U.S. Aims to Force Web Services to Compromise Message Encryption

 
 
By Wayne Rash  |  Posted 2013-05-05
 
 
 

U.S. Aims to Force Web Services to Compromise Message Encryption


Even if it accomplished nothing else, the Middle Eastern governments’ crackdowns on communications during the Arab Spring movement two years ago demonstrated how much governments, in general, and repressive governments, in particular, hate encryption—particularly in the hands of private citizens.

This is why governments from Egypt to Oman to India have tried to ban BlackBerry smartphones with their uncrackable encryption. Now, in the United States, the Federal Bureau of Investigation and the military and intelligence agencies are going after your encrypted communications on Google, Facebook and other Web communication services.

Google, as you’ll likely recall, was hacked by the Chinese military who tried to get into the email accounts of dissidents who use Gmail for communicating their pro-freedom activities. The Chinese, a repressive regime if there ever was one, just hates dissidents. So the military hackers wanted to read their email to find out who they were and what they were up to.

Google responded by encrypting its network from end to end. Facebook, after being attacked repeatedly, has done the same thing. Other networks that pride themselves on their security are also providing encrypted communications, including BlackBerry, which is widely used by the U.S. government precisely for this reason.

Of course those other repressive governments never actually banned BlackBerry devices because their own intelligence agencies also use them and needed the security more than they needed to read other people’s email.

So now we come to the FBI and other U.S. law-enforcement agencies that are trying to read the text messages, chats and the email of people they think are bad guys. The feds say that they’re doing this to fight crime and terrorism. And they say they have a right to get information if they have a legally obtained wiretap order.

The problem is, as The Washington Post reported recently, that not all providers of communications services have the ability to comply with a federal wiretap order. Their systems are secure and they’re meant to stay that way. What the FBI is asking for is the ability to fine those companies that don’t comply with a wiretap order, even if they’re technically unable to do so within a time limit set by the FBI.

In other words, if you can’t provide the feds with a back door to your system, the government will keep piling on fines until you go out of business. The idea, of course, is to compel companies that provide secure communications to also build in a means for the feds carry out get their wiretaps.

 

U.S. Aims to Force Web Services to Compromise Message Encryption


The stick that would compel them is a series of increasing fines that theoretically (if you do the math) keep doubling until it reaches an infinitely large amount of money. It's maybe even enough money to make Google pay attention, although it’s not clear that’s even possible.

In one sense this is understandable. The federal government does have a requirement to catch criminals and prevent terrorists from carrying out attacks like the 9/11 attacks in New York or the Boston Marathon bombing on April 15.

It also has the right to get a court-approved warrant to obtain access to the private communications of suspected criminals. But to fine a company into oblivion for something that they can’t do or because they need time to develop the technical ability to comply with the government’s demands seems insane. Sure, it will get their attention, but if the government drives the communication service out of business, law-enforcement officials won’t get the information they want.

Worse, threatening such a punitive response to a technically difficult problem only means that the federal government is either going to make locating a business in the U.S. unprofitable, result in wretchedly poor service or both.

Faced with such a punitive fine as the feds are contemplating, why would a company willingly place itself in harm’s way? After all, the Internet is everywhere. All that the FBI may accomplish is that these companies place themselves beyond the reach of U.S. law enforcement by, say, moving to Canada or Mexico.

Or, if the company is already in the U.S., they could very well force the creation of a back door that would satisfy the FBI, but at the same time lets in those same international and domestic bad guys that the FBI is chasing. This would happen because of the FBI’s time limit—to develop a back door in 60 days (or whatever they set the deadline at) or you’re fined into bankruptcy.

Does the FBI really want to force U.S. communications providers to implement insecure solutions just so they can satisfy their need for instant gratification? Does it really want to force the Facebooks of the world to locate in Canada, the European Union or some other nation that isn’t likely to honor a warrant from a U.S. court? But are such punitive measures really worth it?

For some reason, I’m reminded of a comment from the days of the Vietnam War as reported by legendary journalist Peter Arnett: “We had to burn down the village in order to save it.” Is that really the goal of the federal law-enforcement agencies–to cripple Internet communications and destroy companies that don’t have the means to comply with their demands?

 

Rocket Fuel