The Obama administration is prepping a new digital security plan, and it is: We need to retrofit the Internet for the FBI.
Long gone are the days when law enforcement could easy tap into land line telephones to monitor nefarious conversations. Those nefarious conversations have moved online, and increasingly to social networks like Facebook, peer-to-peer services like Skype, and elsewhere on the Web. In an effort to catch up, The New York Times reports, the administration will submit new legislation that would require companies to build in back doors for law enforcement.
The new regulations that would be sent to Congress next year would affect American and foreign companies that provide communications services inside the U.S. It would require service providers to make the plain text of encrypted conversations — over the phone, computer or e-mail — readily available to law enforcement, according to federal officials and analysts. [AP]
The FBI’s argument is that these new rules simply allow them to enforce the legal authority they already possess, not to extend it further. For example, federal law established in 1994 extended law enforcement’s wiretapping power to broadband and digital networks because that was where more phone conversations were headed. In the FBI’s eyes, then, this is the logical next step: If the people they investigate are now doing their talking online, officers should be able to monitor that with roughly the same ease they can tap a phone call.
What’s the problem?
Even now, without these proposed new rules, law enforcement usually can get at your messages if officers get court approval. The issue is time.
Often, investigators can intercept communications at a switch operated by the network company. But sometimes — like when the target uses a service that encrypts messages between his computer and its servers — they must instead serve the order on a service provider to get unscrambled versions. Like phone companies, communication service providers are subject to wiretap orders. But the 1994 law does not apply to them. While some maintain interception capacities, others wait until they are served with orders to try to develop them. [The New York Times]
Thus, the point of the Obama proposal is to require those interception/unscrambling abilities already be in place. Then, when law enforcement serves a service provider with a court order, the text of their target’s message is easy to obtain.
More secure, or less?
The press reports about this rounded up plenty of quotes from free speech and digital freedom organizations calling the plan “a huge privacy invasion” and “outrageous.” You’re a thinking, breathing human being (like all Discover readers), so we leave it to you to make up your mind about where the line between privacy and security should fall here. (We’d be remiss not to point out, however, that the State Department condemned the United Arab Emirates when that country tried to block BlackBerry service because the government couldn’t spy on it.)
The other salient question about security, though, is: By retrofitting Internet communications to old law enforcement rules, are we making the Internet less secure?
Steven M. Bellovin, a Columbia University computer science professor, pointed to an episode in Greece: In 2005, it was discovered that hackers had taken advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s. “I think it’s a disaster waiting to happen,” he said. “If they start building in all these back doors, they will be exploited.” [The New York Times]
A startup shutter-down?
The Times says that it cost the FBI nearly $10 million last year to help communications companies comply with a law enforcement demand to intercept messages. However, if Congress passes such a sweeping law requiring online communications companies to have built-in back doors for the FBI, that burden shifts to the developer. Raising the barriers of entry could stifle the robust innovation on the Web, argues Kevin Bankston of the Electronic Frontier Foundation:
“Would Mark Zuckerberg have been able to build Facebook in his dorm room if he’d had to build in surveillance capabilities before launch in order to avoid fines for not being CALEA-compliant? Would Skype have ever happened if it was forced to include an artificial bottleneck for all of your peer-to-peer communications?” [Washington Post]
80beats: United Arab Emirates Bans Surveillance-Unfriendly BlackBerries
80beats: Hey Perp: That Facebook Friend Request May Come From the FBI
80beats: Police Nabbed Serial Killer Suspect by Stumbling on His Son’s DNA
80beats: Is the U.S. Government Losing the Battle Against Hackers