Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era

CWmike writes "CNET's Declan McCullagh reported last week on the FBI's argument that the massive shift of communications from the telephone system to the Internet 'has made it far more difficult for the agency to wiretap Americans suspected of illegal activities.' The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of 'going dark' if it is not allowed to monitor the way people communicate now. Not surprisingly, a range of opponents, from privacy advocates to legal experts, disagree — strongly. On key tech hitch with the plan, per ACLU attorney Mark Rumold and others: There is a difference between wiretapping phones and demanding a backdoor to Internet services. 'A backdoor doesn't just make it accessible to the FBI — it makes it vulnerable to others,' Rumold says."

How's this for an idea?

[gman003]

First, the FBI gets a warrant for a particular "wiretap". This should be absolutely mandatory for what I'm about to propose.

Then, off a specific warrant, they go to whichever company the warrant lists, and either:

a) Install a packet-sniffer in front of the web server, logging everything to disk, which is then physically taken by the FBI as evidence - just like a conventional phone wiretap. This avoids the whole "anyone could use the backdoor" - if "anyone" can install hardware on the network, the 'security' is already broken so badly I had to use scare quotes.

or

b) go to the company, literally add code on a case-by-case basis to log a particular set of user's actions. This could include real-time alerts, if necessary. Oh, and the FBI is either the one doing the coding, or they pay standard rates for the service's programmers to do the job. This, again, avoids the security issue implicit to a government-mandated backdoor, by moving the "backdoor" from the computer level to the organizational level. It also does privacy better than a), because by being in the application layer instead of the network layer, it can be smart enough to only log the suspected users, not everyone.

This seems totally reasonable. The FBI gets the data they need (face it, there are always going to be times when they're justified in listening in on "private" communications), the internet companies only have to do anything if there's actually enough of a case for a warrant, there's no backdoors for a hacker to exploit, and, if the judges do their job right, everyone's privacy is maintained unless there's enough evidence to justify violating it.

And thus, by being at least mostly reasonable, it is guaranteed to not happen this way.

Re:How's this for an idea?

[gman003]

Look, if it's a data stream, you can record it. I'm not saying everyone should have an API that the FBI can use. I'm not saying we need to record absolutely everything so the FBI can look at it.

What I'm saying is that if the FBI needs to record something and they have enough evidence to get a warrant, they can come in and write their own damn code to log it, we'll put it on the server for as long as the court order says, and then as soon as they're gone we revert the code back to the way it was. Or, the FBI can log every packet themselves, and *they* get the fun task of sifting through billions of TCP packets to find the ones used by Ahmed ibn Badguy.

And if the system *is* anonymous-by-design, well, "that's literally impossible" is generally considered a valid reason to refuse a warrant. I know if the FBI knocked on my door and handed me a warrant for "whatever is 40km beneath the property" and a shovel, I'd call up the judge and tell him that, unfortunately, the laws of science trump even the US Constitution.

Re:Oh for the Cold War

[spire3661]

The 24 hour news cycle did not create the machinations we now see exposed. They have always been there, it only seems magnified because we see more now. The FBI has ALWAYS spied on us extra-judiciously. From day one it was built, its purpose is to catalog and amass information about the american citizenry. Just read the first 2 paragraphs of J. Edgar Hoover's wiki if you have any doubt at all. http://en.wikipedia.org/wiki/J_edgar_hoover