Not Being Able To Spy On Everyone Online Is A Feature, Not A Bug

from the tell-the-FBI dept

With the recent news coming out that the feds plan to introduce dangerous legislation early next year to mandate backdoors for wiretapping into every form of internet communications, plenty of people have expressed their horror at such a plan. It's not just the basic questions of due process and privacy, but the massive burdens lumped upon all sorts of companies, combined with the equally worrisome security holes opened up by such demands.

Julian Sanchez has a wonderful article over at the American Prospect discussing just how problematic this plan would be:
But the current proposal is far more radical, in part because the Internet is not much like a traditional phone network. To see why, consider Skype, a popular program that allows users to conduct secure text chats, phone conversations, video conferences, and file transfers. Skype is designed as a distributed peer-to-peer network, meaning there's no central hub or switching station through which calls are routed; only the login server used to register members as they sign on to the network is centralized. Calls are encrypted end-to-end, meaning that only the end users who are parties to a call hold the secret keys to secure the conversation against online snoops. There's no device Skype can install at their headquarters that would let them provide police with access to the unencrypted communications; to comply with such a mandate, they'd have to wholly redesign the network along a more centralized model, rendering it less flexible, adaptable, and reliable as well as less secure.

Skype is just one of the thousands of firms, large and small, that would be burdened with the obligation to design their systems for breach. We've already seen how this can cause security vulnerabilities on traditional phone networks: In 2005, it was discovered that unknown hackers had exploited wiretap software built into Vodaphone Greece's computer system for law-enforcement use to eavesdrop on the cellular phone conversations of high Cabinet officials and even the prime minister. Designing for surveillance means, more or less by definition, designing a less secure, more vulnerable infrastructure. It's for just this reason that similar proposals were wisely rejected during the Crypto Wars of the 1990s, a decision that helped give rise to a thriving online economy that's wholly dependent on strong encryption.

It's not just hackers who could exploit such vulnerabilities, of course. A network architecture designed for the convenience of American law enforcement also necessarily makes eavesdropping easy for the many regimes whose idea of a "national-security threat" includes political dissent or blasphemous speech. And there's always the threat of interception by insiders: An engineer at Google was recently fired for using his privileged access to snoop into the private accounts of several teenage users. One way to alleviate such concerns is for firms like Google to enable end-to-end encryption, so users can feel secure that even the company's own employees won't have the keys needed to read their communications. The government's proposal would deny them the ability to make that promise.
Sanchez also has a wonderful line towards the end. In discussing why law enforcement would obviously love this kind of access (while also highlighting its widespread past abuses of wiretapping ability, he notes:
But while governments may consider it a bug when network architecture renders such sweeping surveillance infeasible, citizens should probably regard it as a feature.
An important feature, too, and one that we shouldn't easily part with just because a government with a history of abusing surveillance rights doesn't want to do any legwork anymore.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 12:10pm

    A fair idea

    If they have a back door into my computer, I get a back door to theirs. It's all about openness in government, isn't it?

     

    reply to this | link to this | view in thread ]

  2.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 12:32pm

    Re: A fair idea

    This is a really good point. How long after these mandates are in place will it be before hackers have the backdoor figured out and ALL government systems are compromised?

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 12:35pm

    only the login server used to register members as they sign on to the network is centralized
    Of course, this is probably where the tap could be (and is, if you believe the theory that the SIGINT agencies don't consider Skype a problem) implemented, by listing certain users or IPs whose communications are to be routed to a certain set of machines under the control of NSA/FBI/other TLA agency. What are the statuses of breaking the Skype protocol and reverse-engineering the binary now?

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    :Lobo Santo (profile), Oct 11th, 2010 @ 12:35pm

    Re: Re: A fair idea

    About 3 weeks before the plan is "officially" to be put into action.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    Rikuo (profile), Oct 11th, 2010 @ 12:52pm

    Re: #3

    Now, I'm not pretending to be a network expert, but if the Fbi et al tap the login server, the only data they're going to get is that X is talking to Y. The computers at Skype headquarters don't actually transmit or receive any of the actual conversation data. That information is stored on whatever computers that X and Y are using.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    weneedhelp (profile), Oct 11th, 2010 @ 1:00pm

    Whats shocking

    is that the argument is about the technology limitations, rather than our government wishes to have this kind of power.

     

    reply to this | link to this | view in thread ]

  7.  
    icon
    Rikuo (profile), Oct 11th, 2010 @ 1:15pm

    Re: Whats shocking

    Ummmm...what article are you reading? This article is about why its bad for the government to have this kind of power, it just goes into tech-talk to give one explanation for why its bad. I'm presuming you didn't read "A network architecture designed for the convenience of American law enforcement also necessarily makes eavesdropping easy for the many regimes whose idea of a "national-security threat" includes political dissent or blasphemous speech."

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Andrew F (profile), Oct 11th, 2010 @ 1:22pm

    Re: Re: #3

    If you tap the login server, you could probably impersonate one of the users and get in that way. You'd probably also have to alter the client software to broadcast to multiple peers (including the FBI) rather than just one.

    It's doable, but it does open up a lot of security holes though.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Derek Kerton (profile), Oct 11th, 2010 @ 1:36pm

    Re: Re: #3

    The point is that the proposed legislation would require Skype to change the way it works so that the authorities could intercept the person-to-person conversation. One bad option would be a re-route through a central server.

    Among Mike's point are one that this might break Skype. Another is that it would make Skype much less desirable by users.

    Making things suck for government's convenience, or making technology crawl so that our own governments can spy on us is policy more becoming of North Korea or China. Not the USA.

    The consequences are dire. If this passes, all residents of New Hampshire will die. (Or at least need to change their license plates.)

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 1:41pm

    God I hope this goes through. If everything is easily tapped it'll be so much easier for the really tech savvy and motivated get the login passwords of different government officials (probably not the higher ups, but a good number of the lower echelon passwords will be up for grabs). The media spectacle following the massive amount of information that gets leaked will probably be enough of a reason for me to start watching the news again.

     

    reply to this | link to this | view in thread ]

  11.  
    icon
    Zacqary Adam Green (profile), Oct 11th, 2010 @ 3:27pm

    On the plus side, this sort of attitude is what causes the Justice Department to actively fight against three-strikes legislation, because that would encourage people to encrypt everything.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 3:45pm

    If it's true, it could be big business.

    Question:
    Why else do you think AT&T was allowed to go on its M&A spree a few years ago?

    Answer:
    It was because they had a solid business plan with forward-thinking, marketplace defining, consumer-friendly business practices that place customer satisfaction as #1 priority and at the center of their business.

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Anonymous Coward, Oct 11th, 2010 @ 4:02pm

    Yup...of COURSE you can trust the government. Just go ask a native American Indian! (rolling my eyes)

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Derek, Oct 11th, 2010 @ 4:49pm

    For The Children! (tm)

    It will be interesting to see which congress-critters jump onboard to sponsor this sort of legislation, then rush home to froth about government over-regulation and interference with business.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    BruceLD, Oct 11th, 2010 @ 9:47pm

    Subject

    This would make way for peeping toms to spy on your wifes beach vacation photos, your daughters pool party pictures and would allow pervs to snoop around in your families email and online banking transactions and even tax information.

    Yep. Sounds like a good idea!

    Here's another great idea, why not let the movie and music industry spy on your family and children too? They would LOVE to do this, and no doubt these "spy" laws can be helpful to them too!

    YAY!!!!

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    Bruce Ediger (profile), Oct 11th, 2010 @ 10:03pm

    Re: Re: A fair idea

    There have been persistent rumors that Evil Hackers have used the DCS-3000/DCS-6000 systems for their own uses.

    The DCS systems are the ones formerly known as "Carnivore" and mandated by the CALEA.

     

    reply to this | link to this | view in thread ]

  17.  
    icon
    Rikuo (profile), Oct 11th, 2010 @ 11:48pm

    Dan Brown

    What's surprising me here is that this is pretty much the plot of Dan Brown's "Digital Fortress". American law enforcement want to be to tap everything, so they build a supercomputer able to crack any encryption...

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    The Groove Tiger (profile), Oct 12th, 2010 @ 5:33pm

    Re: Subject

    I get that spying on people's beach and pool photos make you a peeping tom, but I don't understand the relationship between pervs and bank/tax records

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Pastychomper, Oct 13th, 2010 @ 1:09am

    Skype wouldn't be hard to change

    I'm no expert, but I think Skype's protocol would be very easy for the company to compromise. It's been capable of conference calls for years, all Skype needs to do is introduce a "feature" that silently adds a third caller when the login server asks it to.

    Admittedly one of the users might notice that Skype was using more bandwidth than usual - or that it's now transmitting to two places instead of one - but there are various ways to make it harder to spot. For example, they could increase the compression so the perv/scammer/spy/carefully-vetted law enforcement officer gets a lower quality but still audible signal. Or just pay a few people to spread rumours about Skype's ridiculous new encryption that interferes with its compression under certain circumstances...

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Oct 13th, 2010 @ 3:10pm

    Re: Re: A fair idea

    Happened about 5 to 10 years ago.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Kevin, Oct 16th, 2010 @ 1:24pm

    1984

    1984 was a book, not an instructional guide.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This