www.schneier.com/blog/archives/2010/09/wiretapping_the.html
reported that President Obama will seek sweeping laws enabling law enforcement to more easily eavesdrop on the internet. Technologies are changing, the administration argues, and modern digital systems aren't as easy to monitor as traditional telephones. The government wants to force companies to redesign their communications systems and information networks to facilitate surveillance, and to provide law enforcement with back doors that enable them to bypass any security measures. The proposal may seem extreme, but -- unfortunately -- it's not unique.
threatened to ban BlackBerry devices unless the company made eavesdropping easier. China has already built a massive internet surveillance system to better control its citizens. Formerly reserved for totalitarian countries, this wholesale surveillance of citizens has moved into the democratic world as well. Governments like Sweden, Canada and the United Kingdom are debating or passing laws giving their police new powers of internet surveillance, in many cases requiring communications system providers to redesign products and services they sell. More are passing data retention laws, forcing companies to retain customer data in case they might need to be investigated later. Obama isn't the first US president to seek expanded digital eavesdropping. The 1994 CALEA law required phone companies to build ways to better facilitate FBI eavesdropping into their digital phone switches. Since 2001, the National Security Agency has built substantial eavesdropping systems within the United States. These laws are dangerous, both for citizens of countries like China and citizens of Western democracies. Forcing companies to redesign their communications products and services to facilitate government eavesdropping reduces privacy and liberty; Communications systems that have no inherent eavesdropping capabilities are more secure than systems with those capabilities built in. Any surveillance system invites both criminal appropriation and government abuse. Function creep is the most obvious abuse: New police powers, enacted to fight terrorism, are already used in situations of conventional nonterrorist crime. Official misuses are bad enough, but the unofficial uses are far more worrisome. An infrastructure conducive to surveillance and control invites surveillance and control, both by the people you expect and the people you don't. Any surveillance and control system must itself be secured, and we're not very good at that. Why does anyone think that only authorized law enforcement will mine collected internet data or eavesdrop on Skype and IM conversations? After 9/11, the National Security Agency built a surveillance infrastructure to eavesdrop on telephone calls and e-mails within the United States. Although procedural rules stated that only non-Americans and international phone calls were to be listened to, actual practice didn't always match those rules.
Between June 2004 and March 2005, someone wiretapped more than 100 cell phones belonging to members of the Greek government -- the prime minister and the ministers of defense, foreign affairs and justice -- and other prominent people. Ericsson built this wiretapping capability into Vodafone's products, but enabled it only for governments that requested it. Greece wasn't one of those governments, but some still unknown party -- a rival political group? Once surveillance capabilities are built into Skype or Gmail or your BlackBerry, it's easy for more totalitarian countries to demand the same access; Western companies such as Siemens, Nokia and Secure Computing built Iran's surveillance infrastructure, and US companies like L-1 Identity Solutions helped build China's electronic police state. The next generation of worldwide citizen control will be paid for by countries like the United States. We should be embarrassed to export eavesdropping capabilities. Secure, surveillance-free systems protect the lives of people in totalitarian countries around the world. They allow people to exchange ideas even when the government wants to limit free exchange. They power citizen journalism, political movements and social change. For example, Twitter's anonymity saved the lives of Iranian dissidents -- anonymity that many governments want to eliminate. Yes, communications technologies are used by both the good guys and the bad guys. But the good guys far outnumber the bad guys, and it's far more valuable to make sure they're secure than it is to cripple them on the off chance it might help catch a bad guy. It's like the FBI demanding that no automobiles drive above 50 mph, so they can more easily pursue getaway cars. It might or might not work -- but, regardless, the cost to society of the resulting slowdown would be enormous. It's bad civic hygiene to build technologies that could someday be used to facilitate a police state. No matter what the eavesdroppers say, these systems cost too much and put us all at greater risk.
I don't know what threat analysis they showed him during his onboard briefings but it sure seems to have scared the President into a 180 from his campaign rhetoric.
September 30, 2010 6:10 AM Basically they're asking you to remove the curtains from your home windows, so they can look inside. Add a locking mechanism to your kitchen door which can be opened by a universal key, just in case. Sound-proofing is forbidden, coz directional mics wouldn't work. These are merely real-world analogs but it's a frightening thought. What scares me even more is that they've been getting away with it.
September 30, 2010 6:27 AM Anyone who wants privacy must be guilty of something, right? When are the police agencies going to allow us open access to all of their communications, so we can be sure they are doing their jobs without abusing them?
September 30, 2010 6:54 AM Bruce thanks for this article. Lucky for you, you don't know how right you are about the unintended consequences of the eavesdropping game. Its not just the issue of a police state, that is bad enough, when its farmed out to contractors like ATT Security and others you have problems. So the person on your phone tap/house tap/realtime audio on your vehicle (like the one the cops use on dope dealers and terror suspects) is not a cop, not an NSA employee. You call the cops because you see a drug deal next door. Imagine that your dope dealing neighbors are your observers and have relatives on the phone tap/house tap. So you have people observing who know you reported them to the police. The police are so new at this sort of thing they don't know to turn off the phone/house tap for calls. So you have people who are participating in illegal drug activity and are using the cellphone network to run dope and to watch out for the cops. Its actually potentially far worse than a police state because these folks have quasi police powers, no accountability, no transparency. As you all have mentioned the obvious, no one watches the watchers. It is a mistake to assume at any point that observations are policed. Eavesdropping has devastating implications for all of us. You can not imagine what it is like to hear over and over (from people who shouldn't even know you) personal information about you, your family, your private life. Your life and your reputation is pretty much destroyed and people are careless with the eavesdropping information. There is no expectation of professionalism or even protecting a person from observer misconduct with the eavesdropping game.
So they can't even argue they _need_ any backdoors, since they have sufficient other means to accomplish their goal. Basically they're just lazy and want to make their life easier at the cost of the rest of us.
September 30, 2010 7:28 AM And, so, logically, everyone will begin encrypting their messages on an individual basis, using pgp, rather than trusting the encryption to service providers.
September 30, 2010 7:38 AM @ Heisenberg But that's the issue, isn't it. Not everyone will encrypt their messages, or feel the need to. And those people that don't are likely to be the majority. It would be fairly easy to sow mistrust of people that do, using the age-...
|