US wiretap plan will leave door open for spooks and hackers

Congress should think again

By Lewis Page, 14th August 2007

A top-drawer American cryptography boffin has expressed grave doubts about Bush administration plans to let spooks build wiretapping capabilities into the US comms infrastructure.

Writing in the Washington Post, Susan Landau, distinguished engineer at Sun Labs, described the capabilities sought by the National Security Agency (NSA) as a serious security vulnerability for America.

"Grant the NSA what it wants and within 10 years the United States will be vulnerable to attacks from hackers across the globe, as well as the militaries of China, Russia and other nations," she writes.

The NSA has recently been awarded temporary powers to conduct massive automated wiretapping in the United States without benefit of a warrant from the secret surveillance court, provided that at least one end of the communication is thought to be outside the USA. In order to carry out its analysis, the spook agency needs to be permanently plugged into most of the American comms backbone.

"NSA will need to build massive automatic surveillance capabilities into telephone switches," says Landau.

"Here things get tricky: Once such infrastructure is in place, others could use it... Intercept capabilities are likely to be managed remotely, and vulnerabilities are as likely to be global as local. In simplifying wiretapping for US intelligence, we provide a target for foreign intelligence agencies and possibly rogue hackers."

In the old days, a lot of voice and data went wirelessly - via microwave, line-of-sight, or satellite. The NSA could listen in on foreigners using expensive hardware which nobody else had: Landau says this was safe enough, as nobody could gain access to America's own comms by these means.

Nowadays, however, bulk info goes mainly by fibre, which needs to be physically tapped into. This is occasionally done overseas; certain parts of the US special forces, for instance, are reputed to have specialists who can sneak into a country of interest and place undetectable taps on fibre lines without being noticed. But a lot of foreign comms passes through America - where it can be tapped safely and simply.

To some degree, the NSA must have already put the systems that so worry Landau in place; the NSA's massive automated trawling of voice and data in and out of the USA began not long after 9/11 and is thought to have ceased only in recent months, when a secret-surveillance judge refused to renew a key warrant. That led to the recent change in the law.

Landau's argument isn't about the wrongness or rightness of spooks listening in on any conversation that any American has with a foreigner - or perhaps, at least in some cases, conversations between Americans. She's simply saying the technology itself will open up a backdoor into US communications which could be used by America's enemies.

"In its effort to provide policymakers with immediate intelligence, the NSA forgot the critical information security aspect of its mission: protecting US communications against foreign interception."

When a heavyweight security brain like Landau says that, you have to pay attention.

This isn't just an American issue. The UK intelligence community doesn't have the computer resources to do massive automated surveillance on an NSA scale, but it does wiretap its own people a lot - and in the case of the UK the warrants have always been signed by politicians rather than (relatively) trustworthy judges. Telecoms companies provide official backdoors in the UK and many another country. These too will be vulnerabilities to a greater or lesser degree.

But Landau suggests that constant massive access, potentially over a period of years, has to be a lot worse than relatively limited and targeted taps, and that does sound reasonable. Noted security heavyweight Bruce Schneier - who provides services to our own British Telecom - agrees with her too, saying:

"Last week, Congress gave President Bush new wiretapping powers. I was going to write an essay on the security implications of this, but Susan Landau beat me to it."

Landau recommends that Washington politicos think hard before rubberstamping the blanket wiretap warrant again.

"Lawmakers granted the warrantless wiretapping only for six months," she says. "They need to look carefully before it endangers US national security for the long term."

The full text is here. ®

Steps to Take Before Choosing a Business Continuity Partner

COMMENTS

House Rules Send Corrections

All Reader Comments (22)

Latest Comments

Posted Thursday 16th August 2007 23:18 GMT

Jon Tocker

@ Ole Juul

Rest assured that when you place a phone order for eggs and vinegar, it will be logged and your dossier will be sent up to Floor 13 or wherever.

Same for all you buggers ordering lemons - we know what you're up to! What's the bet you have an electric iron or a hot plate in your possession as well. Thought so...

And as we all know, motorcyclists are worse subversives than those "UnAmerican" homosexuals back in McCarthy's time so anyone mentioning anything to do with motorcycles over the phone can be logged as well - that'll teach ya to go out and have fun on the weekends while I'm stuck in a grey room listening in on bored housewives, you free-spirited bastards!

Now we have the entire population tapped, what shall we do to catch those bloody terrorists that keep refusing to discuss their plans in plain English over our tapped telephone lines? They're outsmarting us at every turn.

Future phone call.

"Hey, mate, I screwed my secretary last night, don't tell my wife, eh?"

"Don't worry, your secret is just between you, me, 14 spooks and the 27 l33t |-|4X0rs that have intercepted the intercept..."

Maybe it's time to replace "Just between you, me and the walls..." with "Just between you, me, the spooks and the hackers..."

Posted Wednesday 15th August 2007 18:03 GMT

kain preacher

viop wire tap

Now if only someone will produce a VOIP product (computer to computer) with stream encryption. Something like what the NSA and CIA uses at present.

I work for a VIOP company. ANY thing that inspects /filter packets on our system will cause jitter/lag/dropped calls so I'm no sure how they could tap a one our phone calls if it is made between two of our customers, well atleast do it and not cause call quality issues. Granted I'm just a lowly tech

Posted Wednesday 15th August 2007 06:51 GMT

Jon Tocker

"Land of the Free"

Everytime someone in a movie utters the words in my title, I scoff, laugh or mutter, "Yeah, right!"

Strangely enough, never heard anyone mention it outside of a movie - but then, Hollyweird is just one vast propaganda machine entirely staffed by Party-Faithful directors, producers and script writers who churn out screeds of "Greatest Nation on Earth", "Land of the Free", "The Whole World is Jealous of Us" crap despite all evidence to the contrary.

Jealous of the USA? I honestly pity its citizens. And articles like this one illustrate why.

Land of the Free? Wot a RIOT! Yorta be on stage, a routine like that!

The dust of the Twin Towers hadn't settled and the Bush Admin was saying "would You,The People, be willing to accept the loss of certain Constitutional Rights in order to prevent this happening again?"

And when the "temporary" post-Sept-11 licence to spy on the public runs out, a new law gets passed to allow them to continue to spy on the public. Oh, quelle surprise!

They rave about how great it is they have a Constitution and yet that document is completely ignored by The Powers That Be over and over again.

Honesty, they might as well burn it - it's been dead so long that cremation is the only respectful and honest thing to do.

As has been pointed out, the real terrorists are hardly likely to use any infrastructure that can be easily monitored so all this law does is enable the insanely huge number of spooks the USA has to spy on their *own citizens*.

And wouldn't it be handy to have everyone's dirty little secrets on tap if the need ever arose to apply pressure? "We know you've been evading taxes for years, only reason you're not in jail is because you might prove useful, now we need you so do what we want or it's off to federal prison..."

"Nothing to hide, nothing to fear?" yeah, right. Even if you aren't dodging taxes or organising a tryst with your secretary, who knows what might be deemed "subversive behaviour" by future administrations. Bear in mind that under McCarthy's regime, homosexuality was deemed to be a security risk. For all we know, some loony spook or future President might take it into his/her head to decide that all stamp collectors pose a significant security threat.

I see it as the duty of every honest and Constitution-loving US citizen to foul up the spooks' plans by randomly interjecting the words "bomb" and "jihad" into every telephone conversation they have - even if they're just ordering a pizza.

The more I read about the goings-on in the so-called "Land of the Free", the more I think that the average US citizen is probably becoming jealous of other countries like China (where at least the government is up-front and HONEST about being a dictatorship that grants no rights or liberties to its citizens)