Techdirt. Stories filed under "backdoors"

Want To Destroy Any Hope Of Serious Cybersecurity? Give The DOJ Its Desired Backdoor Wiretaps On All Communications

Mike Masnick — Fri, 17 May 2013 14:34:00 PDT

The Obama administration has supposedly been "considering" the latest version of the DOJ's plan to require backdoor wiretapping abilities in any form of digital communication. If you don't recall, the FBI asks for this basically every year. The latest version would lead to fines for any company that doesn't build in a backdoor wiretapping ability. We've been pointing out for quite some time that putting in such backdoors only makes us all less safe, because those with malicious intent will find and use those backdoors.

A new report has been released, put together by some of the best known technologists and security experts out there, saying that the plan, as being considered would effectively undermine any cybersecurity regime. At a time when the administration and Congress keep insisting that we need better cybersecurity, to undermine it all with wiretapping backdoors would be ridiculous. And let's not even begin discussing how this would play out if it passed and number one CISPA backer Mike Rogers then became head of the FBI.

Among the report's authors are names you might recognize, like Ed Felten, Peter Neumann, Bruce Schneier and Phil Zimmerman. You can read the full report (pdf) to see all the details. As Ed Felten told the NY Times:

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report... “That’s a security vulnerability waiting to happen, as if we needed more,” he said.

Once again, all of this suggests that the efforts around "cybersecurity" have always been more of a cover story to try to make it easier for law enforcement to access data, rather than any legitimate effort at improving security.

Permalink | Comments | Email This Story

How The FBI's Desire To Wiretap Every New Technology Makes Us Less Safe

Mike Masnick — Tue, 15 Jan 2013 10:22:44 PST

Here they go again. Every year or so we end up writing about the FBI's desire for better wiretapping capabilities for new technologies, such as Skype. Basically, the FBI argues that because "bad guys" might use those tools to communicate in secret, they need backdoors to make sure that they can keep tabs on the bad guys.

But they're forgetting something: the FBI isn't necessarily the only one who will get access to those backdoors. In fact, by requiring backdoors to enable surveillance on all sorts of systems, the FBI is almost guaranteeing that the bad guys will use those backdoors for their own nefarious purposes. It's not security, it's anti-security.

This is why claims by the feds that we need cybersecurity legislation, like CISPA or the Cybersecurity Act, ring hollow. If they really wanted more protected networks, they wouldn't keep asking for specific security holes to be explicitly added to those networks.

Two decades ago, the FBI complained it was having trouble tapping the then-latest cellphones and digital telephone switches. After extensive FBI lobbying, Congress passed the Communications Assistance for Law Enforcement Act (CALEA) in 1994, mandating that all telephone switches include FBI-approved wiretapping capabilities.

CALEA was justifiably controversial, not least because its requirement for “backdoors” across our communications infrastructure seemed like a security nightmare: How could we keep criminals and foreign spies from exploiting weaknesses in the new wiretapping features? Would we even be able to detect them when they did?

Those fears were soon borne out. In 2004, a mysterious someone — the case was never solved — hacked the wiretap backdoors of a Greek cellular switch to listen in on senior government officials … including the prime minister.

Think this could only happen abroad? Some years ago, the U.S. National Security Agency discovered that every telephone switch for sale to the Department of Defense had security vulnerabilities in their mandated wiretap implementations. Every. Single. One.

Somehow, the FBI always thinks that if there are backdoors, only it will use them. That is extreme wishful thinking.

Permalink | Comments | Email This Story

Leaked Memo Confirms Apple, Nokia & RIM Gave Indian Gov't Backdoors

Mike Masnick — Mon, 9 Jan 2012 19:39:00 PST

Way back in the beginning of 2008, we wrote about how the Indian government was demanding that various mobile suppliers provide backdoors so it could intercept emails and text messages. In 2010, we wrote about further demands to spy on Gmail and Skype. Finally, at the end of 2010, the fact that various providers were providing backdoors to the Indian government was effectively revealed when the government complained that RIM's backdoor didn't really reveal everything. So, I'm not entirely sure why people are surprised that a leaked memo has revealed that at least Apple, Nokia and RIM all provided the Indian government with backdoors, and those are being used regularly in a surveillance dragnet.

Where it gets potentially more interesting is the report that the government then used such access to intercept emails from US government officials, including the "US-China Economic and Security Review Commission" -- "a U.S. government body with a mandate to monitor, investigate and report to Congress on 'the national security implications of the bilateral trade and economic relationship' between the U.S. and China." Kinda says something when the US commission on security issues can't even secure their own email from snooping foreign governments, huh?

Permalink | Comments | Email This Story

It's Back: FBI Announcing Desire To Wiretap The Internet

Mike Masnick — Thu, 17 Feb 2011 07:44:13 PST

Last fall it came out that the feds were going to push for a law that would require wiretap backdoors in all forms of internet communications. As many people pointed out at the time, there are all sorts of reasons why this is a very bad idea, starting with the fact that putting such backdoors into all forms of communication will certainly lead to them being abused. And, when we say "abused," we don't just mean by the feds -- who have a long history of illegally abusing surveillance powers -- but by others as well. If the feds really think that only they will have true access to these backdoors, they're a lot more naive than we thought. This is a catastrophe in waiting.

Either way, it appears that the geniuses over at the Justice Department and the FBI don't seem to care. Despite plenty of people raising these concerns, it's still going forward with a push for such laws. The plan that will be pushed would require any technology provider to offer up a way for law enforcement to spy on "Web-based e-mail, social networking sites, and peer-to-peer communications technology." Of course, the feds already have subpoena powers to get email and social networking info, when appropriate. And, as Kevin Bankston points out in the article linked above, the FBI demanded and received wiretapping abilities over such things a few years ago -- but hasn't explained why that wasn't sufficient. Either way, it's the P2P part that's really questionable, because basically they're asking for a way to wiretap encrypted voice systems like Skype.

What's stunning to me is that the feds don't even seem to consider the inevitable unintended consequences of forcing such wiretapping backdoors into these forms of communications. Such backdoors will almost certainly be hacked by those with malicious intent. If the feds thought Wikileaks and groups like Anonymous were troubling now, just wait until they can also record and listen to a growing number of voice calls.

And, for those who support these kinds of wiretaps, claiming that without them the FBI will "have no way to know" what these people are talking about, that's a bogus complaint. There are all sorts of other ways to figure out what people are doing. It's called basic detective work, and it's what our law enforcement folks are supposed to be doing. Just because it sometimes takes work is no reason to throw our basic privacy rights out the window.

Permalink | Comments | Email This Story

EFF Sues The Gov't, Demanding Proof That It Needs To Put Wiretap Backdoors Into All Communications

Mike Masnick — Mon, 1 Nov 2010 10:57:06 PDT

About a month ago, news broke that the feds were going to push for new legislation that would require wiretapping backdoors be put into all forms of internet communications. This is a bad idea for any number of reasons -- including the fact that this would make it much easier for others to spy on the communications of Americans. However, all indications are that the feds (especially the NSA, who wants to pretend they're "protecting" Americans from security issues, while really just wanting to spy on more Americans) are going to push forward anyway.

Part of the justification for the push for such wiretapping mandates is that new technology has made it much more difficult for law enforcement to to intercept necessary information. So the EFF made a simple request: prove it. It filed a Freedom of Information Act request for the evidence that new technologies were actually hindering law enforcement. However, the US government apparently ignored the request, leading the EFF to sue the government over its failure to respond to the request.

"The sweeping changes the government is proposing, to require 'back doors' into all private communications technologies, would have enormous privacy and security ramifications for American Internet users," said EFF Staff Attorney Jennifer Lynch. "Any meaningful debate must be based on the information we're seeking in the FOIA requests, so the government's failure to comply in a timely manner is troubling."

Permalink | Comments | Email This Story

Will Murdoch Kill The One Smart Part Of The WSJ's Paywall?

Mike Masnick — Thu, 12 Nov 2009 13:37:00 PST

With Rupert Murdoch's recent talk about removing his sites from Google, some said that if you understood his comments in context, he was really talking more about copying the WSJ's "leaky" paywall strategy -- which lets users see full articles if they visit via Google. Of course, in that very interview, he appeared to not know how that leaky paywall works, claiming that it took people to a landing page with a couple of paragraphs rather than the full story. That's not true. It does that if you're linked from most other sites. But people who come via Google (or, I believe, Digg) get the full story automatically. The idea, from SEO experts, was to actually help Google drive more traffic.

Of course, that was before Murdoch suddenly decided that all this free promotion was "parasiting" his works (despite the fact that many of his own properties do the same thing. However, it looks like News Corp. may actually be considering ending the "leaky" part of its paywall, with the company's COO, Chase Carey, saying that the idea makes no sense:

"I don't think it makes sense... We don't want people going though a backdoor, or other channels..."

And now we learn how little the folks at News Corp. seem to understand the internet and the fundamental way that people want to interact with news these days. It's not just about sitting and receiving the end product. It's about being a part of the process -- and that includes sharing and spreading the news -- for free -- to others. Mark Cuban thinks (incorrectly, in my opinion) that Murdoch understands the value of people passing around links, which is why he says he wants to opt-out of Google (because search traffic isn't as valuable as traffic from Twitter or Facebook). But locking up all that content actually harms that viral-link value. People aren't going to share or spread a link if they know others can't use it. For years, for example, we've used those "backdoors" (i.e., Google News) which Carey bemoans to read stories in the WSJ that we post here. If they stop allowing that, then I won't read the WSJ any more, and the community of readers and commenters here will never hear from the WSJ again. It's difficult to see how that's a better option.

Amusingly, the first time that we ever wrote about this growing concept that people today want to "spread the news" and "share the news" more than they just want to receive the news was about five years ago -- before the WSJ had put up its leaky paywall. The point of that post was to note just how far the WSJ had fallen out of the conversation on news media -- since no one could send around a link to discuss things. Putting those "backdoors" into the paywall, at the very least, brought the WSJ somewhat back into the conversation. Blocking it now would make the Journal irrelevant again. It's difficult to see how that's a smart strategy at all.

Permalink | Comments | Email This Story