Belmont Club

Going Dark

The New York Times says the administration want Congress to make the Internet wiretap ready.  “Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.” Such requirements are already in place in regular telephone systems, something known as being “CALEA-ready”. The wiretap utilities are often built right into the telephone system and have been used in at least once by unauthorized parties to implement their own intercepts.

In the 1990s the FBI, claiming that advanced switching technology threatened the effectiveness of wiretapping, persuaded Congress to require that telephone companies build wiretapping capability into their networks. This resulted in CALEA (Communications Assistance for Law Enforcement Act) of 1994. …

When SMS messaging went awry in Athens in 2005, an investigation found that for 10 months someone had been wiretapping senior members of the Greek government. … Although no information has surfaced about who did the wiretapping, a good bit is known about how it was done. The 1994 CALEA law requiring telephone systems to be wiretap ready applies only to switches installed in the U.S., but since manufacturers try to have as few versions of their products as possible, it has had worldwide impact. When the Greek Vodaphone network purchased a switch from Ericsson, it didn’t order wiretapping capabilities; wiretapping software was present in the switch but was supposed to be shut off. In particular, auditing software that would have been operating if the wiretapping feature had been ordered was not present. When unknown parties turned some of the wiretapping features on, their actions went unrecorded.

The New York Times drily notes that “in the United States, phone and broadband networks are already required to have interception capabilities, under a 1994 law called the Communications Assistance to Law Enforcement Act. It aimed to ensure that government surveillance abilities would remain intact during the evolution from a copper-wire phone system to digital networks and cellphones” and what could be better than to require the Internet to be redesigned like a telephone system.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.

“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”

This requirement will eventually require manufacturers of encryption services to either provide backdoors for law enforcement or mandate that communications carriers refuse data encrypted in ways that they cannot be broken. CNET reports:

Communication providers, apparently including companies that offer voice over Internet Protocol (VoIP) services, would be compelled to reconfigure their systems so that police could be guaranteed access to descrambled information. It could become illegal for a company to offer completely secure encrypted communications — through a protocol such as ZRTP, for instance — if its customers held the keys and the provider did not.

But, as in gun control, the problem of “if encryption were banned then only criminals would have encryption” applies. CNET noted that “Even the federal government can’t force overseas companies with no domestic offices to comply with a U.S. law mandating backdoors, and those products would probably become the ones that criminals and terrorists adopt.” Privacy also remains a concern and CNET noted that the administration’s current attitude is very much at odds with his campaign promises. At the time Obama said, “I will work with leading legislators, privacy advocates, and business leaders to strengthen both voluntary and legally required privacy protections.” At the time Obama presented himself as an advocate of privacy, taking a stern view against wiretaps and .

Q:Telecommunications companies such as AT&T have been accused in court of opening their networks to the government in violation of federal privacy law. Do you support giving them retroactive immunity for any illicit cooperation with intelligence agencies or law enforcement, which was proposed by the Senate Intelligence Committee this fall (S 2248)?
Obama: No.

Q: The Bush administration has supported legally requiring Internet service providers, and perhaps search engines and social-networking Web sites as well, to keep logs on who their users are and what they do. Do you support federal legislation, such as HR 837, to mandate data retention?
Obama: No.

Power over information in today’s world is so critical that it is almost a proxy for political and military strength. Allowing government to create an infrastructure in which information can be sucked up at the flip of a legal switch is an immense concession of authority to the center. But, as the history of law enforcement often shows, it will be hard to extend to terrorists and criminals who opt out of the licit system. Increasing the power of the state to deduce criminal activity by surveilling those in the compliant system may provide certain advantages, but they are in large part the advantages of the drunk looking for the coin he lost under a lampost, not because it was mislaid there, but because that is where he can look.