Experts: FBI Dream of Wiretap Ready Interent Flawed

A government proposal to turn the entire Internet–its apps, services and software–into one giant, easy-to-access wiretap port drew withering fire in a report released today from a renowned group of […]

A government proposal to turn the entire Internet–its apps, services and software–into one giant, easy-to-access wiretap port drew withering fire in a report released today from a renowned group of computer and security experts.

The report says:

We believe that on balance mandating that endpoint software vendors build [wiretap ready] intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.

The government move comes amid claims that it can’t catch the bad guys because they can all too easily disappear into the great maw of today’s digital communications that can’t be wiretapped.  The FBI calls this “going dark” and they don’t like it, and for good reason, as you can imagine.  Law and order guys–the good guys–need to listen in on the deviant plans being made that threaten the U.S.  When they are hampered from doing so, however, they can go too far in demanding the access they need to do their jobs, i.e.–let’s just make sure everyone can be wiretapped at the flip of a switch and we’ll all be happy.

Not so much.  The FBI already has this ability for telephone conversations, it’s called the Communications Assistance for Law Enforcement Act or CALEA.  CALEA allows the FBI to easily plug into today’s digital phone networks and listen in, given that they first get a court approved warrant.

Now the FBI is pressing for greater access to, well, everything.

“This could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites,” says the report issued today.

Seriously Flawed Request
The Center for Democracy & Technology, which helped put this report together, says there are three key takeaway points about the FBI propose:

  • Wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure.
  • Imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world-wide how to exploit their software to harvest user communications.
  • Wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.

So, we’re looking at “covert access” possibilities, companies “advertising” their vulnerabilities and a bottom-line ineffective solution on several levels.

Don’t know about you but I smell a big anti-CALEA II campaign in the wind.  Stay tuned…


About brock

Brock is currently the Executive Editor at Atlantic Media Strategies and former Chief Washington Correspondent for MSNBC; he is the founder/creator/editor of CyberWire Dispatch, the Net's pioneering online journalistic news service. Previously he was the Director of Communications for the Center for Democracy & Technology, a non-profit, Washington, D.C.-based public interest group working to keep the Internet open, innovative and free. The views expressed here are his alone and do not reflect the opinions, attitudes or policy positions of his employer(s) past or present.