More Proposals for Wiretapping the Internet
Posted by Aaron Massey on 19 Oct 2010.
Last month I pointed out an article in the NY Times that described a government plan to allow surveillance of communications on the Internet. Basically, the government wants to be able to wiretap things like Facebook, Gmail, Hushmail, and Skype. However, to do this requires adding backdoors to encryption algorithms, and backdoors are just another attack surface that can be used by anyone to break encryption. This may all seem like déjà vu to anyone who was involved in the Clipper chip debates in the 1990s.
This month the story continues as government officials attempt to determine the best way to get access to Internet communications:
The Obama administration is circulating several ideas for legislation that would increase the government’s leverage over carriers, officials familiar with the deliberations say.
One proposal is to increase the likelihood that a firm pays a financial penalty over wiretapping lapses — like imposing retroactive fines after problems are fixed, or billing companies for the cost of government technicians that were brought in to help.
Another proposal would create an incentive for companies to show new systems to the F.B.I. before deployment. Under the plan, an agreement with the bureau certifying that the system is acceptable would be an alternative “safe harbor,” ensuring the firm could not be fined.
These proposals fail to recognize the radically different structure of Internet communications. Even something as simple as video chatting with someone on Skype could involve three or four networks, not to mention the Skype software itself, which is partially owned by eBay. Furthermore, there are numerous open source encryption and communications programs available that could be used by any serious bad actors to avoid any sort of surveillance.