Not Being Able To Spy On Everyone Online Is A Feature, Not A Bug

from the tell-the-FBI dept

With the recent news coming out that the feds plan to introduce dangerous legislation early next year to mandate backdoors for wiretapping into every form of internet communications, plenty of people have expressed their horror at such a plan. It’s not just the basic questions of due process and privacy, but the massive burdens lumped upon all sorts of companies, combined with the equally worrisome security holes opened up by such demands.

Julian Sanchez has a wonderful article over at the American Prospect discussing just how problematic this plan would be:

But the current proposal is far more radical, in part because the Internet is not much like a traditional phone network. To see why, consider Skype, a popular program that allows users to conduct secure text chats, phone conversations, video conferences, and file transfers. Skype is designed as a distributed peer-to-peer network, meaning there’s no central hub or switching station through which calls are routed; only the login server used to register members as they sign on to the network is centralized. Calls are encrypted end-to-end, meaning that only the end users who are parties to a call hold the secret keys to secure the conversation against online snoops. There’s no device Skype can install at their headquarters that would let them provide police with access to the unencrypted communications; to comply with such a mandate, they’d have to wholly redesign the network along a more centralized model, rendering it less flexible, adaptable, and reliable as well as less secure.

Skype is just one of the thousands of firms, large and small, that would be burdened with the obligation to design their systems for breach. We’ve already seen how this can cause security vulnerabilities on traditional phone networks: In 2005, it was discovered that unknown hackers had exploited wiretap software built into Vodaphone Greece’s computer system for law-enforcement use to eavesdrop on the cellular phone conversations of high Cabinet officials and even the prime minister. Designing for surveillance means, more or less by definition, designing a less secure, more vulnerable infrastructure. It’s for just this reason that similar proposals were wisely rejected during the Crypto Wars of the 1990s, a decision that helped give rise to a thriving online economy that’s wholly dependent on strong encryption.

It’s not just hackers who could exploit such vulnerabilities, of course. A network architecture designed for the convenience of American law enforcement also necessarily makes eavesdropping easy for the many regimes whose idea of a “national-security threat” includes political dissent or blasphemous speech. And there’s always the threat of interception by insiders: An engineer at Google was recently fired for using his privileged access to snoop into the private accounts of several teenage users. One way to alleviate such concerns is for firms like Google to enable end-to-end encryption, so users can feel secure that even the company’s own employees won’t have the keys needed to read their communications. The government’s proposal would deny them the ability to make that promise.

Sanchez also has a wonderful line towards the end. In discussing why law enforcement would obviously love this kind of access (while also highlighting its widespread past abuses of wiretapping ability, he notes:

But while governments may consider it a bug when network architecture renders such sweeping surveillance infeasible, citizens should probably regard it as a feature.

An important feature, too, and one that we shouldn’t easily part with just because a government with a history of abusing surveillance rights doesn’t want to do any legwork anymore.

Filed Under: , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Not Being Able To Spy On Everyone Online Is A Feature, Not A Bug”

Subscribe: RSS Leave a comment
Anonymous Coward says:

only the login server used to register members as they sign on to the network is centralized

Of course, this is probably where the tap could be (and is, if you believe the theory that the SIGINT agencies don’t consider Skype a problem) implemented, by listing certain users or IPs whose communications are to be routed to a certain set of machines under the control of NSA/FBI/other TLA agency. What are the statuses of breaking the Skype protocol and reverse-engineering the binary now?

Rikuo (profile) says:

Re: #3

Now, I’m not pretending to be a network expert, but if the Fbi et al tap the login server, the only data they’re going to get is that X is talking to Y. The computers at Skype headquarters don’t actually transmit or receive any of the actual conversation data. That information is stored on whatever computers that X and Y are using.

Derek Kerton (profile) says:

Re: Re: #3

The point is that the proposed legislation would require Skype to change the way it works so that the authorities could intercept the person-to-person conversation. One bad option would be a re-route through a central server.

Among Mike’s point are one that this might break Skype. Another is that it would make Skype much less desirable by users.

Making things suck for government’s convenience, or making technology crawl so that our own governments can spy on us is policy more becoming of North Korea or China. Not the USA.

The consequences are dire. If this passes, all residents of New Hampshire will die. (Or at least need to change their license plates.)

Rikuo (profile) says:

Re: Whats shocking

Ummmm…what article are you reading? This article is about why its bad for the government to have this kind of power, it just goes into tech-talk to give one explanation for why its bad. I’m presuming you didn’t read “A network architecture designed for the convenience of American law enforcement also necessarily makes eavesdropping easy for the many regimes whose idea of a “national-security threat” includes political dissent or blasphemous speech.”

Anonymous Coward says:

God I hope this goes through. If everything is easily tapped it’ll be so much easier for the really tech savvy and motivated get the login passwords of different government officials (probably not the higher ups, but a good number of the lower echelon passwords will be up for grabs). The media spectacle following the massive amount of information that gets leaked will probably be enough of a reason for me to start watching the news again.

Anonymous Coward says:

If it's true, it could be big business.

Why else do you think AT&T was allowed to go on its M&A spree a few years ago?

It was because they had a solid business plan with forward-thinking, marketplace defining, consumer-friendly business practices that place customer satisfaction as #1 priority and at the center of their business.

BruceLD says:


This would make way for peeping toms to spy on your wifes beach vacation photos, your daughters pool party pictures and would allow pervs to snoop around in your families email and online banking transactions and even tax information.

Yep. Sounds like a good idea!

Here’s another great idea, why not let the movie and music industry spy on your family and children too? They would LOVE to do this, and no doubt these “spy” laws can be helpful to them too!


Pastychomper says:

Skype wouldn't be hard to change

I’m no expert, but I think Skype’s protocol would be very easy for the company to compromise. It’s been capable of conference calls for years, all Skype needs to do is introduce a “feature” that silently adds a third caller when the login server asks it to.

Admittedly one of the users might notice that Skype was using more bandwidth than usual – or that it’s now transmitting to two places instead of one – but there are various ways to make it harder to spot. For example, they could increase the compression so the perv/scammer/spy/carefully-vetted law enforcement officer gets a lower quality but still audible signal. Or just pay a few people to spread rumours about Skype’s ridiculous new encryption that interferes with its compression under certain circumstances…

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...