FBI Complains About Wiretapping Difficulties Due To Web Services

c0lo writes with news that the Federal Bureau of Investigation is lamenting the difficulty in executing wiretaps because of "web-based e-mail, social-networking and peer-to-peer services." "President Barack Obama's administration is debating ways to deal with Web-based services not covered by traditional wiretap laws, including incentives for companies to build in surveillance capabilities, said Valerie Caproni, general counsel at the FBI. Many Internet services are not covered by the Communications Assistance for Law Enforcement Act (CALEA), which requires traditional telecom carriers to allow law enforcement agencies real-time access to communications after a court has issued a wiretap order, she told members of a subcommittee of the US House of Representatives Judiciary Committee. But Caproni told lawmakers she was not asking for expanded CALEA powers. And she stopped short of calling for rules requiring Web-based communication providers to build in so-called back doors allowing law enforcement access to their software, although she said she's optimistic the US government can find incentives for companies to 'have intercept solutions engineered into their systems.'"

Police work is not SUPPOSED to be easy

[Man On Pink Corner]

If police work is easy, it means you're living in a police state.

They're here to serve us, not the other way around. History shows that when you give the FBI increased investigative powers, those powers are used not to prevent the next 9/11 or OKC bombing, but to spy on dangerous subversives as Martin Luther King and John Lennon. [nytimes.com]

With power should come responsibility, or at least accountability. The FBI has shown neither.

On behalf of all blackhats of this planet

[Opportunist]

allow me to say this:

"PLEASE! WE'VE BEEN WAITING FOR IT!"

Ok, on a more serious note, how long do you think 'til such a backdoor will be sniffed out and abused by people with even less concern for constitutional rights and fewer qualms to abuse such a privilege?

Think about it for a split second. What qualities would such a backdoor have to have? First, it would have to work with all such providers, every single network, and you may rest assured that it will have to follow some standard and possibly even be accessible with a single set of login credentials. And second, the provider would of course not be allowed to monitor or even log such an access to keep them from possibly noticing such an access (of course, only to make sure that no "inside man" could warn the bad guys).

Can anyone, or everyone, here see the possible value for MUCH worse guys?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Not in the US

[Jane_Dozey]

Many Internet services are not covered by the Communications Assistance for Law Enforcement Act (CALEA)

They do realise that even more Internet services are not even in the US....right? Or does their jurisdiction actually extend to other countries now?

The Irony Gets Thicker

[Phoenix666]

And here we are seeing a wave of democracy sweeping the Arab world, facilitated in part by these very technologies. At the same time, the U.S. government is positioning itself to prevent those very tools being used against it.

There are still those here who will say that it's hyperbole, but the same tipping point is approaching here. Our real rulers (hint: neither political party, but those behind both) are getting nervous and moving to keep their grip on our society. They have perpetrated the most massive theft in the history of mankind, absconding with trillions of dollars of our money, selling our children into a lifetime of debt servitude while theirs party on; they know it, and we know it, and they're starting to realize that we know it too.

Re:The Irony Gets Thicker

[srmalloy]

There are still those here who will say that it's hyperbole, but the same tipping point is approaching here. Our real rulers (hint: neither political party, but those behind both) are getting nervous and moving to keep their grip on our society. They have perpetrated the most massive theft in the history of mankind, absconding with trillions of dollars of our money, selling our children into a lifetime of debt servitude while theirs party on; they know it, and we know it, and they're starting to realize that we know it too.

"The tree of liberty must be refreshed from time to time, with the blood of patriots and tyrants. It is its natural manure." -- Thomas Jefferson

The emphasis is mine. It is interesting that this quote is most often seen cut off after 'patriots'. Who might have a vested interest in seeing that the public stops thinking of rulers being made to pay for growing oppressive?

Re:What about encrypted communications?

[Anthony Mouse]

Would peer to peer services which offer end to end encryption like Skype be required to re-engineer their software to allow government wiretaps? This could be the end of personal use encryption as we know it.

They can't really stop personal use encryption at this point. Skype isn't fully open source, but that doesn't mean there can't or doesn't exist open source P2P encrypted communications software. And even if the official maintainers of that software were required to add a back door, the idea that no one would distribute a version with the back door removed is laughable. It's like trying to suppress DeCSS. Moreover, OpenSSL and OpenSSH are BSD licensed -- it's not like adding strong encryption to a communications app is rocket science. (Although for crying out loud, can somebody please fix the OpenSSL documentation?)

I would also expect Skype to strongly resist efforts to make them add a back door, if only because of the damage it would do to their reputation. Everybody knows that back doors are truck-sized security vulnerabilities that tempt black hats like chocolate cake tempts Michael Moore. People use Skype for confidential communications because it appears to be secure. Make it notoriously insecure and an alternative will appear which people will use instead.

Of course, that isn't to say that this proposal is puppies and unicorns and nobody needs to oppose it. People who demand good security -- including criminals -- will use software that has good security and no back doors. But there is still a need to protect innocent fools from organized criminals. Making the software that the average fool uses substantially less secure has the potential to make organized criminals much more effective -- remember, most people aren't terrorists, so intentionally creating a vulnerability that impacts both stupid innocents and stupid criminals will disproportionally impact the innocents because there are more of them.

The Backdoor Exists Already.

[VortexCortex]

Here's how it works:

1. Identify the individual you want to spy on.
2. Identify the web services you want to spy via.
3. Obtain the SSL certificates of the web services.
3. Gag & Order the certificate authorities named in the SSL certs to create the FBI/NSA a new fake trusted cert.
4. Use the unwarranted wire-tap systems already in place to "Man in the Middle" any connections the individual makes to the web services you wish t spy on.
5. Return the fake cert to the individual, and re-encrypt the data to the web service using the real cert.
6. Spy on the individual as much as you like.
7. ...
8. Oppress!

Note: If the CA is not a US company, then simply use Verisign or other US company to creat the fake certs -- No one checks to see if the cert is actually the one that the domain normally uses...

CAs can make certificates without the domain owner's permissions -- As long as the certificate authorities don't need the domain owner's permission to generate certificates the SECURITY THEATER of SSL will remain intact.

Also Note: FF > Preferences > Advanced > Security Tab > View Certificates > CNNIC ROOT
This is the root certificate that China will use in these types of MITM attacks.

P.S. Remember when a large portion of the Internet was "accidentally" routed through China? [slashdot.org]

Re:we should make it easier for them

[jdpars]

It definitely sucks that they want access to communication they can't get to right now. It's difficult, and it should be, to want to let them in. I think there are good arguments for giving them the power, and good arguments against. In favor of it, it would allow them to catch more criminals more easily. I think that's an easy positive most people would agree with. The drawback, however, is that the system could be abused (Anyone have research on wiretapping abuse? I think that'd be fairly relevant). We put a lot more of our personal information on the internet than we do on phone lines. Here's what I think: restricting FBI access just because it's a different medium than phones is silly. If you're going to restrict their access, do it on the grounds that the access they get should be the same across all communication media. If they need a court order even to begin thinking about installing the tap, then they should need that court order for a phone line or tapping into a Skype account. But giving them full phone access and no internet access is only going to help criminals trying to avoid detection. Be consistent, that's all I'm saying.

Re:in the UK the cameras can see in to alot of hom

[SudoGhost]

If you don't have anything to hide, why buy curtains?

As always ...

[khasim]

Fascism begins when the efficiency of the Government becomes more important than the Rights of the People.

And it is always sold the same way.

They want to "protect" you from the "enemy".
So you need to do your part and give up some rights (just for a little while) to make it easier to find the "enemy" hiding among you.

If you aren't supporting their team ... that means you're
a. supporting the "enemy's" team
b. delusional / stupid
c. secretly hate us and really are hoping the "enemy" wins

Re:What about encrypted communications?

[Anthony Mouse]

tap-stream

You seem to be assuming the way they would implement this is to have your client send a second copy of the stream to the FBI. Certainly that is the easy way to do it, but also the trivially detectable way -- the app is using twice as much bandwidth as it should and half the packets are going to some server in Virginia.

The smart way is to combine ISP-level wiretapping in with a back door that CCs the encryption key to the Feds so that they can decipher what they capture from AT&T. Skype already has to open a third party connection to look up the IP address of the peer you want to call, and it's pretty easy for a couple dozen bytes to get lost in the noise.

If you really want to be sure you better have the source and a binary compiled by someone you trust (like yourself).

Check the Constitution-FBI doesn't have "rights"

[Anonymous Coward]

I just checked the US Constitution and all the amendments. It is a quick read.

There is nothing in it about the FBI having the right to wiretap peoples communications without a warrant. A few years ago, there were less than 3,000 judge approved wiretaps inside the entire USA. http://www.justice.gov/nsd/foia/reading_room/foia_readingroom.htm [justice.gov]

There are 310,000,000 people in the USA. http://www.census.gov/population/www/popclockus.html [census.gov] They are suggesting all that this infrastructure be built to monitor 3,000 people? Only government thinks this way.

I'm sorry that monitoring private communications isn't easy. I'm also happy it isn't.

Re:What about encrypted communications?

[KlomDark]

>If you're not doing anything wrong, what is there to hide?

Wrong answer: If I'm not doing anything wrong, then are you doing looking?

Everybody's got something to hide, but most do not have anything illegal to hide. Every person should have the right to at least some data that's completely private to all others. Seems like it is a basic human right. At least until they develop direct brain-reading, which probably isn't too far from now.