Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era

CWmike writes "CNET's Declan McCullagh reported last week on the FBI's argument that the massive shift of communications from the telephone system to the Internet 'has made it far more difficult for the agency to wiretap Americans suspected of illegal activities.' The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of 'going dark' if it is not allowed to monitor the way people communicate now. Not surprisingly, a range of opponents, from privacy advocates to legal experts, disagree — strongly. On key tech hitch with the plan, per ACLU attorney Mark Rumold and others: There is a difference between wiretapping phones and demanding a backdoor to Internet services. 'A backdoor doesn't just make it accessible to the FBI — it makes it vulnerable to others,' Rumold says."

Backdoor for others

[shoehornjob]

'A backdoor doesn't just make it accessible to the FBI â" it makes it vulnerable to others.

Speaking of backdoors I've got these cool new Sony disks for your computer......

So sad

[bky1701]

Unconstitutional efforts to spy on citizens ended by progressing technology. I will have a nice little cry for the FBI tonight, right after my nightly one about RIAA lost profits due to piracy.

Re:So sad

[rocket+rancher]

Because my fellow man (which is what government in the US is supposed to be, the whole 'we the people' thing) spying on me willy-nilly using Monopoly on Violence is not the same thing at ALL as the shopkeeper next door keeping records of what i buy to use in his marketing and optimization research.

Really? You need to take a broader view, then. Let's start with your shopkeeper's surveillance of your spending habits. He knows what you buy, when you buy it, and exactly how much you spend in his shop, along with all of your other neighbors. Some simple analysis allows him to predict quite accurately what you are going to buy and when you are going to buy it. So he jacks up those prices on D-1 and lowers them again on D+1. The Walmart grocery store in my neighborhood appears to be already doing this; the variance I get in the price of a Red Baron pizza correlates too strongly with payroll dates for the lower middle class neighborhood I live in for it to be a coincidence. But hey, according to you, it's *different* -- I guess you believe the monopoly on violence only includes armed force, and not the "Monopoly on the only grocery store within miles" kind of violence. FWIW, boutique retailers have been doing this for millenia -- each customer gets a unique price, determined by the shopkeeper's ability to assess the depth of the customer's pockets. Thanks to your benign "marketing and optimization research" the guy who sells you food is going to be able to do the same damn thing...

Re:So sad

[TrekkieGod]

I heard a story about how a store called to reveal how some girl was pregnant just from her shopping patterns.

It was Target, and they didn't call. They sent coupons for pregnancy products to her by mail.

They figured this out by data mining, and her father was pissed. These companies say they can figure out stuff like this. That means they can figure out that you have AIDS and you're gay, or that you have cancer or herpes or whatever.

Yeah, I know. But first, this entirely new, it's case of old things becoming new again. Think about the situation of a small town where everybody knows everybody else. Now a young girl walks in to buy a pregnancy test. The drug-store owner knows her, and now he has information she might be pregnant.

Either way, Target figured out this type of direct targeted advertisement freaks people out, so they're kind of hiding they have the knowledge. For example, when they figure out somebody is pregnant, they'll send them coupons for pregnancy products along with coupons for something someone pregnant would not buy, such as wine. This makes it seem random. It also prevents the father from finding out from the store, instead of from his daughter (although that particular story was never confirmed by the journalists. Target can figure out somebody is pregnant by what they buy, but the whole 'father got upset' thing could be apocryphal).

That information is sold around and then insurance companies and drug companies can exclude you from clinical trials that would save your life because they think you'll mess up their numbers or cost them too much.

And that is a problem. I agree with you when a company sells that information to anyone else, that is highly unethical, and should be illegal. By purchasing things from a company, you chose to give them data about you. If you wanted to avoid that, you can always buy it with cash, and not use any discount cards. However, you didn't authorize them to give that data to anybody else, and I think there's a much greater privacy violation when companies can get a complete picture of everything you've purchased from different stores.

That's kind of tracking for profit is unethical.

No, I think the tracking is fine. The selling of information is unethical.

Cry me a river

[betterunixthanunix]

CALEA was basically a hand out to law enforcement, letting them sit back and eat doughnuts instead of going into the field when they need a wiretap. Now they are complaining that they do not get a similar hand out when it comes to the Internet, and dishonestly claiming that they do not want to revive the cryptowars? No thank you, FBI -- we are not going to give up secure communication systems or plant backdoors all over the Internet just because you long for the "good old days" when wiretapping-on-demand was enough to violate our privacy.

Oh for the Cold War

[AnaxagorasZ]

I miss the days back when the only reason that our righteous free country would spy on our citizens or suspend our rights was to try to catch people working for evil governments who did things like spy on their own citizens and violate their rights. Back when it was easy to tell who were the good guys and who were the bad guys.

Re:Oh for the Cold War

[spire3661]

The 24 hour news cycle did not create the machinations we now see exposed. They have always been there, it only seems magnified because we see more now. The FBI has ALWAYS spied on us extra-judiciously. From day one it was built, its purpose is to catalog and amass information about the american citizenry. Just read the first 2 paragraphs of J. Edgar Hoover's wiki if you have any doubt at all. http://en.wikipedia.org/wiki/J_edgar_hoover

How's this for an idea?

[gman003]

First, the FBI gets a warrant for a particular "wiretap". This should be absolutely mandatory for what I'm about to propose.

Then, off a specific warrant, they go to whichever company the warrant lists, and either:

a) Install a packet-sniffer in front of the web server, logging everything to disk, which is then physically taken by the FBI as evidence - just like a conventional phone wiretap. This avoids the whole "anyone could use the backdoor" - if "anyone" can install hardware on the network, the 'security' is already broken so badly I had to use scare quotes.

or

b) go to the company, literally add code on a case-by-case basis to log a particular set of user's actions. This could include real-time alerts, if necessary. Oh, and the FBI is either the one doing the coding, or they pay standard rates for the service's programmers to do the job. This, again, avoids the security issue implicit to a government-mandated backdoor, by moving the "backdoor" from the computer level to the organizational level. It also does privacy better than a), because by being in the application layer instead of the network layer, it can be smart enough to only log the suspected users, not everyone.

This seems totally reasonable. The FBI gets the data they need (face it, there are always going to be times when they're justified in listening in on "private" communications), the internet companies only have to do anything if there's actually enough of a case for a warrant, there's no backdoors for a hacker to exploit, and, if the judges do their job right, everyone's privacy is maintained unless there's enough evidence to justify violating it.

And thus, by being at least mostly reasonable, it is guaranteed to not happen this way.

Re:How's this for an idea?

[gman003]

Look, if it's a data stream, you can record it. I'm not saying everyone should have an API that the FBI can use. I'm not saying we need to record absolutely everything so the FBI can look at it.

What I'm saying is that if the FBI needs to record something and they have enough evidence to get a warrant, they can come in and write their own damn code to log it, we'll put it on the server for as long as the court order says, and then as soon as they're gone we revert the code back to the way it was. Or, the FBI can log every packet themselves, and *they* get the fun task of sifting through billions of TCP packets to find the ones used by Ahmed ibn Badguy.

And if the system *is* anonymous-by-design, well, "that's literally impossible" is generally considered a valid reason to refuse a warrant. I know if the FBI knocked on my door and handed me a warrant for "whatever is 40km beneath the property" and a shovel, I'd call up the judge and tell him that, unfortunately, the laws of science trump even the US Constitution.

Re:How's this for an idea?

[sir-gold]

the FBI can install spyware on a computer just as stealthily as they can bug a room.

Let's not forget what this is really about

[GodfatherofSoul]

The FBI can get a warrant if they've got evidence, but they want to snoop without them.

Re:Piss off, FBI

[hawguy]

Slashdot on government surveillance: "Piss off, government! Respect my right to privacy!"

Slashdot on Google surveillance: "So what if they archived people's emails and passwords for two years, and their CEO said only criminals have something to hide? They're just a poor, innocent company! Give them more of my personal data, I say."

Yeah, it's funny how geeks on Slashdot can actually differentiate between a private company recording snippets of non-encrypted data broadcast over radio waves by the public, and a concerted effort by the government to create backdoors (and a massive new security vulnerability) to let them do intentional surveillance of citizens. It's almost as if they are two completely separate issues.

(and instead of the public complaining to the Wifi industry for letting AP's default to non-encrypted communications and complaining to web service providers for allowing passwords and other sensitive data to be sent over non SSL connections, they blame Google for capturing the data. If you're sending passwords and other sensitive data in plain text over Wifi, Google is the least of your worries, they're not going to use your captured password to hack into your online bank account).

Re:Piss off, FBI

[spire3661]

A corporation is not a government. Google does not wield the power of life and death over its users. See the difference? I can choose to not participate in the google universe, i cannot choose to exclude myself from the government's control.

Re:Piss off, FBI

[Dunbal]

If Slashdot is truly taking a stand

Slashdot does not speak for me. I certainly do not want to be "represented" by a collection of nerds and trolls in any point of view - I am perfectly capable of taking my own stand where I choose.

Re:Piss off, FBI

[infolation]

One is a free, voluntary service that you can sign up to, at the expense of your privacy.

The other is a law, that applies to everyone, whether you like it or not.

Slight difference.

Re:Piss off, FBI

[Charliemopps]

Google wants to invade your privacy to target you with advertisements that you are more likely to click on and there-for more likely to make them money.

The FBI wants to invade your privacy to levy fines on you, or put you in jail or even to death. Add to that that the FBI has a well recorded history of being used and abused by elected officials and corporations to manipulate, defraud and terrorize people and you can see why some are concerned.

Do I like what Google is doing? No... but that's more of a "I wish they didn't do all that, it sucks" thing... What the FBI is doing scares the living shit out of me and makes me think we're one bad election away from the iron grip of some totalitarian nightmare.

Dear FBI...

[Lumpy]

Good luck. I can, right now have a heavily encrypted communication with several people over the internet that you will not be able to decrypt when the information is the most valuable to you. This is your own fault. You did not pressure Congress to fund the Sciences heavily to make sure we had the best and brightest here in the USA working for you. Instead you let them go off on their hunt on the constitution. You let the Fear engine get away from you and let the CIA have the ball with their Terrorism Bogeyman.

Now it's too late. Even a 13 year old kid in a basement has the tools he needs to make a secure encrypted communication channel that would take you months or even years to crack. Long after it was valuable to do so.

Want to fix it? Go to congress and scare the bejesus out of them, Get them to dump 20 to 30% of the Defense budget into Science and research. If we start now you can get back on top in about 10 to 15 years. It is the only way. If you dont, the bad guys will win. Get off your asses and scare the shit out of congress to get the funding, because if you actually talk to them like they were educated men, you will be wasting your time.