Plans by federal law enforcement and national security officials to make it easier to intercept communications on the Internet are revisiting arguments from the 1990s.
that federal law enforcement and national security officials want to create new
regulations to help them intercept electronic communications raised a sense of
d??Â«j??Ã vu for Cindy Cohn.
legal director at the Electronic Frontier Foundation, remembers when these same
issues arose in the 1990s, a time when the Clinton
administration was pushing the Communications Assistance for Law Enforcement
Act (CALEA) and the now-defunct "Clipper chip."
government's story at the time was the same-centering on concerns about
criminals and others using the technology for nefarious ends. But just as it
was a bad idea then, she said, it is a bad idea now.
isn't a question where there's this thing that can make us safer, should we do
it or should we not do it," she said. "This thing that they want won't
make us safer. It will make us more vulnerable. Not just to government misuse,
but to third parties."
New York Times
, federal law enforcement and national security officials
want to require all services that enable communications-from Skype
to Facebook to BlackBerry
-to be technically capable of complying if served
with a wiretap order. The mandate would include being able to intercept and
unscramble encrypted messages, the Times reported. The Obama administration
plans to introduce the bill to lawmakers next year.
FBI spokesman told eWEEK that law enforcement has "struggled to keep pace
with evolving communications technology" for decades, and noted that CALEA
was "needed to preserve law enforcement's surveillance capabilities as
digital switching and wireless telephony advanced."
to the Times, the rules appear to be coming together around these ideas: Communications
services that encrypt messages must have a way to unscramble them;
foreign-based providers that do business inside the United States must have a
domestic office capable of performing intercepts; and developers of
peer-to-peer software must redesign their service to allow file interception.
these changes could present security risks of their own-for example, opening up
backdoors that could be exploited by attackers.
of backdoors by hackers or other foreign governments should be a major concern,"
opined Forrester Research analyst John Kindervag. "If our government is
able to get into these systems or look at this traffic, then other entities
will be able to do so. We must disabuse ourselves of any notion that our
government can do it in a manner that is completely secure and cannot be
exploited by non-authorized or malicious actors. This could lead to things as
dangerous as creating intentional flaws or decrementing the security
implementations of SSL /TLS-as
an example. In theory, this could be disastrous for e-commerce."
backdoor is a backdoor, Cohn said, adding that the government already has the
ability to do wiretaps with its existing authority.
you want a secure thing, it's got to be secure, period," Cohn said. "It
just doesn't work to try to make something insecure only against one possible
[entity]. ... Right now the government has so many different ways to get access
to our communication with really very little justification, and very little
court oversight. Taking away our ability to do encryption is just another hit,
and it's one that I think again has tremendous collateral effect."
Caproni, general counsel for the FBI, reportedly told the Times that
authorities were not talking about "expanding authority."
talking about lawfully authorized intercepts. ... We're talking about preserving
our ability to execute our existing authority in order to protect the public
safety and national security," she said.
this year, several
tech companies and privacy groups
banded together to push for reforms to
the Electronic Communications Privacy Act (ECPA), which was enacted in 1986 to
establish a framework for extending government monitoring of telephone
communications to electronic communications on computers. The Senate Judiciary
Committee held a hearing on proposed updates to the bill Sept. 22.
public safety and security are not mutually exclusive goals. ... If citizens are
confident that their privacy rights will be protected online, they will be more
comfortable using American communications technologies at home and at work,"
said Sen. Patrick Leahy, D-Vt., committee chairman, in a statement.
while balance must be struck between privacy and security in some cases, the
proposal outlined in the Times report is not one of them, Cohn said.
are ... security-based reasons that it died the last time," she said. "There
are definitely civil liberties reasons that it died the last time too."