Forgot your password?
typodupeerror
Privacy Government United States Your Rights Online

Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era 135

Posted by Soulskill
from the don't-let-the-backdoor-hit-you-on-the-way-out dept.
CWmike writes "CNET's Declan McCullagh reported last week on the FBI's argument that the massive shift of communications from the telephone system to the Internet 'has made it far more difficult for the agency to wiretap Americans suspected of illegal activities.' The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of 'going dark' if it is not allowed to monitor the way people communicate now. Not surprisingly, a range of opponents, from privacy advocates to legal experts, disagree — strongly. On key tech hitch with the plan, per ACLU attorney Mark Rumold and others: There is a difference between wiretapping phones and demanding a backdoor to Internet services. 'A backdoor doesn't just make it accessible to the FBI — it makes it vulnerable to others,' Rumold says."
This discussion has been archived. No new comments can be posted.

Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era

Comments Filter:
  • by shoehornjob (1632387) on Saturday May 12, 2012 @02:49PM (#39980539)

    'A backdoor doesn't just make it accessible to the FBI â" it makes it vulnerable to others.

    Speaking of backdoors I've got these cool new Sony disks for your computer......

  • by Scareduck (177470) on Saturday May 12, 2012 @02:51PM (#39980557) Homepage Journal

    No. No goddamn panopticons.

    • This is not about establishing the panopticon, it is about maintaining it. We already established the panopticon decades ago:

      https://en.wikipedia.org/wiki/CALEA [wikipedia.org]
  • So sad (Score:5, Insightful)

    by bky1701 (979071) on Saturday May 12, 2012 @02:52PM (#39980561) Homepage
    Unconstitutional efforts to spy on citizens ended by progressing technology. I will have a nice little cry for the FBI tonight, right after my nightly one about RIAA lost profits due to piracy.
  • Cry me a river (Score:4, Interesting)

    by betterunixthanunix (980855) on Saturday May 12, 2012 @02:56PM (#39980585)
    CALEA was basically a hand out to law enforcement, letting them sit back and eat doughnuts instead of going into the field when they need a wiretap. Now they are complaining that they do not get a similar hand out when it comes to the Internet, and dishonestly claiming that they do not want to revive the cryptowars? No thank you, FBI -- we are not going to give up secure communication systems or plant backdoors all over the Internet just because you long for the "good old days" when wiretapping-on-demand was enough to violate our privacy.
    • too late. the big carrier grade comms companies (you know, the ones with the C and J as their first company letter) already have a rape-fest in providing back doors to 'law enforcement' (and I use that term VERY loosely given how irresponsible they are).

      wire tapping, data collection, even hardware based pattern triggering and trapping. its all part of modern comms gear. little known secret: you can't SELL (in some sense, even develop) gear unless its wiretap friendly.

      we have already lost this war. the v

      • 'Wiretap friendly'?

        "Hey baby, wanna come over to my one time pad? I've gone some new insulated alligator clips that you ought to see."

  • by AnaxagorasZ (2573529) on Saturday May 12, 2012 @02:57PM (#39980599)
    I miss the days back when the only reason that our righteous free country would spy on our citizens or suspend our rights was to try to catch people working for evil governments who did things like spy on their own citizens and violate their rights. Back when it was easy to tell who were the good guys and who were the bad guys.
  • by gman003 (1693318) on Saturday May 12, 2012 @03:04PM (#39980653)

    First, the FBI gets a warrant for a particular "wiretap". This should be absolutely mandatory for what I'm about to propose.

    Then, off a specific warrant, they go to whichever company the warrant lists, and either:

    a) Install a packet-sniffer in front of the web server, logging everything to disk, which is then physically taken by the FBI as evidence - just like a conventional phone wiretap. This avoids the whole "anyone could use the backdoor" - if "anyone" can install hardware on the network, the 'security' is already broken so badly I had to use scare quotes.

    or

    b) go to the company, literally add code on a case-by-case basis to log a particular set of user's actions. This could include real-time alerts, if necessary. Oh, and the FBI is either the one doing the coding, or they pay standard rates for the service's programmers to do the job. This, again, avoids the security issue implicit to a government-mandated backdoor, by moving the "backdoor" from the computer level to the organizational level. It also does privacy better than a), because by being in the application layer instead of the network layer, it can be smart enough to only log the suspected users, not everyone.

    This seems totally reasonable. The FBI gets the data they need (face it, there are always going to be times when they're justified in listening in on "private" communications), the internet companies only have to do anything if there's actually enough of a case for a warrant, there's no backdoors for a hacker to exploit, and, if the judges do their job right, everyone's privacy is maintained unless there's enough evidence to justify violating it.

    And thus, by being at least mostly reasonable, it is guaranteed to not happen this way.

    • by mmmmbeer (107215)

      You can't expect people to agree to a reasonable compromise without completing the fighting and name-calling stages first.

    • Its not reasonable. Private enterprise should not have to bear the burden of doing law enforcement's job. We should not be telling people how to build systems so that the FBI can track it easier, that is an undue burden from the state. This is a situation that the FBI cant win unless they rig the game and suspend a lot of civil liberties. The end game here is full panopticon and then everyone encrypting everything. Anyone skilled in modern communication systems can craft messages that would be IMPOSSIBLE to
      • by gman003 (1693318)

        Where, exactly, did you get "private business bearing the burden of law enforcement" from what I wrote?

        The FBI would either a) install a relatively simple network device themselves, requiring at most a few minutes downtime, b) write some basic logging code themselves, or c) compensate the private-enterprise-programmers for doing (b).

        • You forget the burden of not being able to design systems that do not include their technology. If I want to design a completely secure and anonymous system, i cant because the FBI wants to be able to see everything. The idea that every communication avenue MUST be able to be wiretapped is abhorrent in the extreme.
          • by gman003 (1693318) on Saturday May 12, 2012 @04:51PM (#39981287)

            Look, if it's a data stream, you can record it. I'm not saying everyone should have an API that the FBI can use. I'm not saying we need to record absolutely everything so the FBI can look at it.

            What I'm saying is that if the FBI needs to record something and they have enough evidence to get a warrant, they can come in and write their own damn code to log it, we'll put it on the server for as long as the court order says, and then as soon as they're gone we revert the code back to the way it was. Or, the FBI can log every packet themselves, and *they* get the fun task of sifting through billions of TCP packets to find the ones used by Ahmed ibn Badguy.

            And if the system *is* anonymous-by-design, well, "that's literally impossible" is generally considered a valid reason to refuse a warrant. I know if the FBI knocked on my door and handed me a warrant for "whatever is 40km beneath the property" and a shovel, I'd call up the judge and tell him that, unfortunately, the laws of science trump even the US Constitution.

            • The suggestions in this thread sound like a pain in the ass. If the metaphor is a phone tap, wouldn't it be a shitton easier, if the warrant is granted, just to install surveillance software on the computer of the person of interest? Unless the suspect is using internet cafe's, another suggestion is to install hardware at the suspect's location, between the suspects router and the Internet, logging everything. I never remember hearing about where the detectives get their phone tap warrant, and then have to

              • by gman003 (1693318)

                Well, there's a lot of reasons.

                First, installing something on the suspect's computer *generally* can't be done stealthily. If the FBI knocked on my door, handed me a warrant, and installed spyware on my computer, I sure as hell won't be doing anything even slightly suspicious on my own computers - a quick hop to the library, or to a friend's house, and then use *theirs*.

                They may also not know where the person is. Say they're trying to catch Steve McBadguy, who's "on the run". They know he tends to log in to

                • Re: (Score:3, Informative)

                  by sir-gold (949031)

                  the FBI can install spyware on a computer just as stealthily as they can bug a room.

                  • the FBI can install spyware on a computer just as stealthily as they can bug a room.

                    I agree completely. They've been in the domestic stealth business for a good long time now, and have quite a bit of stealth capital, over half a century's worth, way more than any gang, which has none, or some arrogant crew of thieves that think they're invisible. What's new here is the computer software and hardware technology, and its seems kind of obvious the individuals (if not the FBI itself) in charge fear computer technology like its black magic. If they'd just hire a damn competant consultant, hope

                    • by Anonymous Coward

                      They've already been doing this for a while now. They have their own trojans that are whitelisted by the AV companies. I read an article about one such suspect being caught by this tactic a few years back.

                      But, as to the broader topic, it seems many here are confused as to what the FBI is complaining about. They already have taps at the ISP level -- every major ISP in the USA has FBI ready tapping equipment installed *right now*. CALEA made this mandatory. What they are mad about now is that, even with

                    • So what they are trying to do here is outlaw encryption

                      I guess you mean "re-outlaw" encryption. I thank you for the very nice, clear explanation, btw... But I still think a decent phishing attack can subvert encryption, and I'm mildly glad the FBI has heard of this, and is using it. Because once the client is compromized, the data can be had, encryption or not. Their legal-malware merely needs to hijack the outgoing data before encryption, and the incoming data after encryption. And I don't see how even if they did this, how the evidence gathered would be any b

    • ... go to the company, literally add code on a case-by-case basis to log a particular set of user's actions.

      If I were running an online service I wouldn't want the FBI coming in and adding their own code to mine. If the FBI wants any of the data on my system then let them either get a subpoena that I can execute with a certain degree of deliberation (see here [sparkfun.com] for one example), or a search warrant that allows them access to all of the data named therein. No need for the FBI to install special code that is po

  • ... were the surveillance capabilities that the FBI used to have appropriate? The fourth amendment of our Constitution protects an individual against searches and seizures without a warrant. A warrant that describes what is to be seized and from where. I don't think our founding fathers had anything like sitting and listening for a conversation (or other communication) in mind. Particularly since it is impossible to describe in a warrant an event that hasn't happened or a record that hasn't been created y

  • by GodfatherofSoul (174979) on Saturday May 12, 2012 @03:09PM (#39980689)

    The FBI can get a warrant if they've got evidence, but they want to snoop without them.

  • by Anonymous Coward

    If they can already tap a broadband connection, they can see all the data anyway. Backdoors will only lead to people moving to TOR or something similar. Its only a quick download these days.

  • Who would have thought the FBI will help by mandating a backdoor that will free all information for everyone once it's hacked?
  • by Adrian Lopez (2615) on Saturday May 12, 2012 @03:18PM (#39980743) Homepage

    The purpose of wiretaps is to capture information that is transient in nature and therefore lost after transmission. Online services are a different beast altogether, the data being more permanent in nature and therefore better suited to the traditional subpoena / search warrant model. Building surveillance capabilities into online services is like building surveillance capabilities into people's homes: invasive and unnecessary.

  • by Comen (321331)

    Anyone out there know anything about IPDR and how the communications companies use it today?

  • Privacy Advocates Protest FBI Warning of 'Going Dark' In Online Era

    Everybody knows once you go dark, you never go back.

  • This is the third time you've posted [slashdot.org] the same freaking article [slashdot.org]. We get it. It's been discussed. It's not news anymore.
  • Dear FBI... (Score:5, Insightful)

    by Lumpy (12016) on Saturday May 12, 2012 @04:59PM (#39981327) Homepage

    Good luck. I can, right now have a heavily encrypted communication with several people over the internet that you will not be able to decrypt when the information is the most valuable to you. This is your own fault. You did not pressure Congress to fund the Sciences heavily to make sure we had the best and brightest here in the USA working for you. Instead you let them go off on their hunt on the constitution. You let the Fear engine get away from you and let the CIA have the ball with their Terrorism Bogeyman.

    Now it's too late. Even a 13 year old kid in a basement has the tools he needs to make a secure encrypted communication channel that would take you months or even years to crack. Long after it was valuable to do so.

    Want to fix it? Go to congress and scare the bejesus out of them, Get them to dump 20 to 30% of the Defense budget into Science and research. If we start now you can get back on top in about 10 to 15 years. It is the only way. If you dont, the bad guys will win. Get off your asses and scare the shit out of congress to get the funding, because if you actually talk to them like they were educated men, you will be wasting your time.

  • by kawabago (551139) on Saturday May 12, 2012 @05:01PM (#39981339)
    Since the only domestic plots the FBI foiled were ones they set up themselves, the military recently killed foreigners planning attacks from the middle east so I think we really don't have to worry that much about terrorism. People on planes have shown that they will react and subdue a would-be terrorist so that isn't a big concern. As far as I can tell, the whole terrorist ball of wax is just a make work project for law enforcement much like the war on drugs.
  • by Shavano (2541114) on Saturday May 12, 2012 @07:21PM (#39982077)

    If you really want to keep your communications from the FBI, you can still always use a third-party local, secure ecryption system that the government can't easily crack. So they'll end up knowing anything they want to know about the people who don't think they have anything worth hiding from the government and NOTHING about whatever communications you choose to hide from their scrutiny. Well, they might know when it occured and maybe with whom, but they won't be able to crack the content. And if enough people object to their prying eyes, they'll find that they've driven most communications to use an ecryption method that neither they nor their proxies can crack in any reasonable time, so there will be a huge volume of "suspect" data: so much that they can't tell the difference between routine chats between business partners and chats between members of a terrorist cell discussing their evil schemes.

    • by sir-gold (949031)

      At which point there will be a new push from the government to ban "unapproved" encryption

  • Allowing the FBI to wiretap the phone system was, at most, a minor inconvienience. Allowing tapping of the Internet is a much larger violation of privacy

    Because phone taps had a physical location, you could control exactly who had access to it, just by securing the building.
    Internet taps have no such limits, "secure" FBI accounts can be stolen and passwords can be hacked and nobody would even know until it was far too late

    The only time a phone tap can "spy" on you is when you are on the phone, and we only r

  • by bradley13 (1118935) on Sunday May 13, 2012 @05:22AM (#39984313) Homepage

    Of course, if you work in law enforcement, this is your daily work. Everyone lives in their personal bubble, and wants their daily work to be easier. However, in the big picture, spying on individuals is *supposed* to be hard.

    Another point that people often forget: The government (or the FBI) is not some single entity. It is composed of individual people: some good, some evil, most just schmucks trying to get along. You cannot trust the government, simply because it contains some individuals who are not trustworthy. This is another reason that things like wiretaps should be difficult.

  • I, for one, welcome the FBI surveillance efforts going dark.

  • What will happen is:

    a) The FBI comes up with an idea.
    b) The people complain.
    c) The idea is dropped...
    d) ...and implemented 3 years later under a different name.

    Welcome to the USA. Home of the free.

Numeric stability is probably not all that important when you're guessing.

Working...