Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era

CWmike writes "CNET's Declan McCullagh reported last week on the FBI's argument that the massive shift of communications from the telephone system to the Internet 'has made it far more difficult for the agency to wiretap Americans suspected of illegal activities.' The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of 'going dark' if it is not allowed to monitor the way people communicate now. Not surprisingly, a range of opponents, from privacy advocates to legal experts, disagree — strongly. On key tech hitch with the plan, per ACLU attorney Mark Rumold and others: There is a difference between wiretapping phones and demanding a backdoor to Internet services. 'A backdoor doesn't just make it accessible to the FBI — it makes it vulnerable to others,' Rumold says."

Cry me a river

[betterunixthanunix]

CALEA was basically a hand out to law enforcement, letting them sit back and eat doughnuts instead of going into the field when they need a wiretap. Now they are complaining that they do not get a similar hand out when it comes to the Internet, and dishonestly claiming that they do not want to revive the cryptowars? No thank you, FBI -- we are not going to give up secure communication systems or plant backdoors all over the Internet just because you long for the "good old days" when wiretapping-on-demand was enough to violate our privacy.

How's this for an idea?

[gman003]

First, the FBI gets a warrant for a particular "wiretap". This should be absolutely mandatory for what I'm about to propose.

Then, off a specific warrant, they go to whichever company the warrant lists, and either:

a) Install a packet-sniffer in front of the web server, logging everything to disk, which is then physically taken by the FBI as evidence - just like a conventional phone wiretap. This avoids the whole "anyone could use the backdoor" - if "anyone" can install hardware on the network, the 'security' is already broken so badly I had to use scare quotes.

or

b) go to the company, literally add code on a case-by-case basis to log a particular set of user's actions. This could include real-time alerts, if necessary. Oh, and the FBI is either the one doing the coding, or they pay standard rates for the service's programmers to do the job. This, again, avoids the security issue implicit to a government-mandated backdoor, by moving the "backdoor" from the computer level to the organizational level. It also does privacy better than a), because by being in the application layer instead of the network layer, it can be smart enough to only log the suspected users, not everyone.

This seems totally reasonable. The FBI gets the data they need (face it, there are always going to be times when they're justified in listening in on "private" communications), the internet companies only have to do anything if there's actually enough of a case for a warrant, there's no backdoors for a hacker to exploit, and, if the judges do their job right, everyone's privacy is maintained unless there's enough evidence to justify violating it.

And thus, by being at least mostly reasonable, it is guaranteed to not happen this way.

Re:Oh for the Cold War

[spire3661]

The 24 hour news cycle did not create the machinations we now see exposed. They have always been there, it only seems magnified because we see more now. The FBI has ALWAYS spied on us extra-judiciously. From day one it was built, its purpose is to catalog and amass information about the american citizenry. Just read the first 2 paragraphs of J. Edgar Hoover's wiki if you have any doubt at all. http://en.wikipedia.org/wiki/J_edgar_hoover [wikipedia.org]

Re:So sad

[Anonymous Coward]

If you watch the moderation for any given topic, it always skews a certain way and punishes anyone who speaks out against the conventional wisdom. Because a limited pool of users controls the filtering of opinions, there is in fact an overall viewpoint that is enforced rather than a diversity of ideas.

I can't help seeing the outrage to "unconstitutional spying" on the part of the government and then wondering why absolutely anybody who speaks out against Google's privacy violations on Slashdot earns themselves a permanent -1 account. But if you watch closely, you'll see this over and over on this site, and it's mind-boggling.

Even this conversation we're having, which on any other site would just be another standard thread with differing perspectives, will see my posts modded down to -1 (just watch).

Re:So sad

[rocket rancher]

Because my fellow man (which is what government in the US is supposed to be, the whole 'we the people' thing) spying on me willy-nilly using Monopoly on Violence is not the same thing at ALL as the shopkeeper next door keeping records of what i buy to use in his marketing and optimization research.

Really? You need to take a broader view, then. Let's start with your shopkeeper's surveillance of your spending habits. He knows what you buy, when you buy it, and exactly how much you spend in his shop, along with all of your other neighbors. Some simple analysis allows him to predict quite accurately what you are going to buy and when you are going to buy it. So he jacks up those prices on D-1 and lowers them again on D+1. The Walmart grocery store in my neighborhood appears to be already doing this; the variance I get in the price of a Red Baron pizza correlates too strongly with payroll dates for the lower middle class neighborhood I live in for it to be a coincidence. But hey, according to you, it's *different* -- I guess you believe the monopoly on violence only includes armed force, and not the "Monopoly on the only grocery store within miles" kind of violence. FWIW, boutique retailers have been doing this for millenia -- each customer gets a unique price, determined by the shopkeeper's ability to assess the depth of the customer's pockets. Thanks to your benign "marketing and optimization research" the guy who sells you food is going to be able to do the same damn thing...

Re:How's this for an idea?

[gman003]

Look, if it's a data stream, you can record it. I'm not saying everyone should have an API that the FBI can use. I'm not saying we need to record absolutely everything so the FBI can look at it.

What I'm saying is that if the FBI needs to record something and they have enough evidence to get a warrant, they can come in and write their own damn code to log it, we'll put it on the server for as long as the court order says, and then as soon as they're gone we revert the code back to the way it was. Or, the FBI can log every packet themselves, and *they* get the fun task of sifting through billions of TCP packets to find the ones used by Ahmed ibn Badguy.

And if the system *is* anonymous-by-design, well, "that's literally impossible" is generally considered a valid reason to refuse a warrant. I know if the FBI knocked on my door and handed me a warrant for "whatever is 40km beneath the property" and a shovel, I'd call up the judge and tell him that, unfortunately, the laws of science trump even the US Constitution.

Re:So sad

[Anonymous Coward]

Coincidentally, I am actually producing an estimate for a potential Red Baron campaign right now, so let me help you understand the difference.

It is much easier to tell when to lower the price than when to raise the price, because of the existence of competitors. The raised price on Red Baron pizza you see at Walmart is actually the normal market price controlled by competition at the high end of the demand spectrum. When the lower middle class have spent most of their money, that is when the price lowers because the demand has dramatically lowered at those times. When other stores hold onto their stock for the next round, Walmart is able to know when it is appropriate to lower the margin, and still make money by selling enough volume.

The difference is this: both Walmart and their competitors market to when people have the money to buy it, but only Walmart (and others like them) know when people do NOT have the money to buy it at the high end of the demand spectrum. Knowledge of the marketplace is used to IDENTIFY what market demands ALREADY exist. Knowledge of the market is very different from leveraging one market into the next, and monopoly abuse. Granted, Walmart has a market leverage effect, raising prices, but also has the opposite effect by applying market knowledge to lower prices. The market knowledge is what lowers prices. Nothing wrong with market knowledge.

Market analysis can be done using statistical analysis that operates on anonymized customer information, like the product I work on, so the shopkeeper doesn't need to be shipping his customer's personal information around. On the other hand, the Monopoly on Violence uses personal information ONLY because it is personal, and as centralized as it possibly can. The shopkeeper has an incentive for his data to not be shared too centrally, because it could get into the hands of his competitor. The shopkeeper sees his customer database as proprietary.

The Monopoly of Violence is only repelled by the political movement to restrict prosecution only to warranted information that is collected through normal business practices. There must be a direct line of warrant from actual damages. Otherwise, fishing expeditions for thought crimes and political reasons become practical. The only reason why "probable cause" is even allowed for a warrant is because of that relationship to actual damages. What "warranted" means is not JUST probable cause, but also because damages have occurred from a directly related event. The police should be investigating CRIMES not LIVES.