Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
United States Privacy Your Rights Online

FBI Adds to Wiretap Wish List 471

WorkEmail writes "A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police. The FBI's request to the Federal Communications Commission aims to give police ready access to any form of Internet-based communications. If approved as drafted, the proposal could dramatically expand the scope of the agency's wiretap powers, raise costs for cable broadband companies and complicate Internet product development."
This discussion has been archived. No new comments can be posted.

FBI Adds to Wiretap Wish List

Comments Filter:
  • by eaglebtc ( 303754 ) * on Saturday March 13, 2004 @04:09AM (#8550671)
    This is completely absurd. I am against wiretapping in principle; however, if the government wants to mess with the operation of a private entity, then that private entity (the ISP) should be justly compensated for their time and effort. The government should pay for the upgrades, not the consumer. While I'm on the subject of payment, let's assume that the FBI requires the use of wiretapping in less than 1% of all its investigations. So they want to force 99% of the people to pay for something they only need for 1% of the time?

    Bottom line: The FBI can go piss on itself. Fuck the system.

    fp

    • by jtwJGuevara ( 749094 ) on Saturday March 13, 2004 @04:17AM (#8550693)
      I concur with the parent. However, the consumers will end up paying for the wiretapping regadless, whether the ISP's are forced to do the upgrade themselves, or if the FBI funds since the FBI is funded with everyone American's dollars.

      Regardless, this is pretty intrusive on the FBI's part. Even though it isn't a blatant intrusion into our private lines located within our home, it may as well be, since our direct line to the internet for 99.9% of the population runs through commercial ISP's. I hope someone cries foul on this proposal in support for the protection of privacy. However, with the state of most American's line of thinking, such a hope is far-fetched.

      • by drooling-dog ( 189103 ) on Saturday March 13, 2004 @09:37AM (#8551400)
        since the FBI is funded with everyone American's dollars.

        That may have been true a few years ago, but fortunately we now have an administration with the will and wisdom to make our children and grandchildren pay instead. So live it up and just hope you die before the bill shows up!

      • by Kyouryuu ( 685884 ) on Saturday March 13, 2004 @11:46AM (#8552009) Homepage
        Just you watch.
        • Ashcroft will sneak these provisions into Patriot Act III.
        • Bush will use his patrotic propaganda to ensure its safe passage.
        • It will become law right under the feet of many clueless individuals.
        • Bush will ensure it remains with his "You must be a terrorist if you want to weaken our security forces" rhetoric.
        It is a hope of mine that one day, the idiots in the government will come to realize that the Internet is supposed to be beyond any government's control. Unfortunately, I doubt the powermongers will ever let that happen.
      • However, the consumers will end up paying for the wiretapping regadless, whether the ISP's are forced to do the upgrade themselves, or if the FBI funds since the FBI is funded with everyone American's dollars.

        Yes, but if government pays, the cost is distributed much wider than if your ISP pays (where you pay much larger share). If the 260 million want to enjoy the "benefits" of the FBI's snooping into my computer, then 260 million ought to pay for it, not just me and my ISP.

    • by velo_mike ( 666386 ) on Saturday March 13, 2004 @04:20AM (#8550705)
      The government should pay for the upgrades, not the consumer.

      Either way, the consumer ends up paying, be it in the form of increased access fees or a tax hike or, most likely with our govt, just tacking it on to the deficit. Bottom line: The FBI can go piss on itself. Fuck the system

      Amen

    • by ScrewMaster ( 602015 ) on Saturday March 13, 2004 @04:32AM (#8550735)
      ON the other hand, if the government pays for the upgrades, it will be with tax dollars, so either way the consumer/citizen gets screwed. And, actually, if you look at the number of court cases that are successfully prosecuted nationwide using legitimately-garnered wiretap evidence, it's more like forcing 99.99999% of the people to pay for something the FBI needs only .000001% of the time, or worse. Ridiculous on the face of it: all the numbers I've been able to find simply don't justify this ongoing crusade for advanced wiretapping capabilities. Those boys just hate like hell to have anything kept from them. The problem, as I see it, is that the ease with which the FBI (and the Federal Government in general) was able to grab new powers in the wake of 9/11 has simply encouraged them to go for more of the same, although they've been trying for a national wiretap center for a long time prior to that. This is much like the FBI excesses decades ago, under Hoover, that resulted in Congressionally-mandated restraints upon its' behavior. Back then, of course, wiretapping was a relatively simple affair involving a lineman's handset and a pair of clip leads. Times have changed, and in the modern world the costs of allowing them to run in this open-loop fashion for very long are going to be significant, both in terms of money (tax dollars or on your Internet bill, take your pick) as well as civil-liberty abuse. Congress is the only entity that has the power to reign these people in, and I don't see a lot of effort being expended there on our behalf.
      • by sosume ( 680416 ) on Saturday March 13, 2004 @05:31AM (#8550894) Journal
        If approved as drafted, the proposal could dramatically expand the scope of the agency's wiretap powers, raise costs for cable broadband companies and complicate Internet product development .. what about the US turning into a police state. I'd say that's quite a bit more disturbing than paying a few bucks.
        • what about the US turning into a police state. I'd say that's quite a bit more disturbing than paying a few bucks.

          They've only got 8 more months to do this shit. I'm a fiscally conservative (and social moderate) Republican, but IF I vote it'll be for Kerry. I want this asshole Bush out of office before kids have to learn to goosestep and wear brown shirts in kindergarten. The religious right must've spooged in their shorts when the supreme court handed the Presidency to Bush, but it's set back democra

          • The religious right must've spooged in their shorts when the supreme court handed the Presidency to Bush

            I'm not sure exactly what you mean by "religious right", but I think I fit that description (Christian, pro-life, opposed to gay marriage, etc.) and I hate this administration. I despise Bush the retard, Cheney the evil money man, and Ashcroft the tyrant fascist.

            I guess my point is to be careful painting people with such a broad brush...
          • Re: (Score:3, Insightful)

            Comment removed based on user account deletion
    • by Felinoid ( 16872 ) on Saturday March 13, 2004 @04:33AM (#8550737) Homepage Journal
      Next they'll bill the suspect for being investigated and failing to produce justification for an arrest warent.
      Improves law enforcment and cuts the budget.. What could be wrong?

      Oh right.. paying for being innocent.
    • Civil Protest (Score:3, Interesting)

      by rodgster ( 671476 )
      everyone should download anything and everything they can think of. Delete it when it is done and then initiate a new down load.

      Bottom line: Saturate your download bandwidth.

      If Everyone did this, it would likely hamper any monitoring capability.

      I hate to advocat this this type of protest, but the bottom line is fuck you, get a warranat if you want to monitor my shit.

      From this day forward, my download bandwidth will be saturated.

      Like the SBC commercial in CA. "I'm gonna download the whole internet"!
      • by velo_mike ( 666386 ) on Saturday March 13, 2004 @04:38AM (#8550748)
        everyone should download anything and everything they can think of. Delete it when it is done and then initiate a new down load

        Similar concept but I think everything should be encrypted. Notes to mom, grocery list to the s.o., plans for laser beams mounted on fricken sharks, encrypt it. Fuck em, let em spend a ton of money decrypting a note to my g.f. asking to pick up drycleaning... Overload the system.

      • Re:Civil Protest (Score:5, Insightful)

        by ScrewMaster ( 602015 ) on Saturday March 13, 2004 @04:40AM (#8550750)
        Or simply encrypt your transmissions. The Federal Government has been aware of this possibility for many years (predating the opening of the Internet to the public) and tried mightily to get encryption effectively outlawed for private use. Fortunately they failed that time around, but that doesn't mean they won't try again. If all significant Internet traffic was adequately encrypted it wouldn't much matter if they could tap the packets, it would be too costly to decrypt it. That's where it's heading anyway, if nothing else to keep the RIAA from peeking at our upload folders. The question is whether or not the Feds have the balls to try and make that illegal.
        • Re:Civil Protest (Score:5, Interesting)

          by mborland ( 209597 ) on Saturday March 13, 2004 @08:38AM (#8551232)
          If all significant Internet traffic was adequately encrypted it wouldn't much matter if they could tap the packets, it would be too costly to decrypt it.

          I agree generally with the intent your statement, but have two concerns:

          1) The government still should not have the right to monitor packets; you don't want them use the 'well, you can always encrypt your traffic' argument to support general sniffing, and

          2) Even if they can't decrypt the payload efficiently, they can still tell where the packets are going and presumably draw conclusions from that. Most likely they'd use such conclusions to get warrants for further access to your systems.

          For example, you get spam or other traffic from some hijacked computer in Syria/Chad...these days that would be enough to establish possible terrorist links--especially if the payload was encrypted.

          No monitoring whatsoever is appropriate.

        • Re:Civil Protest (Score:3, Insightful)

          by wcdw ( 179126 )
          Unfortunately, the best hope for ubiquitous encryption -- O.E. via FreeSWAN -- does not appear to have caught on.

          Then again, how many people have access to their reverse DNS information?

          Then, too, there is _NO WAY_ I am going to be able to send an encrypted message to my mother, unless the process is COMPLETELY transparent.

          In the case of a lot of users, that implies support built into WinDoze. And frankly, I wouldn't trust that any such support did NOT contain a government-enabled back-door.

          Can you say
    • into your net connection, then doesn't it make it easier for a script kiddie to tap into your net connection also and intercept what you're doing?

      Or spyware for that matter.
    • by Lord of Ironhand ( 456015 ) <arjen@xyx.nl> on Saturday March 13, 2004 @08:18AM (#8551201) Homepage
      Oh, and before you thought this was just something typical of the American government and all the Europeans were laughing at you; we've had this kind of monitoring here in the Netherlands for some time now. To the extent that ISP's are not allowed to offer encrypted services such as IMAP over SSL.
      • by 0x0d0a ( 568518 ) on Saturday March 13, 2004 @08:44AM (#8551246) Journal
        I've got a shitlist here:

        China: Repressive government with deep love for monitoring citizens and harsh penalties for political dissent.

        Australia: Extremely socially conservative government with love for censoring Internet.

        Britain: Anti-gun, laws forcing people to hand over passwords/keys upon request, leader has mouth firmly glued to Bush's cock.

        Netherlands: Apparently anti-encryption government?

        Man, I wish some hacker would grab email from a couple of important figures in the Netherlands and post said data all over.

        This worked nicely in the United States when protesting "trash rights". Theoretically, when you throw something out, you no longer lay claim to it, and it isn't yours. That means that anyone (even without a warrant) can come along and root through your trash for interesting information. The police force of some town busted someone for marijuana-growing or something after monitoring their garbage for a long time without a warrant. The local paper ran an editorial criticizing them. The mayor and police chief both bashed the editor of the paper, saying that the paper didn't know what it was talking about and should shut up. The police chief sent a letter in to the paper saying that the ability to monitor garbage wasn't an invasion of privacy and was perfectly acceptable. The editors of the paper ran out and collected the *mayor's* and *police chief's* trash for two weeks (using the same argument of legality that the police chief used), then published a rather embarassing dossier on each.
  • Stock Tip (Score:5, Insightful)

    by BinBoy ( 164798 ) on Saturday March 13, 2004 @04:11AM (#8550673) Homepage
    Invest in encryption products.
    • Re:Stock Tip (Score:5, Insightful)

      by cperciva ( 102828 ) on Saturday March 13, 2004 @04:34AM (#8550743) Homepage
      You really think they have time to look at the data contents of your packets? That takes time and human resources... what they're interested in watching is your packet headers, which aren't going to be encrypted.

      This is all about traffic analysis. They can work out who is talking to whom over the air via the NSA's listening network (or rather, GCHQ's network, via reciprocal "let's get around domestic spying laws" deals), but they need hardware on the wires to look at those packets.

      Sure, if you're under investigation, they might use this hardware to log the contents of your traffic; but they'd do that anyway. These changes are about identifying possible suspects based on who they associate with.
      • Re:Stock Tip (Score:3, Informative)

        by Troed ( 102527 )
        Freenet [sf.net] (among others) already deal with that, through extensive proxying.

        Install it today - you will need it working tomorrow.
      • Re:Stock Tip (Score:3, Informative)

        "If Skype [skype.com] becomes illegal, only criminals will have Skype." (Encrypted VOIP, with better sound quality than telephones, and free, at present.)
    • Re:Stock Tip (Score:3, Interesting)

      by eclectro ( 227083 )

      The problem is that the FBI may require "backdoors" in commercial software products.

      This represents a HUGE hassle for anybody programming these things, not to mention all the open source implications (like does the open source become illegal if it reveals the FBI's backdoor?).

      I'm with the earlier poster. If the FBI wants it, they can buy it. It shouldn't be anybody's burden to provide the FBI with free wiretapping services.
  • Dial Up (Score:4, Interesting)

    by HughDario ( 741581 ) on Saturday March 13, 2004 @04:11AM (#8550674)
    Wait, what about us who still have dial-up? (yes we do still exist) It says nothing about it in the article from what I saw.
  • You watch.... (Score:5, Insightful)

    by Anonymous Coward on Saturday March 13, 2004 @04:14AM (#8550681)
    Next, they will come for your encryption. Maybe not today, maybe not tomorrow... but soon.
    • Re:You watch.... (Score:5, Insightful)

      by identity0 ( 77976 ) on Saturday March 13, 2004 @05:32AM (#8550897) Journal
      That is sort of inevitable, I think, given the post-9-11 power grab and fearmongering we've seen. They'll at least try to ban strong encryption, if not an outright decree to use government-escrowed keys.

      It makes me almost glad that we went through the nonsense with encryption during previous administrations - first the Phil Zimmerman prosecution, export controls, and even the Clipper chip attempt. It mobilized & organized a whole lot of pro-encryption people who otherwise would not have cared. The arguments for encryption controls were mostly theoretical and less fear-inducing before the current climate of fear, too. It actually made us stronger, I think. If we had never gone through that and the administration now banned strong encryption, we would be scrambling to come up with good arguments for allowing encryption, and the public hysteria over "secret terrorist messages" would probobly drown us out given the current media climate.

      Man, who would've thought during the Clinton administration that we'd be nostalgic for those days? Ah, Janet Reno, Louis Freeh, Phil Zimmerman, Clipper... great times, eh?
  • by parasyght ( 545609 ) on Saturday March 13, 2004 @04:15AM (#8550685)
    Hypothesis:
    Carless wire tapping will some how turn into a corpate espionage tool. Give yer brother bill whos a cop a couple bucks, get access to the competitions phone wires, walla!! corpate espionage.

    can i use the word "walla" in a hypothesis?

  • Encryption (Score:2, Insightful)

    by Aurix ( 610383 )
    Makes you wonder when we're all going to be forced to use high-grade encryption for all connections across the Internet....
  • by netnerd.caffinated ( 473121 ) on Saturday March 13, 2004 @04:16AM (#8550691)
    if they can't, then whats the point. anyone who's doing anything illegal & knows the FBI can listen in, will just encrypt.
    Big waste of time

    • No... (Score:5, Insightful)

      by Greyfox ( 87712 ) on Saturday March 13, 2004 @05:59AM (#8550948) Homepage Journal
      They'll simply speak in code that they agreed upon offline. If a bunch of guys agree offline that one of them posting a "first post" troll on slashdot means "plant the bombs on the bridges tonight and detonate them at rush hour tomorrow," no one's going to catch that except the intended audience.

      You might net the Martha Stewarts of the world with wiretaps, but with most criminals you'll have better luck just siezing all their gear and reading their hard drives anyway. For domestic terrorists, conventional surveilance methods seem to fall short anyway, so in either case I'd have a hard time justifying the added cost of being able to tap their internet communications.

      I think the best way of defeating terrorists may be education. Convince the people who tend to turn a blind eye to suspicious activities out of misguided loyalty that ignoring those activities is not beneficial to their community or cause. Take Iraq for instance. Terrorists there are merrily targetting Iraqi citizens at least as much as they are American troops. A lot of the people there blame the USA for "not providing enough security," but how many of those same people are letting those same terrorists crash at their houses, or know someone who is? As long as those people tolerate it, the problem will not go away.

  • by melted ( 227442 ) on Saturday March 13, 2004 @04:18AM (#8550696) Homepage
    ISP's are obliged by law to install wiretapping devices and provide internet connectivity to police to use these wiretapping devices. There's no warrant necessary to wiretap. Best of all, all encryption standards (except GOST, which comes from the government) are outlawed, so you can get hard time for using PGP. I haven't heard about anyone getting sued for using strong crypto, though, so it looks like these laws are not enfoced.
  • by SisyphusShrugged ( 728028 ) <me@ i g erard.com> on Saturday March 13, 2004 @04:19AM (#8550698) Homepage
    All my commmunication will have to have GW is Double-Plus Good as the header :) Using words such as Terrorism, Nader for President, and Same-Sex Marriage will merit an immediate termination.
  • by Isbiten ( 597220 ) <isbiten@gmail.cCHICAGOom minus city> on Saturday March 13, 2004 @04:19AM (#8550701) Homepage
    Well at least if your using Mac OS X 10.3 Mail.app

    I used this [joar.com] tutorial on how to certify my email adress so the one receiving my email will know that's it me. Also when the receiver and the sender got a certified email adress you can encrypt your email adress.

    Yes I know about PGP but this is much easier since Mail automatically adds the senders key for you when you get a mail that's signed.
  • by Mark Trade ( 172948 ) on Saturday March 13, 2004 @04:21AM (#8550707)
    Yeah. Do so but invest in encryption outside the U.S. because the next step will be to ban encryption on the U.S. part of the internet. Ok, this will severely interfer with all kinds of online payment but how much sense would it make for the FBI if they are allowed to wiretap you but can't read what you type?
  • by letdownjournals ( 737635 ) on Saturday March 13, 2004 @04:22AM (#8550711)
    Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service.

    To avoid any potentially deadly misunderstandings, I'd advise you not to play a Counter-Strike "terrorist."

  • 1984 (Score:5, Funny)

    by aixou ( 756713 ) on Saturday March 13, 2004 @04:23AM (#8550712)
    Some visionary should write a book about a future dystopia and call it 2040. Then Apple can come out with a cool new commercial in 2040, with a dubbed over voice saying, "god damn it. it's happened.", and have a gunshot fire with the sound of a body falling to the ground. right?
  • by eltaDciraD ( 700966 ) * on Saturday March 13, 2004 @04:23AM (#8550713)
    The FBI seeks to appoint a senior AOL linguist. The successful candidate will form a 1337 team able to translate AOL to American English in real-time as part of a stimulating new FBI initiative...
  • Encryption. (Score:5, Informative)

    by captnitro ( 160231 ) * on Saturday March 13, 2004 @04:25AM (#8550718)
    If you boil a frog, it doesn't know that it's in trouble until its legs are paralyzed and can't escape. Yup.

    This is probably more for the "VoIP" segment of the universe than "XBox Live", this is a perfect reason to enable IPSEC over VoIP.

    Too often the open source community thinks of the unreasonable approaches before the reasonable, and that's only because you have to fight fire with fire. In this case, you have to have as much reason as a politician will -- and yes, that sometimes means being as evil as they can be -- that is to say, with transparent encryption, it makes it unreasonable for a state agency to tap because it would mean confiscating servers and disrupting business (the state, in the US, must have a compelling state interest to do just about anything). This can have two effects: (1) Hosts increasingly require unreasonable agreements (CYA). (2) The disruption of business is so much that is becomes a burden for politicians to support.

    My point being: look guys, we're Slashdotters, and we administrate public networks, and we're smarter than them, and with no disrespect, we can make prior art out of whatever aged notions of data security they have. That's what open source is about; the gathering of the people above those with green and power.

    We should assume our data is being intercepted in the first place -- that's why you provide data security. Thou shalt encrypt.

    ALSO SEE: Due Process, Fourth Amendment.
    • Re:Encryption. (Score:3, Informative)

      by Jeff DeMaagd ( 2015 )
      If you boil a frog, it doesn't know that it's in trouble until its legs are paralyzed and can't escape. Yup.

      Just to make sure readers know:
      Snopes on Frog Boiling [snopes.com]

      In short, the adage isn't literally true, although it might be figuratively true.
  • by RLiegh ( 247921 ) on Saturday March 13, 2004 @04:26AM (#8550720) Homepage Journal
    Seriously. It's nice (esp since I just got cable), but once it becomes Yet Another Intrusive Tool, I -for one- will go back to reading and ordering cds through catalogs or buying them in person.

    The internet isn't a necessity, particularly if survellience becomes unavoidable.
  • Freeswan (Score:4, Informative)

    by Albanach ( 527650 ) on Saturday March 13, 2004 @04:39AM (#8550749) Homepage
    Perhaps Freeswan [freeswan.org] went into retirement a bit too soon. Freeswan offered ubiquitous encryption throughout the internet where computers would negotiate secure transport mechanisms with each other on an opportunistic rather than pre defined basis.
  • by 3seas ( 184403 ) on Saturday March 13, 2004 @04:40AM (#8550753) Homepage Journal
    We all need to install internet cameras in our tolits...with a direct feed to the FBI.
  • by Grym ( 725290 ) on Saturday March 13, 2004 @04:41AM (#8550754)

    I can't believe the government is actually considering putting a backdoor in every cable modem. Karnivore, while of debatable, legitimacy, is at the very least, secure because its physical components are kept very far away from crackers (in secured buildings of Tier one providers). Thus, it works on a fairly good premise of obscurity and limited access.

    If this type of backdoor was inside the cable/DSL modem next to your computer, imagine how quickly both the obscurity and limited access factors disappear. You can kiss any type of sibilance of security on the internet goodbye because, in no time, every script kiddie running windows will be able to packet sniff your computer.

    Sometimes, I really wonder how highly funded groups like the FBI can ignore common sense problems. If there's ONE thing I think we've all learned in the past twenty years in regards to computer security is: if it's even minutely possible for them to do so, they (geeks) will figure it out. If you put an encryption scheme on every DVD drive in the world, they will figure it out. If you don't address a security bug in a prominent piece of software, they will figure it out. And if you put some uber-packet sniffing device on every cable/DSL modem in the country, they will figure it out with probably an extra sense of haste.

    So if this does come to pass, how long do you think it'll take for it to be cracked? My guess is a week. *sigh* Your hard earned tax dollars at work.

    -Grym

    • A Week?! (Score:3, Funny)

      by Greyfox ( 87712 )
      You must work in the IT industry. I've seen the amount of thought that gets put into security for any given project. If any consideration at all is made, it's usually something stupid that doesn't actually address real security at all. Along the lines of "Oh no one would ever think to exploit that huge flaw over there and fixing that would be hard!" Let's just put a band-aid over here instead and everyone will think our product is secure!

      I give it 37 minutes. Tops.

  • by zeruch ( 547271 ) <zeruch@dev[ ]tart.com ['ian' in gap]> on Saturday March 13, 2004 @04:41AM (#8550756) Homepage
    ...among many other opportunities, to use the sharp minds many here claim to have and contact your congresscritters...in writing. on paper. that will always bear more attention than an email (or even a phone call).

    People really need to stop bitching about this stuff in web fora and actually try to interface with the people that can put a stop to some of these intrusive inanities.
  • in The Netherlands (Score:5, Informative)

    by sachar ( 620132 ) on Saturday March 13, 2004 @04:44AM (#8550766)
    ISP's have been forced to install tapping devices since december 1998. Accroding to the Dutch Telecommunications Act 1998. http://www.ez.nl/english/docs/tweng.pdf
  • Not likely (Score:5, Interesting)

    by max born ( 739948 ) on Saturday March 13, 2004 @04:49AM (#8550776)
    Wouldn't worry about this.

    1. The FBI is only "asking" the FCC which, anyway, lacks jurisdiction to tell IRC programmers how to program.

    2. The Internet is becoming more decentralzed (e.g. anonymous wireless LANS,P2P networks, etc.) so there will be too many small time non compliant ISPs to go after. And the government, not for want of trying, has so far shown only futile attempts at regulating the Internet.

    3. The only people for this are the FBI and a few conservative politicians. They're going up against the communications giants and equipment manufacuters -- financially secure industries with campaign contributions, lobby groups, and lots of lawyers.

    4. Besides all that, they just don't get it. Any two connected nodes communicating by pulses (ones and zeros) can always encrypt their conversation. Language is a secret handshake.

    • by 0x0d0a ( 568518 ) on Saturday March 13, 2004 @08:29AM (#8551220) Journal
      1. The FBI is only "asking" the FCC which, anyway, lacks jurisdiction to tell IRC programmers how to program.

      Currently, this is the case. I think that no matter what, there will be pragmatic issues. However, the FCC's role in regulating Internet-based things is very much up in the air, and conflicting opinions have been taken.

      The Clinton administration, barring a few moves, took a very federal-hands-off approach to the Internet (taxes, especially, were a big sticking point). Bush largely continued that. At some point, though, it's a good bet that someone's going to try regulating the Internet in various ways, and the FCC is the most obvious choice to designate as a starting point.

      2. The Internet is becoming more decentralzed (e.g. anonymous wireless LANS,P2P networks, etc.) so there will be too many small time non compliant ISPs to go after. And the government, not for want of trying, has so far shown only futile attempts at regulating the Internet.

      Not necessarily. For certain major systems, like VoIP, there will likely be a few large ones due to network effect. Think of AIM and ICQ today. If you don't play by the rules, you can't interoperate. These services are centralized, so it's easy to monitor and pick up on noncompliant systems.

      3. The only people for this are the FBI and a few conservative politicians. They're going up against the communications giants and equipment manufacuters -- financially secure industries with campaign contributions, lobby groups, and lots of lawyers.

      Now this is a damn good point, but I can think of a couple of legitimate counterarguments. The first is that telcos are scared of the VoIP. It breaks down barriers to entry that have existed for a long time to nothing. They have a *lot* of overhead and costs that have cropped up over years, and they're looking for a way out. If VoIP systems required key escrow and *federal approval* before they can be rolled out, it makes for a *very* nice barrier to entry. You just have to donate some money to the appropriate politicians, and you've good a good reason for companies to want to play along.

      4. Besides all that, they just don't get it. Any two connected nodes communicating by pulses (ones and zeros) can always encrypt their conversation. Language is a secret handshake.

      In theory, yes. In practice, there are only so many easy-to-use mass-market clients out there. It would be difficult but feasible to go after noncompliant types. For techies, this is a non-issue, since it's easy to whip something else new up each day. For Joe Blow, this is very effective.

      I first realized the "Joe Blow"-"techie" separation when the Feds stopped going after Zimmerman for PGP. It didn't *matter* that a couple of security nuts with the dedication to get gpg and a wrapper and mutt set up. There aren't many people who were willing to copy and paste text in and out of Eudora each thime they wanted to encrypt or decrypt a message. As a result, the masses did not use PGP, so PGP was not a huge issue. The hard-core security nuts and cryptographers are kept shut up, because they *can* set up PGP, and the Fed is happy because the masses *don't* use PGP.

      However, with VoIP, the issue came up again. Email is generally read on a computer, where you can add PGP on, and hence software vendors don't bundle PGP support. However, if you start selling VoIP embedded devices, you probably need to bundle native encryption support for it to be used. It will be easy-to-use and probably automatic. This is unacceptable, because the masses will start *using* end-to-end encryption.

      The thing is, I can't work up much dislike by the FBI, because they're getting displaced by the OHS, which is ever so much more nasty and has ever so much less oversight. At this point, the FBI is the lesser of two evils -- by a long, long, long shot.
  • FBI (Score:4, Insightful)

    by Vexware ( 720793 ) on Saturday March 13, 2004 @05:01AM (#8550815) Homepage

    I am pretty sure that the majority of Internet users have nothing to hide, and are involved in no illegal activities, or at least no such activies that would be of interest to the anti-terror force that is the FBI, but privacy is one of the most basic principles of a free society, and making broadband users pay more so that the perverse desires of some unknown FBI agent "searching for terrorists" can be fulfilled is, in my opinion, outraging. The FBI already has some power when it comes to eavesdropping on the Internet, but breaching the privacy of the gigantic Broadband userbase of the USA, when they only need to track a few individuals, is I think horribly exaggarating.

    What have the Broadband ISPs said about this? They stick to revolting against delivering confidential information of their heavily downloading clients, but they don't even try to stick a word in when their whole userbase's privacy is at risk?

  • Some implications (Score:5, Insightful)

    by tehanu ( 682528 ) on Saturday March 13, 2004 @05:01AM (#8550816)
    Besides the privacy, police-state implications that I'm sure other people will point out, here are several points:

    Firstly, if there is a easily available backdoor for everything, what's to stop criminals and terrorists from using it as well? People don't seriously think that they are not going to be able to get the technical information easily. Especially if *every* software program that allows communication the way they describe requires these backdoors. There's no-way you can keep all those civilian mouths shut. These backdoors will be built-in security holes. Just like mandating only low-level encryption may mean that it is easier for the US government to break into your data, but it also makes it easier for criminals to do so as well. The likely ease with which the technical information will spread will mean that hackers will probably make versions of the programs w/o the backdoors and spread them through the underground. Real (smart) criminals and terrorists will use these backdoorless programs leaving the American government to spy on harmless citizens and the inept.

    Secondly, I can see governments like China rejecting any protocol or programs which has these backdoors installed. They are already paranoid enough about rumoured backdoors. If they are sure they exist (say through a FCC mandate) they are going to drop American software like a hot stone. While the Chinese government is a police state and would love the ability to spy on their *own* people, the last thing they want is to allow the American government to spy on *them*. Other countries, like the EU, UK might have a few qualms of letting the US government spy on *them*, though I wouldn't put it past them (esp. the UK ie. Blunkett) to start thinking of mandating their own spyware for their citizens....Say goodbye to the American software export industry...

    I also wonder how these things would work in conjunction with Trusted Computing?

    The last thing is, I presume that all rules and regulations will apply to open source software as well. So I guess all open source developers of the mentioned program types will have to submit their programs to the US government for approval before they can release it. And how does this affect the open source nature of development if you need government oversight *every* time you want to release any sort of new code?
  • Silly Feds (Score:3, Interesting)

    by hondo_san ( 565908 ) on Saturday March 13, 2004 @05:36AM (#8550906)
    Yeah, like I'm supposed to buy a few hundred terabytes of storage for no other reason than to have records of traffic for whatever law enforcement dude that shows up in my office wanting to know what so-and-so IP address was doing two months ago? Hey, I'm all for backups, but I guess I can distill my feelings to a few words: "Are they on drugs, or just stupid?"

    I've had a detective show up twice at my ISP and ask to see records for IP addresses regarding a criminal investigation (eBay fraud, as it turned out). He was amazed that we didn't have *all* traffic, like logs of the actual content of e-mails, from several months earlier. I tried to explain that something like that would require storage that we couldn't afford, and he said "well, AOL saves all e-mails." Rigghht, of course they do. Hell, it would be trivial for us to sniff and archive every single e-mail for a year.

    Freaking morons.

    • Re:Silly Feds (Score:4, Insightful)

      by 0x0d0a ( 568518 ) on Saturday March 13, 2004 @08:07AM (#8551184) Journal
      The problem that I have doesn't derive from their technical illiteracy.

      It's the fact that they consider it politically acceptable for a complete log of everything everyone does on their computer to be kept. Forever. Seriously, *what* the *fuck*.

      I wish to God I could send encrypted email to people, but they refuse to use PGP (probably because it's a fucking pain in the ass to use with most clients -- mutt and *perhaps* Mozilla are the only clients I've seen that are acceptably usable, and both requires a fair amount of technical configuration work that Joe Blow cannot do). The front ends really suck. The only time I ever found someone that I wanted to send an email to (a major open source author) that also provided a PGP key, I got a "sorry, I only keep my key at work -- can you send this again in plaintext unless it's confidential?". Sigh.

      If PGP were idiot-proof, easy-to-use, and bundled with email clients, it would be *everywhere*. However, PGP is *useless* if the only person I know of that regularly uses it is me (and since I'm the only one that can do so, I can just sign emails).

      I wish people would set up PGP and use it. They don't have to encrypt their emails, just sign them. People will start picking up on the fact that PGP is being used, and then will start encrypting emails to them....
  • Never felt safer (Score:3, Insightful)

    by Doc Ruby ( 173196 ) on Saturday March 13, 2004 @06:45AM (#8551036) Homepage Journal
    Of course the FBI should get whatever they want. They're doing such a great job, moving from strength to strength. I trust them more than ever, and I grew up with J. Edgar Hoover.
  • I am frightened (Score:5, Insightful)

    by 0x0d0a ( 568518 ) on Saturday March 13, 2004 @07:53AM (#8551165) Journal
    Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.

    I am going to keep in mind that this is seen through the filter of cnet, which tends to be somewhat Slashdottish -- kind of liberal, pro-tech, anti-regulation. I really need to see the "85-page document" to decide.

    That being said, this is possibly the most disturbing thing I have heard proposed from the federal government yet. Besides the obvious issues of holding back innovation, I find the privacy issues unacceptable. If you want to wiretap someone, fine. Go to wherever they are, and use a parabolic mic or physical bug or something similar. Yes, it doesn't let you tap the population en-masse. There is no justifiable reason for this request. The only thing it does is make cheap, easy, and hard-to-detect-abuse-of wiretapping much more feasible and tempting. I *want* it to be a pain in the ass to wiretap people. It's worked well for hundreds of years, and I see no reason to change this.

    I also want to make it clear that I will not follow any such directives requiring programs to including monitoring backdoors. If I have to, I will develop anonymously, through Freenet or similar (no, I'm not brave enough to do something like this openly as a protest and get hammered for it), but I will not begin inserting backdoors into the software I work on.

    I am absolutely appalled that something like this would be suggested. It is the sort of thing that people that I considered "tin foil hatters" were worrying about for a long time. I would like to see an EFF analysis of this. If this is as bad as the article makes it out to be, this will be the thing that tips me over the edge to sending money to the EFF.

    I would like to know what evidence cnet has for claiming that the Bush administration backs this. If they really are, they are going well beyond even what I thought Ashcroft's most tyrannical police-state aspirations were.

    Among other things, I claim that this will:

    * Limit innovation. This is a *real* issue, not a "we can't bundle Internet Explorer and now innovation is being suppressed" whine. Putting backdoors in protocols is a serious issue.

    * Damage US credibility internationally when it comes to secure software. The cryptographic export restrictions did a phenomenal amount of damage to the US computer security industry, and let foreigners take over the market. When you want smartcard systems, you don't go to a US company. This is absolutely unacceptable, as computer security is becoming ever more important as more and more people are using it.

    * Provide an impediment to international software projects. The United States is not the world, nor is it even "effectively universal" on the Internet. If you ban something like development of a VoIP system without key escrow, development will simply move overseas. Sure, you could make *using* software without escrow a federal offense (thank you Britain, which has set the path for this wonderfully stupid approach). It will do *nothing* to stop propagation of software. The last time the FBI tried to meddle with the Internet via legislation like this was when they arrested Mr. Zimmerman for releasing PGP. It *didn't work*, and wouldn't have protected their ability to snoop on people. We have come up with many approaches to deal with US laws limiting computer security, and can be used again in this case.

    * Is stunningly short-sighted. You can't make a single effective law like this. What if I ssh to a system and use an IM system there to talk to someone else on the same system (and I *have* sshed in and used talk or phone on a Unix or VMS system before).
  • The solution? Flood'em.

    Diplomatic communications between embassies and the homeland are encrypted. And to make sure they're not vulnerable to decryption, information is continuously transferred. However, when there is no information to be transmitted, random garbage is sent.

    So, what we need to do is to flood the Internet with random garbage; let the FBI sift through that!!!

    Oh, wait! This system already exists: it's called USENET!!!!

  • Well a few points. (Score:4, Insightful)

    by yoshi_mon ( 172895 ) on Saturday March 13, 2004 @08:32AM (#8551223)
    Broadband providers say the FBI's request would, for the first time, force cable providers that sell broadband to come under the jurisdiction of 1994's Communications Assistance for Law Enforcement Act (CALEA), which further defined the already existing statutory obligations of telecommunications carriers to help police conduct electronic surveillance. Telephone companies that use their networks to sell broadband have already been following CALEA rules.

    Ok, fair enough I suppose. But the fact however, as has been pointed out here, is that not all programs are being written in the US. To make IM, VoIP, IRC, and or whatever other type of program that allows communication over IP have backdoors is bad enough. But to expect that every program on the planet has one is just downright silly. But, thats not really the bad part...

    Under CALEA, police must still follow legal procedures when wiretapping Internet communications. Depending on the situation, such wiretaps do not always require court approval, in part because of expanded wiretapping powers put in place by the USA Patriot Act.

    Bad, bad, bad. Is it so much to ask for due process here? I mean it's part of our own set of friggen laws. Is it so much to ask that the Feds follow the laws before they make new ones?
  • by ortholattice ( 175065 ) on Saturday March 13, 2004 @08:32AM (#8551224)
    I trust that timing the announcement of this proposal on the day after the Madrid terrorist bombings [yahoo.com] is just an unfortunate coincidence. Not that it would affect the public's sentiment one way or the other, right? And we can be confident that Congress will study it rationally and objectively, as demonstrated by their carefully considered passage of the Patriot Act, passed almost unanimously before any single human could even read all 800 pages of it, much less grasp its scope.
  • by Nice2Cats ( 557310 ) on Saturday March 13, 2004 @08:33AM (#8551225)
    Germany already has such laws, and the ISPs have been screaming about the costs ever since. The government's reaction: Tough. If you don't like it , go sell Bratwurst instead.

    The sick thing about all Internet wiretapping is that when asked why this is required, the cops always just say "child pornography", and everybody rolls over; the media has created the impression that about every second byte transmitted has something to do with child porn. Between our War on Terrorism (With an Occasional Aside for Oil) and child porn Internet hysteria, we have two beautiful excuses to slowly rip up the Bill of Rights, piece by piece.

    Here comes the next shred.

  • by Anonymous Coward on Saturday March 13, 2004 @08:53AM (#8551259)
    In principle I have no objection to altering the existing wiretap laws to account for new technologies such as VoIP. However, make no mistake that once this occurs, the next thing on the chopping block are encryption products. The argument will be "We cannot effectively monitor terrorists and child pornographers because strong encryption has become commonplace."

    We'll be back to either mandating weaker forms of encryption or requiring backdoors be installed at the encrypted tunnel layer. SSL/TLS, IPSec and SSH all come to mind (key escrow, anybody?). By designating the tunnel endpoints as "service providers" (they ARE in fact providing some sort of service or else you wouldn't be communicating with them), they could require a backdoor be installed at the endpoint.

    Shape of things to come...

  • by L. J. Beauregard ( 111334 ) on Saturday March 13, 2004 @11:08AM (#8551789)
    Am I the only one who thinks it's no coincidence that the Feds sprung this on us right after the bombings in Madrid?
  • by nurb432 ( 527695 ) on Saturday March 13, 2004 @11:42AM (#8551990) Homepage Journal
    This is just part of the natural progression of total control and monitoring of the public.

    This will pass, and people will accept it since it 'protects me'..

    Eventually we will get to ongoing monitoring of all activities, regardless of any suspicion.. Even in your own home...

    Don't laugh, if you don't see it coming, then you are a fool.
  • Worse than China? (Score:3, Insightful)

    by incom ( 570967 ) on Saturday March 13, 2004 @12:20PM (#8552156)
    Does China even have something this nasty? In some ways I'd prefer a nationwide firewall to this.

"All the people are so happy now, their heads are caving in. I'm glad they are a snowman with protective rubber skin" -- They Might Be Giants

Working...