's entrapment.
The Executive Office Of The President of the United States of American and ALL staff and the Vice-President and Staff and the Congress (House and Senate) Representives and all Departments and Staffs are placed in an open-system of audit-review-scritunity for all the nefarious deeds that they do 24/7/365.
LoL Obama is the greatest traitor to the USA ever!
And you won't be able to say anything on your website without going to prison.
Why ...hello, Mr. Orwell. Didn't see you come in. Nice newspeak: you mean: constitutionally-unfriendly, isn't that right?
What I wanted to say though was that this can be looked at in light of the probable outcome of the 'Can the government *require* you to purchase health insurance? My guess is that the answer will be NO. Can the government legally *require* you make your site "wiretap-friendly"? If it's in the Constitution that Congress has jurisdiction over interstate commerce; it's also in the Constitution that 'The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.' It would seem that the government CANNOT *legally* REQUIRE you to do this -- even MORE than it cannot REQUIRE you to purchase health insurance (assuming that's the outcome of the Obamacare case). Like wiretaps, the government should have to do this on a case-by-case basis. Freedom should be the default condition, not just what's left over.
DNA is a Turing machine. You, however, being dynamic and emergent, are not.
What we are experiencing is the emotionally governed (mostly fear-based) decision-making by a majority of people who have become too fat, intellectually lazy, naive, complacent, and unable to look beyond the immediate moment.
Too fat to understand the principles of strong encryption? Are you kidding me??? You must be new to the industry.