FCC To Require Backdoor Network Access for Feds

humankind writes "The EFF is reporting that the Federal Communications Commission issued a release [pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA)." From the article: "Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications - to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements."

9/11 changed everything..

[Adult film producer (866485)]

We can't sit back and let the terrorists win.. err wait, wtf am I talking about? Somehow this is a good thing.. yes.. maybe I should give the feds access to my webcams, this will make america safer :)

Re:9/11 changed everything..

[infonography (566403)]

Considering your nick here is Adult film producer (866485) just giving me access to your webcams would be fine. However IMHO 9/11 changed NOTHING!

Re:9/11 changed everything..

[Oktober Sunset (838224)]

If you give up all rights that the US stands for, then the US may as well not exist.

Re:9/11 changed everything..

[Lisandro (799651)]

Not to rain on your parade, but check the definition [google.com] of terrorist: it's well accepted that a terrorist is someone who employs terror as a political weapon.

    The more the US resorts to giving up freedoms in order to "combat" terrorism, the more terrorists win. It's simple, sadly enough.

Re:9/11 changed everything..

[by Anonymous Coward]

I wouldn't say that they're winning just because Americans are giving up rights. It just means we (the normal citizens, not the politicians or corporate big-wigs) are losing. The terrorists aren't necessarily winning either because our inept foreign policy hasn't changed at all.

Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves. They likely just interpret our foreign involvement as bullying and wish us to stop.

Re:9/11 changed everything..

[Lisandro (799651)]

Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves.

Indeed, they just wish to create fear as a deterreent. The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism. It just doesn't work. There's a lot of European countries that suffered terrorism for much longer and never resorted to such measures.

They likely just interpret our foreign involvement as bullying and wish us to stop.

Actually

Re:9/11 changed everything..

[87C751 (205250)]

The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism.

No, they find that limiting personal freedoms is a viable way to limit personal freedoms. That's the real agenda. Combatting terrorism is just this year's excuse.

Re:9/11 changed everything..

[EvilAlien (133134)]

They don't want us infidels to convert. This isn't about spreading or enforcing a religion. That is a christian tactic.

This is about engineering the creation of a hardline Islamic theocractic regime (i.e., the return of the caliphate), and the best way to do that is to terrorize the enemy that works to westernize (read "support freedom") predominantly muslim nations. There is a long history of terror and assassination used as a tactic against western incursion:

As early as the last years of the eleventh century the Assassins had succeeded in setting firm foot in Syria and winning as convert the Saljug prince of Aleppo, Ridwan ibn-Tutush (died in 1113). By 1140 they had captured the hill fortress of Masyad and many others in northern Syria, including al-Kahf, al-Qadmus and al-'Ullayqah. Even Shayzar (modern Sayjar) on the Orontes was temporarily occupied by the Assassins, whom Usamah calls Isma'ilites. One of their most famous masters in Syria was Rachid-al-Din Sinan (died in 1192), who resided at Masyad and bore the title shakkh al-jabal', translated by the Crusades' chroniclers as "the old man of the mountain". It was Rashid's henchmen who struck awe and terror into the hearts of the Crusaders.

- from HITTI: THE ASSASSINS [alamut.com]

We are seeing the modern version of a conflict that is hundreds of years old, and it has nothing to do with Usama bin Laden wanting George W. Bush to convert to Islam.

...WTF?

[Pantero Blanco (792776)]

Wasn't there a ruling just a few weeks back that the FCC didn't have the authority to regulate the Internet, which would include things like VoIP? Did that get overturned at some point?

Re:...WTF?

[twiddlingbits (707452)]

It's the actual networks the telco's own, which technically IS the Internet and technically IS not as some data (such as corporate data) travels on the networks mixed in with Internet data (i.e. a VPN over the Internet). It's really a gray area as to where the Internet stops and the carrier newtworks begin. A private, seperately routed network for say Wal-Mart using dedicated SBC/Wilco/Sprint/MCI lines would NOT be the Internet, but if they sent the data via the public side of a network then it is the Internet. Next thing ya know the Feds will want all the corporate encrypt/decrypt keys and all of our PGP keys so if the data the monitor from those they deem are suspicious they can unlock the data. Of course since they don't know in advance WHO will need to be monitored we have to err on the side of caution and EVERYONE has to give over thier keys. Even with the Patriot Act (which is well intentioned but very flawed in execution) I think this goes too far. I expect this one to be ruled on by the Supreme Court before too long. In the meantime, I guess we should all be very careful.

Re:...WTF?

[tomhudson (43916)]

Next thing ya know the Feds will want all the corporate encrypt/decrypt keys and all of our PGP keys

Interesting thought, but how are they going to do that?

Looks to me like more and more people are going to gt into wireless mesh networks and pgp/gpg just to avoid big brother.

Its' like back in (IIRC) the '60s, when one guy who was being watched by the FBI made it a habit of writing "Fuck the FBI" on sheets of paper in every hotel room he stayed in, shredded them, then dumped them in the trash. So the ag

Re:...WTF?

[tomhudson (43916)]

Sure they did - they were called scissors, iirc :-)

Re:...WTF?

[demachina (71715)]

"Nobody is at this time limiting your rights, your privacy or your liberty"

WTF are you talking about. If you are taking a subway in some major American cities today you can now be stopped and searched for no reason and with no warrent. If they catch you with a couple of joints I'm curious if you are going to jail and if they can make the charges stick since it is a blatantly illegal search. There is no probable cause and there is no warrant for these searches. They are about as illegal as they get when they start applying them to people commuting to work everyday.

In the UK the police drew guns and started shouting at a Brazilian electrician because he was dark skinned and wearing a heavy coat in summer. He paniced which is not a surprise when people start yelling at you and drawing guns. They tackled him pumped him full of lead, though he had no weapon, purely on the vague suspcion he might have a bomb. The Brits responded with, oops, sorry.

Its something of a fact of life you are surrendering your privacy to get on an airplane but last time I did it they hand frisked, intrusively, a 70 year old man in front of me. The look on his face was sickening and it was worse because they were intimately searching him in front of everyone with a little table being the only thing blocking the worst of it. At this point I'm thinking, how has America fallen this far. He didn't fit the "Terrorist Profile" either and it was probably the first time in his life he'd been frisked. The lady at the metal detector said he looked "nervous" which is apparently why he was one step away from strip search. He was nervous but only because he was deathly afraid of the security shakedown and amazingly he had reason to be.

There is a fair chance you will soon see millimeter wave scanners in airports which will in effect let total strangers see you naked everytime you go to an airport. If they work there then there is a fair chance they will eventually appear in mass transit.

"If I want to keep something private, I sure don't send it via the Internet, snail mail still works good in that respect"

You are totally delusional at this point if you think the Fed's wont open your mail if you or whomever you are communicating with is the target of an investigation.

" The fact that the Patriot Act got pretty much unanimous reapproval in the House and Sentate says it not a bad deal on the whole."

No it says the political climate is such that politicians will vote for almost any piece of security legislation, no matter how bad. If they don't their opponents will pummel them in the next election for being soft on terrorists and it will work. The quality of the legislation has nothing to do with it. The National Intelligence reform act passed by a wide margin and it instituted the first step towards nation ID cards which Americans would have never tolerated 5 years ago. It eliminated most of the safeguards against intelligence agencies spying on Americans which were instituted because J. Edgar Hoover and Richard Nixon were massively abusing those powers to spy on, blackmail and general destroy their political opponents.

" I really don't care as I'm not going to do something to bring him down on me."

Thats the spirit. I'm sure thats how most American's rationalize it. These news powers are currently only being used to hammer Muslims, most of whom appear to be innocent. You aren't Muslim, you don't fit the "Terrorist Profile" so why should you care. Germans didn't care either as long as it was only they Jews that were being persecuted because they weren't Jewish.

Re:...WTF?

[demachina (71715)]

"but I really don't care as I'm not going to do something to bring him down on me."

Forgot to add I'd laugh my ass off if you were communicating with someone who is doing something that the man doesn't like, and who is a target of an investigation. If you are you fall under guilt by association and you wouldn't even know it.

For example you may remember the programmer who was a citizen of Canada, who was snatched by the Feds, questioned and then deported to Syria where he was jailed and tortured for over a year. His crime as I recall, someone in his family asked him to sign as a reference on a lease of this other guy, who had been targeted in a terrorism investigation. His second mistake was he flew through New York on his way from Europe home to Canada.

You see you don't have to be guilty of anything in this wonderful world we live in. You can be targeted for just communicating with someone under suspicion, or you can be falsely accused by someone being pressured through interrogation and threats. For example in the UK now its a crime to withhold information about a terrorism investigation. Three people in the UK are being charged for just this in the wake of the London bombing. If they are falsely accused the only way they can escape this charge is to make up false information to give to the authorities and the easiest thing to do is falsely accuse someone else.

Awesome.

[ThatDamnMurphyGuy (109869)]

More regulations to drive up costs and actually lower security. That's our government. I can't wait for the first time that a feds-access method is discovered and published. Of course I'm sure they'll label that discovery person a terrorist.

Re:Awesome.

[paulproteus (112149)]

It's so nice to have market-loving, freedom-creating, innovation-pushing Republicans in power. And we all know Republicans are all for limiting the size, scope, and expense of government.

Wait - you're saying they added regulation that limits busineses' freedoms to innovate with broadband and adds invisible costs to the consumer? I thought that was what commies and big-government Democrats do!

Re:Awesome.

[Surt (22457)]

Interesting that they sought these powers all through the clinton administration, yet didn't receive them until the bush administration.

Re:Awesome.

[i_am_not_a_bomba (904443)]

Wait,

So your saying that the republicans shouldn't be blamed because they have caved in where the democrats didn't?

Seriously, that's what you've just said in that post.

Sometimes i wonder if you lot would *ever* condem your partys actions, then i read posts like yours and think "no".

(I am not an american)

Aww!!

[hypergreatthing (254983)]

Think of the children! It's for fighting terrorists and will never be used otherwise!

Some companies are different that others.

[Rosyna (80334)]

Cisco, for example, has complied with this new rule before it even existed.

This is a good idea?

[hobbesmaster (592205)]

If you have a backdoor - how long before somebody malicious has access? 30 minutes? If you can get into any box anywhere (because apparently everything will have to have this) then couldn't one little malicious script bring down everything connected to the internet?

Re:This is a good idea?

[Sancho (17056)]

I'm sure the implementation would be a little more secure than requiring the username/password "fbi/fbi" to grant full access on the box. More likely, companies would be required to have a login/secure password (if not some sort of public key encryption) access on the boxes, preferably through firmware. Each manufacturer would have a different password/key. Possibly each unique model would have a different password/key. Any time a leak occurred or someone discovered the backdoor, a new firmware could be issued as a "security fix", which would revoke the old method of access and create a new one. Thus breakins would be limited to companies (Cisco) or specific devices (2950t line). Any time a breakin does occur, a firmware patch would be all that is required to seal the breach.

Additional security could be implemented to prevent the entire Intarweb from being owned by a single leak. For example, there is no good reason that the FBI should have write-access on these devices. That in-and-of-itself should be enough to prevent worms from spreading. Also, certain key files should be unreadable, such as password lists, in order to prevent the spread of worms.

Now, all that said, I do not think this is a good idea. Nevertheless, backdoors can be created securely.

Re:This is a good idea?

[sgant (178166)]

At the very moment, the FBI is cursing under their breath as they change their passwords from "fbi/fbi" to something else.

DAMN YOU SANCHO!

Re:This is a good idea?

[by Anonymous Coward]

I am once again surprised with the high mod points here. This guy is as niave as hell. It's pretty damned hard to design a secure front door leta alone a back door. This may be flame bait but it goes to show the level of technical knowledge on slashdot is dropping like a rock.

Re:This is a good idea?

[myov (177946)]

You're assuming they'll manage the passwords properly. Why spend the effort when you can be lazy?

  I know of field techs at numerous companies who use a password based on the serial or model number. One of my clients with a number of higher end printers/copiers has a password of "1111" or "0000". It's set that way so that all the techs know how to get in. In some cases, there isn't a password - only a key combination (like stop-*-1)
Of course, many others quickly figure it out. I can get into maintenance menus of many photocopiers knowing this trick.

Instead, passwords should be based on something like a site number. Still accessable to the techs, but not to the random users.

Why is it dangerous to have a bad password? One tech told me a trick for free copies - either using the maint menu to "test" the machine, or going as far as to disable the pin menu or coin collector. Other machines now have many interesting options to play with - including watching an email address and printing automatically to things like LDAP lookups. Somebody could social engineer your network and get your company directory using the photocopier!

Re:This is a good idea?

[MourningBlade (182180)]

I think the fundamental problem here is not one of incompetence but one of interest.

When you have ways to get unlimited access into the phone network, some very unscrupulous people with lots of money begin to think that maybe they should have access to it as well.

In Columbia, they ran a "drug tip hotline" that was supposed to be anonymous. They got a few leads, then it dropped off. Why? Because the drug cartel had someone in the phone company feeding them the numbers of everyone who called in - whom they then killed.

They switched it up and told people to call from a pay phone. Cartel solution? They tapped the line and started identifying people by voice.

The program was eventually shut down.

There's not much you can do about some of these things - but having back doors like this hurts more than it helps, and with enough resources you can get the keys.

Another problem is that law enforcement likes as few barriers as possible to do their work (no surprise there, I'd hate to have red tape to cut through just to start up vi), so they tend to avoid solutions with things like...logging.

I'm told that the older CALEA systems do not track their uses, and there were some very odd occurrences in NJ several years ago regarding a mafia case that suggested that someone had a way into the system - specifically confidential informants who discussed some things over the phone were then killed.

Of course, no way to tell - there's no logs.

My point is that when you set something like this up, you are point-balancing a sword with many edges.

So what?

[MacFury (659201)]

then couldn't one little malicious script bring down everything connected to the internet?

Big deal. So anyone with a little bit of knowledge and desire can cripple the entire internet in one blow.

We can't let the terrorists win! We must comply with this obivously good idea.

Oh wait...

Security (From The Government) Through Obscurity

[nick_davison (217681)]

I think it's a great idea. As you point out, within 30 minutes someone will have malicious access. Within a month every script kiddie on the net will have access to every PC in America.

At which point, I welcome the government's attempt to successfully prosecute me for anything whatsoever: "No, that file of Dubbya, the underage pretzel salesgirl and the goat wasn't mine. You idiots left the backdoor to my system wide open. Literally anyone on the net could have used my PC to host it and you guys are responsi

Re:Security (From The Government) Through Obscurit

[jrockway (229604)]

They can put a backdoor on my OpenBSD box after they beat me to death with a cold, dead Model M keyboard. (Come to think of it... that would be easy to do.)

right to privacy

[garstka (144691)]

It's funny how you never hear the phrase 'right to privacy' nowadays. Is privacy no longer a concern to people now that we have terrorists to worry about? The things I think about and read and what I do in my personal space (yes, my computer is MY space) is frankly not the business of anybody except me. Get a warrant, then search me - I'll live with the fear of a terrorist attack, I can handle the responsibility.

Re:right to privacy

[spagthorpe (111133)]

You're right, it is your space. Pull out that little network cable at the back of the machine. There, nobody has access to it anymore. See how easy that was?

Some of us remember what it was like to use a computer before the internet. Strangely, they were still pretty useful for a lot of things.

Re:right to privacy

[bezuwork's friend (589226)]

Just finished the bar. Don't remember it from Constitutional law but for the bar, we studied the fundimental rights pretty thoroughly. The right to privacy is a fundamental, if implied, right which in turn leads to other rights - the right to marry, to procreate, to use contraceptives, to have an abortion, etc.

So for now, it is alive and well in theory.

But scotus has taken rights that once were fundamental and reclassified them as not (forget which ones right now). So it comes down to what the scotus du jure thinks.

There was a guy in my law classes who, after 911, kept saying that we may have passed into an era where privacy must be sacrificed. I don't think it is necessary and hope he was wrong.

Related comment - last year I reported some vandalism on my property. I refused to fill out the fields for age, race, hair and eye color, etc. The police called me and refused to enter the report (I did it online) unless I provided that information. I said "why? You know where I live and I was the victim (sort of - my property was)" Their reply? "The FBI won't like it." Scary.

Re:right to privacy

[demachina (71715)]

"Is privacy no longer a concern to people now that we have terrorists to worry about?"

The stock response is if you aren't doing anything illegal why would you care about privacy. This is only to catch bad people doing bad things. You aren't a bad person doing bad things are you? At this point you can see why only activists will fight it. Your average citizen isn't going to complain because that just makes you ripe for further attention by the authorities. The man in the suit might come knocking and ask, "Why are you wanting to use encryption and hide your activities from us Mr. Garstka."

American's don't really have much of a sensitivity, at present, as to why police states are bad. They aren't likely to start caring until its to late. At the moment its really only Muslim's that are taking the brunt of it and most Americans aren't Muslim. For example two men in Detroit were convicted on terrorism charges by the DOJ. The two main exhibits:

- A homemade video of their trip to Disneyland which the government insisted was really a surveillance tape to plan for a terrorist attack, and just cleverly made to look like a tourist video.

- A conman up on fraud charges was offered a reduced sentence if he testified against them. Predictably he took the offer. Unfortunately for the DOJ he started talking to cell mates and admitted he lied to get his charges dropped and the case was overturned, but not until two Muslim men and their families had been put through living hell for having video taped their Disney vacation.

This instance is covered in the fascinating BBC documentary The Power of Nightmares [archive.org]. If you want a primer on why your right to privacy is being eviscerated by the powers that be, its a good starting point. It also highlights some fascinating similarities between the neoconservatives currently running America and Britain and Islamic fundamentalism. In many respects they need each other and are using each other to attain their goals, the end of western liberalism and liberties. They both want a return to regimented societies dominated by their respective religion's concept of law and order.

Re:right to privacy

[n6mod (17734)]

It's been ruled as implicit in the US Constitution (the basis of Roe v. Wade) and is explicit in the California Constitution. This, by virtue of the 10th Amendment, should trump the Feds. I say "should", because like much of the rest of the document, the Supremes seem to be unable to read or comprehend the 10th amendment.

Re:right to privacy

[hazem (472289)]

The 4th Ammendment covers it pretty well:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Now, maybe I'm just a crazy left-wing wacko, but I think one should be able to reasonably extraplotate "papers and effects" to include their own computer networks and files.

Re:right to privacy

[FroBugg (24957)]

In the US Constitution? Not explicitly. Many states do have privacy rights outlined. Here's the relevant text from the Florida state constitution:

SECTION 23. Right of privacy.--Every natural person has the right to be let alone and free from governmental intrusion into the person's private life except as otherwise provided herein. This section shall not be construed to limit the public's right of access to public records and meetings as provided by law.

SSH tunneling

[paulproteus (112149)]

I was going to reply to this with, "Well, I can tunnel my connections via SSH to add instant magic security powder," but then I realized - the server I'd be doing the tunneling *to* is on a cable modem, and it'll have all the same backdoors.

I wonder if I can trust my university's networks; maybe I should SSH tunnel to my computer science department account.

Huh.

huh?

[zappepcs (820751)]

How does this hobble technical innovation? It is a logical extension of CALEA.

I see problems with it, like Skype is not a US company and implementing CALEA functions for monitoring on Skype servers would not be legal in other countries?

I don't think that the government has a clear grip on what the Internet is yet, but by allowing VoIP to replace traditional switched circuit voice networks, they lose monitoring functions for legal wiretap operations. This just gives it back to them, though I'm not sure how they will implement it worldwide, nor do I think it can be done simply within the borders of one country since it is run over the Internet in many cases. Sure, if Comcast offers VoIP, then CALEA would apply, but I see trouble with Skype and Gizmo services.

Also makes me wonder how far the reach of CALEA will go, given the current state of anti-terrorism and related activities.

I just don't see how this hobbles innovation.

Re:huh?

[laffer1 (701823)]

Innovation is hampered because US companies have the additional burden of providing the back door in their products. Its an added cost, and security hole. If I lived in another country, I would not buy American products now. As an american, i may consider buying foreign products without the back doors. Obviously i'd have to mail order them for a less than reputable source as products imported will probably need the lame back doors too!

a diaster waiting to happen

[MrLint (519792)]

Well since companies like Linksys use linux in their devices, they still have to comply with the gpl. meaning if they keep using Linux they will be revealing all the back door code, or they'll have to stop using it or get sued.

Of course knowing our govt, the spec will be sooo poor and it'll get out and the internet will have huge security holes and hackers and spammers will get a hold if it.. and *foom* govt facilities zombies!

mebbe its time to switch to a bsd router.

Freedom in the US, and implications for business.

[by Anonymous Coward]

If the goal of terrorists was to destroy our freedoms and way-of-life, it is starting to look like they are winning -- and while I sure terrorism is the excuse for this law, I'm really not sure I trust the intentions or our current government.

In addition to the immediate 'what kind of country are we becoming?' blood-curdling privacy implications of this law: what is this going to do the competitiveness of American manufacturers? Other countries are not going to accept back-doors for the US government in their network products.

so go with a router you can run Linux or BSD on.

[artifex2004 (766107)]

If you use open source router software, and tunnel or SSL or SSH to everything, this should not be a problem.

The question is, why aren't people assuming that plaintext is a bad thing already?

And?

[roybadami (515249)]

AFAICS, all the linked press release says is that VOIP should be subject to the existing laws on telephone tapping....

Or am I missing something?

What's a broadband device?

[ChiralSoftware (743411)]

If I use a Linux box as my broadband router, is that a regulated device? What I'm wondering is, where does this law stop? If there is a Linux distro that is specifically designed as a "broadband router on a CD", would that fall under the regulation? What if I have a broadband card plugged directly into my computer? Is the broadband card the device, or is the whole computer the device? What about if the broadband card does everything in drivers which are part of the kernel?

Even regular consumer devices like Linksys routers are running Linux, so that makes me wonder if the changes have to be hardware or software changes. It's my impression that on a Linksys router, basically everything important is done in software, so I don't see how this could be implemented in hardware.

And obviously, if this means that Linksys routers need to have a patched kernel, will they have to be locked in some way to prevent changes to the kernel? What about the GPL? If the backdoor is implemented as a part of the kernel, and then that kernel is redistributed, then the backdoor code would need to be published, right?

Back in the days when everything was hardware, regulations like this would be cleanly enforceable, but now that the work is done almost entirely in software, it's a mess.

-----------------
mobile search [mwtj.com]

I'm doin some homework

[2ainman (700247)]

... rather than just taking everything I hear from the internet (interpreted thanks to eff.org). Kudos to people like sheetrock, teilo, and others for doing the same. Im not going to bother reiterating some of their previous points regarding "backdooring our routers!". If you're confused ... lookup "backdoor" and "wiretap" on some jargon files or something.

Heres a link to the fcc announcement (NOT eff.org's) http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DOC-260434A1.pdf [fcc.gov]

Ooooh theres some big telco words in there that I had to look up.

facilities-based isp: isp owns the switches and access servers.

Many isps are non-facilities based or hybrid based, meaning that they buy some access from other facilities-based isps, and have some equipment of their own. It only makes sense that the fcc would want access to the equipment through the people that actually own them.

More specifically the announcement mentioned that they would target the facilities based isps / voIP carriers that allow connection to pstn (public switched telephone network).

You guys have all seen those cop movies where they sneak into the bad guy's house and tap his phone. Well, if a bad guy is using voIP, you can hardly do that. (Well you can, because voIP's standard is not encrypted, although some like skype claim to). So rather than try to tap at the source, which could possibly be encrypted (as teilo said), they just tap it at the point at which it is just pstn traffic again. (Remember they were focusing on services that allowed communication to pstn from voip). So if bad guy A tries to do voIP to bad guy B whos just on pstn, then fbi can listen in, without knowing the location of bad guy B.

This leaves the idea of the bad guys just talking voIP to voIP with encryption. People say that the government can already sniff our traffic and see everything we do, so whats the point of this new legislation? Where are they sniffing from? As of now, I don't think its via these ISPs who are commercially owned with little to no regulation. So maybe this is the government just moving their pieces in to better position on the board.
Just my 2 cents.

Government support of cisco?

[ediron2 (246908)]

Heh, perhaps this is being done so that the Government can cause a catastrophic security event so big it'll make Cisco's looming problem look trivial.

After all (and I do government security work), Uncle Sam usually does mediocre to terrible infosec...

Seriously, this idea is terminally stupid to the point where I doubt it'll succeed. Even if we dodge the risk (hah!), and the letter of the rule is implemented, grunts like me will just be required to implement secure tunnels to hide stuff that is too important to risk (they add a key, so we add another lock).

Re:Why do they always have to be insecure?

[paulproteus (112149)]

When there's one key to the whole American Internet infrastructure, that sounds pretty insecure to me.

One malicious Fed with the access key can leak it, or eavesdrop on anyone at will. Perhaps he was blackmailed by the mafia, or wants extra money by selling info to spammers, or incentives are otherwise skewed.

Time and time again, we see that eavesdropping systems are abused by insiders. That's why limiting the availability of eavesdropping technology to exactly what's required is the most secure choice.

Re:Why do they always have to be insecure?

[ArbitraryConstant (763964)]

"What if it means that the equipment will accept connections if it passes a rigerous sshv2-dsa key handshake, with a really, really big key size? I don't see that being insecure, setting aside concerns about the stupid feds being bitches in power games leaking the key. Technically, there's nothing stopping them from making it secure (as secure as you or I have our home systems, that is)."

The dominant SSH implementation (OpenSSH) isn't even based in the US, so the FCC doesn't have the power to mandate backdoors in it.

Re:Great

[CdBee (742846)]

I was just thinking, this is the point at which I stop buying US Robotics broadband routers and start pondering the benefits of using either a Mac Mini or a small-footprint intel PC as a linux router...

Re:Right to what?

[Legion303 (97901)]

"right to privacy is an urban legend. Read the constitution if you don't believe me."

You first. You can start with the 9th amendment.