German Proposal Gives A New Perspective On 'Spyware'

from the big-brother-is-hacking-yo dept

A VoIP expert has unveiled new proof-of-concept software that allows an attacker to monitor other peoples' VoIP calls and record them for later review. Unencrypted VoIP really isn't very secure; if you have access to the raw network traffic of a call, it's not too hard to reconstruct the audio. Encrypted traffic is another story. German officials have discovered that when suspects use Skype's encryption feature, they aren't able to decode calls even if they have a court order authorizing them to do so. Some law enforcement officials in Germany apparently want to deal with this problem by having courts give them permission to surreptitiously install spying software on the target's computer. To his credit, Joerg Ziercke, president of Germany's Federal Police Office, says that he's not asking Skype to put back doors in its software. But the proposal still raises some serious question. Once the installation of spyware becomes a standard surveillance method, law enforcement will have a vested interest in making sure that operating systems and VoIP applications have vulnerabilities they can exploit. There will inevitably be pressure on Microsoft, Skype, and other software vendors to provide the police with backdoors. And backdoors are problematic because they can be extremely difficult to limit to authorized individuals. It would be a disaster if the backdoor to a popular program like Skype were discovered by unauthorized individuals. A similar issue applies to anti-virus software. If anti-virus products detect and notify users when court-ordered spyware is found on a machine, it could obviously disrupt investigations and tip off suspects. On the other hand, if antivirus software ignores "official" spyware, then spyware vendors will start trying to camouflage their software as government-installed software to avoid detection. Ultimately, there may be no way for anti-spyware products to turn a blind eye to government-approved spyware without undermining the effectiveness of their products.

Hence, I'm skeptical of the idea of government-mandated spyware, although I don't think it should be ruled out entirely. That may sound like grim news for law enforcement, which does have a legitimate need to eavesdrop on crime suspects. But it's important to keep in mind that law enforcement officials do have other tools at their disposal. If they're not able to install software surveillance tools, it's always possible to do it the old-fashioned way--in hardware. Law enforcement agencies can always sneak into a suspect's home (with a court order, of course) and install bugging devices. That tried and true method works regardless of the communications technology being used.



Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    TSO, Nov 27th, 2007 @ 5:57pm

    Such a business opportunity for Russian antivirus vendors! I bet their products will happily detect US govt spyware!

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Evil Mike, Nov 27th, 2007 @ 6:28pm

    I believe the German police are not talking about Spyware in the "traditional" sense--more than likely it'll be some bit of hacked together code that exists only to appear innocuous and also, well, spy.

    Wait, I guess that would by spyware, nevermind then.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Nov 27th, 2007 @ 7:26pm

    Like I've always said; If you send it out over the Internet you are making it public domain. Don't want people to see/know something? Don't put it on your computer.

    If I were planning some sort of illegal activity I sure as hell wouldn't be doing it on my computer and I certainly wouldn't be sending the details over the net, via VOIP or any other method. If you're stupid enough to do that you deserve to get caught!

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Rocket, Nov 27th, 2007 @ 8:35pm

    Re:

    I don't think that the government is gonna be catching Osama or any other threats to the nation by monitoring this way. If those people haven't been caught, something tells me they won't found through internet messages or calls.

     

    reply to this | link to this | view in thread ]

  5.  
    identicon
    Anonymous Coward, Nov 28th, 2007 @ 3:28am

    You're sure right that they're not going to catch Osama.

    It's even very naive to think that all this terror madness is really about terrorism. Up until now all antiterror laws have been used to attack peaceful demonstrations, different political standings, and cultural difference.

    If you google it, you'll see which people and acts have been targeted by antiterror laws.

    Thinks like poverty climate change have caused 10000 times more deaths than terrorism. So did antiterror wars. Spent antiterror money on people and you'll eliminate terrorism.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    David M, Nov 28th, 2007 @ 5:18am

    What happens if I use NetBSD?

    Why do some people insist a suspects gets what they deserver with the side effects of an investigation or with arresting when that person is harmed? It is as if a person that is accused is already guilty and any thing that happens to them is fair game, even if the situation is worse then the appropriate sentencing under law.

    If a person is already guilt then why investigate them? Why bother going to trail even? While we are at it, cops should just shoot to kill any one they think is out of line. That will lower the crime rate.

    We have due process for good reasons, and many people in the general public need to pick up a high school law book. And while we are at it, so should most of the police force. You can not be the home of the brave and free, if we have to coward at the hands of our masters in order to prevent being a victim.

    (pardon, I started nodding off as I write this, my engilish mite be a bit a ruff)

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    4-80-sicks, Nov 28th, 2007 @ 7:05am

    I'm glad the "old-fashioned" method was mentioned. It must be understood by law enforcement (as well as government, corporations, individuals, well, everybody) that just because technology makes something possible does not give permission to take that action. "Bugging" is an accepted tactic. A microphone can't do anything but hear what's in the room. So where is the line between monitoring Skype calls and monitoring everything else when a computer is involved? There is none. Software monitoring a Skype call is likely capable of monitoring all traffic. Law enforcement may say "oh but we wouldn't use it for that," but that goes out the window the first time they think it could be useful.

     

    reply to this | link to this | view in thread ]

  8.  
    identicon
    Lawrence D'Oliveiro, Nov 28th, 2007 @ 7:16pm

    Heh

    Why should the Government need to "encourage" vendors/developers to leave security holes in their software? They seem quite capable of doing that on their own. :)

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This