(Screenshot: Spencer E Holtaway/flickr)
May 17, 2013
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
Why Your Ongoing Support Is Essential
Donald Trump’s attacks on democracy, justice, and a free press are escalating — putting everything we stand for at risk. We believe a better world is possible, but we can’t get there without your support. Common Dreams stands apart. We answer only to you — our readers, activists, and changemakers — not to billionaires or corporations. Our independence allows us to cover the vital stories that others won’t, spotlighting movements for peace, equality, and human rights. Right now, our work faces unprecedented challenges. Misinformation is spreading, journalists are under attack, and financial pressures are mounting. As a reader-supported, nonprofit newsroom, your support is crucial to keep this journalism alive. Whatever you can give — $10, $25, or $100 — helps us stay strong and responsive when the world needs us most. Together, we’ll continue to build the independent, courageous journalism our movement relies on. Thank you for being part of this community. |
Our work is licensed under Creative Commons (CC BY-NC-ND 3.0). Feel free to republish and share widely.
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
A group of security experts have issued a report on Friday warning that the FBI's wiretapping expansion proposal is "unwise, ineffective" and "poses serious security risks."
As the New York Times' Charlie Savage reported, the FBI plan would entail a "sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services."
Specifically, "The proposal would extend technical design mandates for 'wiretap readiness' to peer-to-peer communications tools," Joseph Lorenzo Hall of the Center for Democracy & Technology (CDT) writes. The reports adds that it "could encompass a wide range of products and services, from instant messaging and chat to Skype to Google Hangouts to Xbox Live. It could include services offered through a variety of means, from stand-alone services to features built into web browser software and social networking sites."
And, the Washington Post reported,
Under the draft proposal, a court could levy a series of escalating fines, starting at tens of thousands of dollars, on firms that fail to comply with wiretap orders, according to persons who spoke on the condition of anonymity to discuss internal deliberations. A company that does not comply with an order within a certain period would face an automatic judicial inquiry, which could lead to fines. After 90 days, fines that remain unpaid would double daily.
In their report, "CALEA II: Risks of Wiretap Modifications to Endpoints," the 20 experts warn that "A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation."
Hall sums up the security experts' argument:
First, wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies. Wiretap endpoints will be vulnerable to exploitation and difficult to secure. Second, imposing the obligation to facilitate wiretapping on software developers forces them to choose between two dangerous, expensive, cumbersome options: they can either create a compliance department capable of responding 24/7 to law enforcement demands, or they can show personnel in law enforcement agencies world wide how to exploit their software to harvest user communications. Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality.
Ultimately, the group concludes, enacting this proposal would present greater security risks than not wiretapping at all. They write:
We believe that on balance mandating that endpoint software vendors build intercept functionality into their products will be much more costly to personal, economic and governmental security overall than the risks associated with not being able to wiretap all communications.
______________________________
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.