Feds want backdoors built into VoIP and email
Warn of investigations 'going dark'
Agentless Backup is Not a Myth
Developers of email, instant-messaging and voice-over-internet-protocol applications would be forced to redesign their services so their contents can be intercepted by law enforcement agents armed with legal wiretap orders under federal legislation reported on Monday by The New York Times.
The legislation would, among other things, require cellphone carriers, websites and other types of service providers to have a way to unscramble encrypted communications traveling over their networks, the report said. It specifically mentions companies such as Research in Motion and Skype, which are popular in part because their cellular communications and VoIP services respectively are widely regarded as offering robust encryption that's impractical if not impossible for government agents to crack.
That in turn has led to warnings by investigators that their ability to wiretap criminal and terrorism suspects is "going dark” as the world increasingly communicates using newer technologies instead of the traditional phone system.
“We're talking about lawfully authorized intercepts,” Valerie E. Caproni, general counsel for the FBI, told The New York Times. “We're not talking expanding authority. We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”
Under the Communications Assistance to Law Enforcement Act, phone and broadband service providers are required to have the technical means in place to eavesdrop on their subscribers. But it doesn't apply to communication service providers, which often offer strong end-to-end encryption services that make it infeasible for them to intercept traffic even through it travels over their networks.
Under a draft bill expected to be submitted to the US Congress when it convenes next year, such services would have to be redesigned, according to Monday's report. Foreign-based providers that do business inside the US would also have to install a domestic office capable of performing intercepts, it said.
The measure is sure to stoke fierce opposition among business leaders, security experts and civil liberties advocates. They argue that the backdoors may have vulnerabilities that can allow hackers to illegally intercept protected communications. Indeed, something similar to that occurred in 2006 when hackers took advantage of legally mandated wiretap functions in Greece to spy on top government officials, including the prime minister.
In addition to threatening the public's privacy, such backdoors can put US-sanctioned services at a competitive disadvantage with those that don't have backdoors built in, critics have charged.
The FBI spent $9.75m last year helping communication companies comply with surveillance requests, the report said. Beyond the costs, the process can significantly delay critical investigations, defenders of the measure said. ®
COMMENTS
GNU Telephony Statement on new Internet Surveillance Laws
Speaking on behalf of the GNU Telephony project, we do intend to openly defy such a law should it actually come to pass, so I want to be very clear on this statement. It is not simply that we will choose to publicly defy the imposition of such an illegitimate law, but that we will explicitly continue to publicly develop and distribute free software (that is software that offers the freedom to use, inspect, and modify) enabling secure peer-to-peer communication privacy through encryption that is made available directly to anyone worldwide. Clearly such software is especially needed in those places, such as in the United States, where basic human freedoms and individual dignity seem most threatened today.
In the United States the 4th amendment did not come about simply because it was impractical to directly spy on everyone on such a large scale. Nor does it end simply because it may now be technically feasible to do so. Communication privacy furthermore is essential to the normal functioning of free societies, whether speaking of whistle-blowers, journalists who have to protect their sources, human rights and peace activists engaging in legitimate political dissent, workers engaged in union organizing, or lawyers who must protect the confidentiality of their privileged communications with clients.
However, to fully appreciate the effect of such surveillance on human societies, imagine being among several hundred million people who wake up each day having to prove they are not a “terrorist” by whatever arbitrary means the government has decided to both define the terms of such a crime and whatever arbitrary methods unknown to you that they might choose to define you as such, and where even your prosecution is carried out under the immunity of “state secrets” that all police states use to abuse of their own citizens. Such a society is one who’s very foundation is built on the premise of everyone being guilty until proven innocent and where due process does not exist. It is the imposition of such a illegitimate society that we choose to openly oppose, and to do so in this manner.
David Alexander Sugar
Chief Facilitator
GNU Telephony
Aw heeeeeell no!
As an American, let me be the first to inform my own government: we are not yours to monitor. Warrant or not, you do not have the authority to tap any communications system simply because it may contain communication of known suspects you have warrants for. I feel there is a need to electronically track certain high profile criminal entities, but no way are the American people going to let you a) alter common protocols to allow easy tap access far beyond what you have today, b) potentially make those protocols incompatible with the rest of the world, and c) in-flight decryption? no way. Its bad enough a warrant is virtually never questioned (unlike it is on TV) with the rare cases one being refused making national news so its little enough real protection. Under most cases, there's no notice at all you're being monitored, and it can be for almost any reason, and for almost any length of time. We can't allow new systems to be deployed that make it so easy/cheap to monitor with little reason to think twice about the expense and trouble since the courts won;t stand in the way.
As an IT analyst. LOL! Sorry folks, those protocols were built specifically to PREVENT such monitoring and there is no way to make a back door. It may be possible to integrate a monitoring system as a caller on a line, via a hack of conference or milti-line calling, but only from withing each individual VoIP operator's systems, and each one is going to be highly unique. Taping a phone line is easy, taping an IP connection, NOT! The ISP woult pay to do it themselves, it costs too much and is a PR nightmare to admit they implemented such support. ...and I won't let my tax dollars go there either. If the feds can monitor calls by request, that means the hardware would exist in smalltime ISPs and other hack shops to record and listen to any calls they wanted. It also means they could trace almost any ISP connection, not just calls. Due to the nature of packet switched networks, its pretty hard to do that without being found out on traditional systems, but over IP? Could be a major personal security risk. I'm WAY more afraid of joe-bob in yonder local ISP back room than I am of Uncle Sam (uncle sam is easily audited, and highly accountable).
As someone who knows better: Technology will find a way around ANY system you try to implement. If it's going over IP, it can be hidden. Period. If you can tap VoIP netoworks, they'll use chat to get anound it, or bounce off voice servers in foreign nations, or use ComSat, I mhave a few main traditional e-mail accounts, but I get e-mail in about 30 places on the internet. You can not filter all of those. If I want communication hidden, its EASY. The only people such a system will catch are small time dumbass criminals, not national security threats, and the FBI and CIA has no jurisdiction hunting down small time crooks and drug dealers. Such a system will be easily circumvented by any terrorist or organized crime organization, so why bother implementing it? If they could do this so easily, there would be no bit torrents today. They can mandate major web company and FCC managed phone companies, but since the fed powers simply do not extend to Internet sites overseas, there's no way to prevent this. proxying is always an option. Anyone who wants their calls untracible will be able to do so free and easily.
Open source
Now more then ever there is a need for free open source software. Thank you GNU Telephony guys and girls!
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
