back to article Feds want backdoors built into VoIP and email

Developers of email, instant-messaging and voice-over-internet-protocol applications would be forced to redesign their services so their contents can be intercepted by law enforcement agents armed with legal wiretap orders under federal legislation reported on Monday by The New York Times. The legislation would, among other …

COMMENTS

This topic is closed for new posts.
  1. Sampler
    WTF?

    I understand their point but..

    any sanctioned voip system ran over a tor like network would rule the backdoor obsolete - I guess this is another policy from someone who doesn't understand the technology.

    1. James Woods

      tor shmore

      When you say tor-like network im assuming your saying that acknowledging that the US government has control of tor as we know it.

      Taking over a tor-like network would be just as easy as the government having direct access to it anyhow.

      The best thing about all this stuff is it's happening under a democrat. I thought the republicans were the bad guys trying to invade your privacy.

      Hrm.

  2. Christoph

    Idiocy

    All that will do is encourage people to get round it, which won't be difficult - what are they going to do about open source software developed outside the US?

    Businesses are going to be very unhappy about having their communications wide open - especially non-US ones operating in the US who don't want all their plans leaked to their rivals.

  3. dyfet
    Grenade

    GNU Telephony Statement on new Internet Surveillance Laws

    Speaking on behalf of the GNU Telephony project, we do intend to openly defy such a law should it actually come to pass, so I want to be very clear on this statement. It is not simply that we will choose to publicly defy the imposition of such an illegitimate law, but that we will explicitly continue to publicly develop and distribute free software (that is software that offers the freedom to use, inspect, and modify) enabling secure peer-to-peer communication privacy through encryption that is made available directly to anyone worldwide. Clearly such software is especially needed in those places, such as in the United States, where basic human freedoms and individual dignity seem most threatened today.

    In the United States the 4th amendment did not come about simply because it was impractical to directly spy on everyone on such a large scale. Nor does it end simply because it may now be technically feasible to do so. Communication privacy furthermore is essential to the normal functioning of free societies, whether speaking of whistle-blowers, journalists who have to protect their sources, human rights and peace activists engaging in legitimate political dissent, workers engaged in union organizing, or lawyers who must protect the confidentiality of their privileged communications with clients.

    However, to fully appreciate the effect of such surveillance on human societies, imagine being among several hundred million people who wake up each day having to prove they are not a “terrorist” by whatever arbitrary means the government has decided to both define the terms of such a crime and whatever arbitrary methods unknown to you that they might choose to define you as such, and where even your prosecution is carried out under the immunity of “state secrets” that all police states use to abuse of their own citizens. Such a society is one who’s very foundation is built on the premise of everyone being guilty until proven innocent and where due process does not exist. It is the imposition of such a illegitimate society that we choose to openly oppose, and to do so in this manner.

    David Alexander Sugar

    Chief Facilitator

    GNU Telephony

    1. Anonymous Coward
      Alert

      Open source

      Now more then ever there is a need for free open source software. Thank you GNU Telephony guys and girls!

  4. Khaptain Silver badge
    Black Helicopters

    Time to stock up on the Tinfoil again.

    Do they really want us to believe that they don't already have the means.......

  5. Dazed and Confused
    Black Helicopters

    Don't these half wits ever learn?

    > The legislation would, among other things, require cellphone carriers, websites and other types of service providers to have a way to unscramble encrypted communications traveling over their networks

    How can the ISP be responsible if their customer encrypts traffic before it hits their network?

    These people clearly have not got the faintest idea how the Internet works.

    An email system just carries data from one place to another. The ISP shouldn't not be looking in there at all without a court order, but once they have that all they are going to get in the raw data. Anything inside that could be encrypted in millions of different ways, something like GPG would make it difficult for them to make any sense of it. They could of course insist on adding a backdoor to GPG, but users would only rip it straight back out again. Open source, no secrets there.

    As Phil Zimmermann famously said "If privacy is outlawed, only outlaws will have privacy."

    If they insist that all internet encryption systems have a backdoor, Internet commerce will collapse over night since there will not longer be secure way of sending your payment details.

    If they do insert a backdoor how long before it leaks?

    Why don't they go and ask their paymasters in the entertainment industry about this. How long did the encoding on DVDs last before it leaked, now the backdoor on HDMI has leaked. Leaking is what data does best.

    1. TimeMaster T
      Big Brother

      slight corection

      CSS on DVDs was >cracked< not leaked.

      Your dead on with everything else. No matter what the backdoor will be leaked or cracked, and most likely by those who will not make that information publicly known.

  6. James Butler

    Wow

    Like Sampler, I see their point, but to build in backdoors completely defeats the purpose of the encryption technology. Next step ... outlawing (only for Americans, of course) the ability to use any type of encryption software that the Feds can't crack. Say "bye bye" PGP.

    1. Guus Leeuw
      Grenade

      Re: Wow

      James, "(only for Americans, of course)" doesn't quite hit it, I'm afraid.

      The proposed legislation is for *data that runs over US networks*. Now if google, whatever else they do, come up with a backbone that spans the globe and BT is using part of that (google Inc) infrastructure, your data runs over a US network, and is thusly prone to US government rammifications.

      I'm scared shitless: I run a small-ish IT outfit that offers email hosting / email filtering for SMB type companies. My main client email gateway on the outside *only* speaks SSL protocols (that is pop3s, imaps, smtp/TLS) so that *all* traffic to and fro is encrypted, again, because it carries third party information. If thusly tomorrow (or some such day) Uncle Sam can come knocking on my door asking for a decryption hack to be implemented, I will most surely want to make sure somehow that the data in question is never running on US owned network infrastructure. How to do that? Who knows...

      For me, this is another example of the US setting a bad example: It's not based on liberal practices, but, as already pointed out, on the premise that everybody is guilty unless proven innocent. That, we have to thank the Bush monkeys and Bliar family for, I'm afraid. Not completely, I agree, but it makes the argument easier when we can use these people for the type they represent ;)

      Guus Leeuw

      ITPassion Ltd

      1. Anonymous Coward
        Boffin

        Scratching my head here...

        Democrat in the White House, Democrats in the majority for both houses of Congress... and yet this is Bush's fault?

        Not trying to slam you or be rude, but I think a more realistic assessment would probably show that we're getting screwed by both sides on this. If I hear Pelosi, Reid or Obama come ouit in harsh opposition I'll be happy to eat my words.

        That said, there is a practical problem in play here - how do you "tap" voice or data when a subpeona has been issued and the government is legally authorized to intercept communications as part of a criminal invesigation? Fighting the reality where truecrypt, pgp, and any other number of practically-uncrackable storage and transmission mechanisms already exist is a losing proposition. That horse is already out of the barn and nobody is getting it back in.

        To me it's an issue of creativity. At some point in every transmission the data is in the clear. If I were in the FBI or NSA I'd be polishing up on my rootkit, keylog, screen scraping, and sound-logging (not sure what the proper term for that is) skills. Yes, it might be inconvenient and maybe expensive - but difficulty and expense in maintaining taps is a good thing IMO. If wiretap subpeonas are too easy and cheap, they may become commonplace.

        Also, if you think SSL is uncrackable I would suggest reading up on man-in-the-middle exploits stemming from the whole trusted signer architecture. Technically, it's all theoretical but there is a company that makes a piece of network hardware that can do it.

  7. David 141

    Open and non-US

    Even if they somehow forced all US open source developers to include back doors in communications and encryptions software, people in other countries would simply fork the software.

  8. Michael C

    Aw heeeeeell no!

    As an American, let me be the first to inform my own government: we are not yours to monitor. Warrant or not, you do not have the authority to tap any communications system simply because it may contain communication of known suspects you have warrants for. I feel there is a need to electronically track certain high profile criminal entities, but no way are the American people going to let you a) alter common protocols to allow easy tap access far beyond what you have today, b) potentially make those protocols incompatible with the rest of the world, and c) in-flight decryption? no way. Its bad enough a warrant is virtually never questioned (unlike it is on TV) with the rare cases one being refused making national news so its little enough real protection. Under most cases, there's no notice at all you're being monitored, and it can be for almost any reason, and for almost any length of time. We can't allow new systems to be deployed that make it so easy/cheap to monitor with little reason to think twice about the expense and trouble since the courts won;t stand in the way.

    As an IT analyst. LOL! Sorry folks, those protocols were built specifically to PREVENT such monitoring and there is no way to make a back door. It may be possible to integrate a monitoring system as a caller on a line, via a hack of conference or milti-line calling, but only from withing each individual VoIP operator's systems, and each one is going to be highly unique. Taping a phone line is easy, taping an IP connection, NOT! The ISP woult pay to do it themselves, it costs too much and is a PR nightmare to admit they implemented such support. ...and I won't let my tax dollars go there either. If the feds can monitor calls by request, that means the hardware would exist in smalltime ISPs and other hack shops to record and listen to any calls they wanted. It also means they could trace almost any ISP connection, not just calls. Due to the nature of packet switched networks, its pretty hard to do that without being found out on traditional systems, but over IP? Could be a major personal security risk. I'm WAY more afraid of joe-bob in yonder local ISP back room than I am of Uncle Sam (uncle sam is easily audited, and highly accountable).

    As someone who knows better: Technology will find a way around ANY system you try to implement. If it's going over IP, it can be hidden. Period. If you can tap VoIP netoworks, they'll use chat to get anound it, or bounce off voice servers in foreign nations, or use ComSat, I mhave a few main traditional e-mail accounts, but I get e-mail in about 30 places on the internet. You can not filter all of those. If I want communication hidden, its EASY. The only people such a system will catch are small time dumbass criminals, not national security threats, and the FBI and CIA has no jurisdiction hunting down small time crooks and drug dealers. Such a system will be easily circumvented by any terrorist or organized crime organization, so why bother implementing it? If they could do this so easily, there would be no bit torrents today. They can mandate major web company and FCC managed phone companies, but since the fed powers simply do not extend to Internet sites overseas, there's no way to prevent this. proxying is always an option. Anyone who wants their calls untracible will be able to do so free and easily.

  9. The Cube
    FAIL

    Erm, does anyone remember the clipper chip fiasco?

    http://en.wikipedia.org/wiki/Clipper_chip

    So the peanut eating incompetent blunderers that call themselves "intelligence" agencies want to start this farce again do they?

    1. Anonymous Coward
      FAIL

      Ahh the encryption fiasco all over again...

      ....for the youth of today...

      http://findarticles.com/p/articles/mi_m0FOX/is_2_4/ai_53592921/

  10. Peter 39
    FAIL

    crazy

    This is walking down the same well-trodden path blazed by encryption-restrictions and Clipper-chip.

    In the short term, the most likely effect will be to increase the turnout at Jon Stewart's "Rally to Restore Sanity"

    Over the longer term it will send the software-privacy industry out of the U.S. Again.

    1. mark l 2 Silver badge

      Software outside the US

      Perhaps if the software industry does get moved outside the US this will be a good idea as then their stupid software patent laws wouldnt apply.

      As for any backdoors built into software how long before some communist state cracks the backdoor for their own gains

  11. Destroy All Monsters Silver badge
    Big Brother

    "armed with legal wiretap orders under federal legislation"

    Pffff.....

    Ridiculous.

    No-one asks for any of those anymore.

    Even the phrasing is quaint. "Legislation?"

  12. Anonymous Coward
    Thumb Up

    Thanks FBI!

    For the free access to everything. :D

  13. gollux
    Thumb Up

    There will be no trade secrets...

    All your intellectual property are belong to US.

  14. copsewood
    Big Brother

    Bit like the RIPA

    In one sense this genie was out of the bottle when Phil Zimmerman published GPG, source code and all on the Net, regardless of US export regulations in force at that time. It was further out of the bottle when the case against him collapsed. But just as with the RIPA, control freaks in government still want to put as much of this genie back into the bottle as they can. Staying outside this regime is optional for those willing to run their own email servers, especially in privacy friendly countries, and VPNs between themselves and their email servers.

    For most of the population who have not got a clue what an email server or VPN is, they will get the taps installed. Those who want to opt out for reasons of corporate or criminal privacy or principle will do just that. Perhaps the FBI know this and are only really bothered about being able to tap the 98% of communications of those who care about these privacy rights very little. Chances are also likely that the FBI won't bother with the smaller ISPs, due to higher costs per email user of providing and securing the tapping equipment. They are more interested in the low hanging fruit.

    So in my view the GNU telephony and related privacy projects (e.g. for secure filesharing involving family and friends) will only really succeed in this if they can create software which compiles to a very simple download on the platforms which those who don't care very much use and which self configures and just works thereafter. Creating networking software which can load onto minimal plug in hardware which can be bought for a very small price and which can provide reliable services is also relevant see http://plugcomputer.org/ .

    1. Anonymous Coward
      Anonymous Coward

      "privacy friendly countries, and VPNs"

      Thank you copsewood and others for your analyses.

      This sentence caught my eye:

      "Staying outside this regime is optional for those willing to run their own email servers, especially in privacy friendly countries, and VPNs between themselves and their email servers."

      I, and many others, I suspect, would be grateful if you or anybody else who knows about such things could elaborate on which countries are privacy friendly or post links on how to set up a remote email server or private VPN (without using closed source software) as some of us know of such things but lack the ability to implement them.

      I'd like to add that this proposed law and the attention that it will garner provide an opportunity to promote the virtues of encryption to ordinary computer users such as those referred to further down the thread as "the innocent and the ignorant".

  15. irw
    Big Brother

    Skype already has a backdoor

    I know that the Chinese can listen into Skype conversations, and I have also been told that the UK and US governments have access ...

    Perhaps this proposed legislation will make this more legal / less illegal?

  16. Bob 18
    Pirate

    Dumb vs. Smart Crooks

    I suppose this legislation might "succeed", just like the DMCA has "succeeded" in preventing the spread of DVD copying software. Which means, those who know what they're doing will always be able to do circumvent the restrictions by running Linux and hooking up to a few "non-standard" repositories. Who knows, the spooks might try to bug those repositories; they may or may not be discovered.

    So in the end, we'll catch crooks who are dumb enough to use Skype, GMail, etc. for their communication. Which I suppose is a good fraction of crooks. But these are also the kind of people who would blather on Facebook, making wiretaps and backdoors redundant.

    But the most sophisticated crooks --- those who have millions of dollars and can do things like blow up skyscrapers --- I assume they'll hire people who can do the set-up effort required to ensure their privacy.

  17. Seamless
    Big Brother

    The other, buried, provision of the introduced bill

    Also, carrier pigeons will now be required to first land at the nearest FBI intercept roost. If there are wiretap or search warrants in force, messages can be read before the carriers are allowed to continue delivery of messages to their intended recipients.

  18. Henry Wertz 1 Gold badge

    Hear Hear David Alexander Sugar!

    Sticking intentional security flaws into products leaves a hole that can be exploited by anybody, and makes the supposed crypto these systems have useless. It shows an absurd lack of understanding of technology that they would ask for this, and an absurd lack of respect for the civil rights we have in the US that the FBI goon would make this out to not be a big deal.

    Firstly, "We're talking about lawfully authorized intercepts?" They have broken the law repeatedly within the last 10 years, and gotten the telecoms to break the law for them, illegally intercepting everything they can.

    Secondly, they claim they are not expanding their authority -- of course they are. Sorry, but wiretaps are not some right, if technology moves on so you've got to do good old fashioned police work then so be it, it's not your right to stop it.

  19. Gray

    You can trust US

    Obviously the need for the Bill of Rights has been superseded by America's need for Homeland Security. In this enlightened Democratic age there is no need for citizens to distrust their government that has only the best interests of the nation at heart?

    If you have nothing to hide, why fear the open light of day?

    If you have nothing to conceal, why bother with encryption?

    This is a "free and open" society; we have no secrets from one another?

    Obediance demands transparency; Secrecy spawns disobediance.

    Trust your lawful government! War is Peace. Love is Hate. Collateral Damage is Inevitable.

    Our agency's federal judge orders compliance!

    We're a bit beyond "1984"

  20. Chas
    FAIL

    Quis custodiet ipsos custodes?

    “Those who would give up essential liberty to purchase a little temporary safety, deserve neither liberty nor safety.” - Benjamin Franklin

    The sooner the governments realise that they are employed by the people, and that it is the people who wield the ultimate power, the world might be a saner place.

    =:~)

    1. Anonymous Coward
      Anonymous Coward

      "... employed by the people"

      I agree with the sentiment, but the problem seems to be that 'the people' don't even realise that the governments are employed by them.

    2. Anonymous Coward
      Anonymous Coward

      Power

      To add to the list of quotations in this thread :- 'Power tends to corrupt, absolute power corrupts absolutely '. Just look to the EU and see if they think they are employed by their 'citizens'

  21. Rogerborg

    For all those Limeys ranting about this

    Please be aware that in Blightly, if you want to do naughty things, you should use the telemophone system or Her Britannic Majesty's Royal Post, since they're the only forms of communication that actually enjoy statutory protection.

    If you plan to plan Teh Revalushun using the tweetertubes, the Data Protection Act offers you no protection at all from law enforcement - or Inland Revenue - grabbing all the information on you that they can eat. They don't even need a court order, they just need to say that the data are required to "prevent or detect crime" or for "the assessment or collection of any tax or duty or of any imposition of a similar nature"

    Remember, that's how they got your hero, Al Capone.

    1. william henderson 1
      Happy

      Her Britannic Majesty's Royal Post

      a back copy of micheal wrights "spy catcher" explains how to protect your snail mail from covert interference. :)

  22. Anonymous Coward
    WTF?

    re. Power

    The EU is a lot less able to intrude on your privacy than HM Government (of whatever flavour); it has no police or armed forces; they work for national governments.

    The problem is nationalism (as embodied by the Patriot Act); the kind of Daily Fail reader that has a knee-jerk reaction against the EU is exactly the sort of person that will approve of this flavour of bullshit, they assume it will only be employed against non-whites.

    As far as the technical side goes, the clever "bad-guys" will just move from Skype (and whoever else plays ball with the Feds) to something secure (probably developed in Europe) so that the only people vulnerable to intrusion are the innocent and the ignorant.

  23. JaitcH
    FAIL

    Obama/Binen worse than Cheney/Bush for privacy invasion

    This was the administration had the temerity to condemn the UAE's ban on Blackberries on the ground that it impedes "the free flow of information."

    Have a read of both < http://www.nytimes.com/2010/09/27/us/27wiretap.html?pagewanted=1&_r=1&hp > and < http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR2010092603941.html?hpid=topnews >.

    As well the Obama administration wants to require U.S. banks to report ALL electronic money transfers into and out of the country, a dramatic expansion in efforts to counter 'terrorist' financing and money laundering." Whereas banks are now required to report all such transactions over $10,000 or which are otherwise suspicious.

    The new rule would require banks to disclose even the smallest transfers.

    I believe government's need to show some evidence of criminality before they are granted unfettered access to the private affairs of every individual or entity that dares to conduct financial transactions.

    And don't feel too smug in the UK, governments think alike.

    It's time to take pro-active steps to make these characters work harder.

    The ONLY good thing is that increasing government surveillance is actually counter-productive, as it swamps the governments with more data than it can possibly process and manage. Which is why the Detroit would-be bomber from Nigeria actually entered the US WITH A BLOODY VISA.

    The true value of requiring back-door access for all InterNet communications is if you want to sift through communications in bulk, it's only going to be feasible with a backdoors.

    Remeber Francis Bacon's observation that "knowledge is power"

  24. david wilson

    People *might* encrypt their traffic?

    As pointed out above, a lot of criminals aren't bright, and will carry on communicating in ways that could be open to interception.

    However, regarding more careful communicators, even if traffic is encrypted by an end user in addition to whatever encryption a network operator provides, while that might mean that the FBI or whoever couldn't read it *immediately* even if they could intercept it, might they not get hold of the relevant keys later on?

    Or maybe they might already have the information they'd need to do the decryption?

  25. Captain Save-a-ho
    Flame

    V for Vendetta

    Right about now, I'm going to start stocking Guy Fawkes masks. In a word, bullshit.

    Fuck em.

  26. Huey
    Black Helicopters

    Hmm

    Welcome to the land of Johnny Mnemonics I suppose. Guess I'll have to try and keep my head on my shoulders.

  27. Mike48US
    Black Helicopters

    One More Quote

    Give me six lines written by the most honest of men, and I will find something in them with which to hang him.

    Cardinal Richelieu

  28. Timothy Tuck
    Grenade

    Fear the Terrorists, they are very real!!

    Sadly from all information available on the subject....There is in fact a very large contingent of "sleeper cells in america"

    In fact the biggest Terrorists are our elected US officials. So I say we start there first. No more secret votes, no more secret meetings, no more secrets... PERIOD!

    If you are considering running for any office. You will agree to 24 hour monitoring by your masters, the US voters.

    So every phone call they make, every email the send... EVERY time they fart. WE MUST KNOW!

    If they want to see everything we do, it shall only be AFTER we know everything they do and all they HAVE done.

    State Secrets????

    No room for secrets here, I say it's high times we turn the constitution into what it was designed to be. If its not explicitly called out in there you lose it. So every law that has been written needs to re re-examined. And if its in violation of any part of the Constitution, then whoever wrote it, amended it and or voted for it is most likely a TERRORIST! Lets get them onto the no-fly list and start there.

    I imagine this might be a bit unpopular, but if your not with us, your against us and from all the information out there, it appears as if the people in office are the ones who have the most to hide and .... we just cant afford to trust you if you have this much to hide.

    When the Government can not trust its citizens, its much more than a sign that the citizens should not longer trust their Government.

    Oh, and if you have never had a regular job and always been a politician, please step to the front of the line. We need to have you re-educated before we can have you running around causing mayhem out there. You do like working outdoors right? Hope you know spanish cause Julio here is going to teach you about lettuce.

  29. Anonymous Coward
    Anonymous Coward

    news flash!

    You can't stop people (including terrorists) from using encrypted communications... like, ever.

    ^.^ <- this is the cat, and this is the bag -> u

    All you can do is make it harder and harder for the 95% of nontechnical people to have any way at all to communicate privately. If we assume that this is your true intention, your actions begin to make a lot more sense.

    You don't catch terrorists by spying on everyone. Turns out, most people aren't terrorists, but many people talk about bombs regardless. Perhaps some of the time spent dicking around in other people's countries could be used to find the terrorists? (as opposed to torturing the innocent) No? oh well then.

  30. Wortel
    Grenade

    Heh

    Feds need to wake up and smell the world.

  31. ShaggyDoggy

    Leaked to rivals

    "Businesses are going to be very unhappy about having their communications wide open - especially non-US ones operating in the US who don't want all their plans leaked to their rivals"

    Isn't that part of the purpose - so that business plans/ideas/secrets of non-US companies can be passed on to competitor US companies working in the same field. Or is that too obvious.

    1. david wilson

      @ShaggyDoggy

      >>"Or is that too obvious."

      If the system really is that bent, how would a US company know that a rival US company wasn't getting hold of their information?

      Do they really know they can trust the relevant agencies not to be biased?

      I can see that some things like a rival's bid prices /could/ potentially be passed on to a relevant US company head, who can then pretend that the resulting winning bid price they chose was their own idea while not having too many people in the know.

      However, with things like ideas and secrets, wouldn't they tend to involve rather more people having to know where the information came from.

      For regular commercial industries, surely some of those people would move between companies and countries, and some may not even be US citizens?

      If real trade secrets do leak, wouldn't the original inventors tend to realise a leak had happened fairly quickly?

      I guess for things like defence industries, it may be easier to be confident people would generally keep the secret, but wouldn't overseas companies in those areas tend to be fairly security-minded when it came to communications?

      For that matter, would the average large non-defence corporation tend to send details of trade secrets around relying only on the goodwill of RIM for security?

      1. BioTube
        Boffin

        @david wilson

        The whole point of fascism/corporatism is that the state serves the interest of well-connected companies(as opposed to socialism, where its members act in their own interest; there's really no winning unless you're in), so even if a company new its secrets were being given to its competitor by the government, there's little they could do about it except start delivering messages in person.

        1. david wilson
          Black Helicopters

          @BioTube

          Even if someone thought their communication channels were vulnerable, what stops them doing their own extra encryption?

          Unless they think that The Fascist State already has an agent in their company reporting back to The Corporation, in which case, why bother delivering messages personally?

          However, if there really is a ruthless trade-secret theft operation going on, why do we seem to hear nothing about it?

          If it's a national-competition thing, is the slience all a gigantic media conspiracy, even including media local to the countries of companies getting screwed by the activities of The Foreign State?

          Alternatively, if it's all some Conspiracy of New World State + Big Transnational Corporations + All Media against the small guys, why do small companies often seem to get bought when they have good ideas, rather than just stolen from and trampled underfoot?

This topic is closed for new posts.