(Screenshot: Spencer E Holtaway/flickr)
May 17, 2013
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
Join Us: News for people demanding a better world
Common Dreams is powered by optimists who believe in the power of informed and engaged citizens to ignite and enact change to make the world a better place. We're hundreds of thousands strong, but every single supporter makes the difference. Your contribution supports this bold media model—free, independent, and dedicated to reporting the facts every day. Stand with us in the fight for economic equality, social justice, human rights, and a more sustainable future. As a people-powered nonprofit news outlet, we cover the issues the corporate media never will. Join with us today! |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.