Wednesday, May 23, 2012

New FBI Surveillance Backdoors? 6 Key Points

Will Congress require social networks, online voice over IP (VoIP) services, and Webmail providers to build in backdoors that could be used for electronic surveillance purposes by the FBI?
According to one news report, FBI officials have been meeting with Facebook, Google, Microsoft (which owns Skype and Hotmail), and Yahoo, among other companies. The goal apparently isn't to promote the bureau's push for expanded wiretapping capabilities, but rather to ask how that be implemented while causing minimal disruption for the companies with networks that would be directly accessed. AdTech Ad
Reached by phone, an FBI spokesman declined to confirm or deny the news report. But it wouldn't be the first time in recent history in which the FBI has detailed the difficulties it faces when attempting to "wiretap" newer types of communication--from Facebook and Twitter to Skype and X-Box VoIP--and argued for greater capabilities.
Here are 6 points to consider about expanding the FBI's surveillance powers:
1. Bureau Warns About Going Dark. The bureau has already been asking Congress for broader surveillance powers to help it keep up with new technologies. Notably, FBI director Robert S. Mueller III told Congress in December 2011 that "a growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications." The consequences, he warned, could be dire. "Should this gap continue to grow, there is a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."
2. Proposed CALEA Revisions Would Update 1994 Law. Accordingly, the FBI wants Congress to expand the Communications Assistance for Law Enforcement Act (CALEA). First passed in 1994, the purpose of the law--according to its text--is "to make clear a telecommunications carrier's duty to cooperate in the interception of communications for Law Enforcement purposes, and for other purposes." Specifically, the law is designed to allow law enforcement agencies, with a warrant, to conduct wiretaps of digital telephone networks. The law also made telephone carriers responsible for CALEA development and implementation costs. Congress then expanded the law in 2004 to cover broadband Internet service providers (ISPs) as well as telecommunications carriers that handle voice communications via VoIP.
But the latest proposed expansion could see the Federal Communications Commission review whether CALEA should be used to require services such as Skype, the PlayStation Network, Gmail, and similar services to make their systems easier to wiretap. CALEA requires that any encryption added by the wiretapped service be removed for law enforcement access.
3. Questions Remain Over Wiretapping Scope. Just how often does the FBI need to use wiretapping during an investigation? That's not clear. According to an FBI website about CALEA, wiretapping "is used infrequently and then only to combat the most serious crimes and terrorism." It also says that law enforcement officers must "establish probable cause that the wiretaps may provide evidence of a felony violation of federal law," after which it's up to a judge to approve or disprove the wiretap, and then monitor any wiretapping.
4. Civil Liberties Groups See Slippery Slope. Civil rights groups have warned that granting law enforcement agencies new surveillance powers could lead to a decrease in the privacy protections that people currently enjoy. "The heart of the issue is a growing attitude among law enforcement that there ought to be a presumption that citizens' communications be susceptible to eavesdropping. There is no reason for such a presumption," Jay Stanley, senior policy analyst for the Speech, Privacy and Technology Project at the American Civil Liberties Union, wrote in a blog post.
5. Will Technology Companies Back CALEA Expansion? FBI overtures to technology giants aside, it's far from clear whether Facebook, Google, Microsoft, and their ilk would back the proposed CALEA changes and grant the FBI direct access their networks. In fact, they could try to torpedo such proposals, not least to distance themselves from anything involving surreptitious access to user data.
In fact, Twitter last month filed a motion in a New York state court to quash a New York City prosecutor's request for information pertaining to Twitter user Malcolm Harris, who participated in Occupy Wall Street protests on the Brooklyn Bridge last year. Harris had already failed to quash the subpoena after a court ruled that his posts belonged not to him but to Twitter, meaning he had no legal standing to challenge the subpoena.
Interestingly, Twitter's motion to quash instead argues that the subpoena imposes an overwhelming burden because it doesn't give the Twitter user the ability to argue against the subpoena. Furthermore, Twitter said that its terms of service explicitly tell users that they "retain [their] rights to any Content [they] submit, post or display on or through" the service, and notes that relevant legislation allows users to challenge any demands for their account records. "To hold otherwise imposes a new and overwhelming burden on Twitter to fight for its users' rights, since the [court order] deprives its users of the ability to fight for their own rights when faced with a subpoena from New York State," read Twitter's legal filing.
6. Backdoors May Facilitate Unauthorized Access. Wiretapping backdoors could also make online services more vulnerable to attackers. In particular, adding hard-coded backdoors or access credentials for any website, application, or service is a cause for concern since this access could be abused in unintended--and potentially untraceable--ways. "Companies are also afraid of the potential security threat to trade secrets and confidential exchanges," wrote attorney Aaron Kelly, who specializes in online privacy laws, in a blog post. "Some of them argue that a sufficiently skilled hacker could break in through a backdoor and steal personal information from a business."

No comments: