Skip to content

Web Wiretaps Raise Security, Privacy Concerns

February 24, 2011

NPR, 22 Feb 2011: In the old days, wiretapping was easy: Law enforcement officials just tapped a wire. Even with cell phones, police merely had to take a warrant to the phone company and tell it to tap the number.

But now, in this age of Skype and instant messaging, things are a lot trickier, and law enforcement says it needs help.

Federal law already requires tech companies to cooperate with court-ordered surveillance. The problem, says FBI general counsel Valerie Caproni, is that the companies offering services like Web-based e-mail or social networking sometimes can’t cooperate.

“What we’re finding — and it’s not universally the case, across the board — but what we’re seeing is they do not have intercept solutions available for all of the types of services that they’re offering for people to use to communicate,” she says.

Seeking An ‘Intercept Solution’ For Internet Communications

In 1994, Congress passed a law requiring the new cell phone networks to provide “intercept solutions,” as Caproni puts it. Now, the Obama administration wants a similar requirement for communications systems on the Internet.

The FBI, the Commerce Department and the various spy agencies have been meeting for months to discuss possible legislation, and last week there was a preliminary hearing on the subject in the House of Representatives.

“It was a very weird hearing,” says computer engineer Susan Landau, who testified.

She says it was hard to offer analysis because the administration is being vague: “They just haven’t detailed their problems.”

For instance, the FBI won’t specify which Internet systems are at issue because it says it doesn’t want to advertise its blind spots.

Landau, who specialized in Internet security at Sun Microsystems, says she is convinced that there are problems “on occasion,” but it’s hard to know how severe they are.

Downsides To A Cure

Whatever the extent of law enforcement’s problem, she says, the cure may be worse.

Landau wrote a book called Surveillance or Security? The Risks Posed by New Wiretapping Technologies, which argues that built-in eavesdropping systems can open computers up to non-government spying. And the danger isn’t just hypothetical. She points to a case in Greece in which software meant for lawful eavesdropping on the cell phone system allowed somebody to spy on the prime minister and other officials.

“Somebody went into the switch and wiretapped these 100 senior officials for a period of 10 months,” Landau says. “It was discovered when a text message went awry, and quickly stopped. But we still to this day don’t know who did it.”

The Threat Of Hacking

She says imagine the vulnerabilities that would be created if similar back doors were required on all e-mail services or social networks. It’s an argument that resonates in Washington, as evidence mounts that the government and American industry have been targets of persistent and effective hacking attacks from overseas.

And then there’s the problem of the Internet’s decentralization. It’s one thing to regulate a handful of phone companies, but when it comes to all the different ways to chat online, it’s hard even to keep track of them all. And some services aren’t even run by companies.

Finding Anonymity Online

The Tor project helps to “anonymize people and to keep them safe and private on the Internet,” says Jacob Appelbaum, the project’s developer.

Tor’s encryption system has been used by everybody from the U.S. military to WikiLeaks. Appelbaum’s involvement with Tor earned him close government scrutiny. And that’s one reason he now works as a computer researcher at the University of Washington’s computer science and engineering department. He hopes the job will give him a little extra legal cover.

Appelbaum says if the government ever told him to build an eavesdropping function into Tor, he would refuse.

“Oh, I mean, I would leave the country,” he says. “I would not be in a country that was so hostile to people having personal autonomy and liberty.”

It may not come to that: Caproni says the administration is trying to find what she calls “an 80 percent solution” — something that facilitates government access to most online communication, but not necessarily all of it.

Comments are closed.

%d bloggers like this: