Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Privacy Government United States IT Politics

FCC To Require Backdoor Network Access for Feds 492

humankind writes "The EFF is reporting that the Federal Communications Commission issued a release [pdf] announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA)." From the article: "Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications - to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements."
This discussion has been archived. No new comments can be posted.

FCC To Require Backdoor Network Access for Feds

Comments Filter:
  • by Adult film producer ( 866485 ) <van@i2pmail.org> on Saturday August 06, 2005 @05:39PM (#13260335)
    We can't sit back and let the terrorists win.. err wait, wtf am I talking about? Somehow this is a good thing.. yes.. maybe I should give the feds access to my webcams, this will make america safer :)
    • by infonography ( 566403 ) on Saturday August 06, 2005 @05:47PM (#13260405) Homepage
      Considering your nick here is Adult film producer (866485) just giving me access to your webcams would be fine. However IMHO 9/11 changed NOTHING!
    • OW! I got white stuff in my eye!
    • The terrorists won already. Just look how many rights we have to give up to protect ourselves.
      • The terrorists have not won already. They are maybe winning because of the losers in government.

        But, they have not won. They will have won when the US no longer exists.

        • by Oktober Sunset ( 838224 ) <sdpage103&yahoo,co,uk> on Saturday August 06, 2005 @07:09PM (#13260852)
          If you give up all rights that the US stands for, then the US may as well not exist.
        • by Lisandro ( 799651 ) on Saturday August 06, 2005 @08:44PM (#13261336)
          Not to rain on your parade, but check the definition [google.com] of terrorist: it's well accepted that a terrorist is someone who employs terror as a political weapon.

              The more the US resorts to giving up freedoms in order to "combat" terrorism, the more terrorists win. It's simple, sadly enough.
          • by Anonymous Coward on Saturday August 06, 2005 @08:56PM (#13261389)
            I wouldn't say that they're winning just because Americans are giving up rights. It just means we (the normal citizens, not the politicians or corporate big-wigs) are losing. The terrorists aren't necessarily winning either because our inept foreign policy hasn't changed at all.

            Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves. They likely just interpret our foreign involvement as bullying and wish us to stop.
            • Anyone who believes that "terrorists want to take away Americans' freedoms" is deluding themselves.

              Indeed, they just wish to create fear as a deterreent. The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism. It just doesn't work. There's a lot of European countries that suffered terrorism for much longer and never resorted to such measures.

              They likely just interpret our foreign involvement as bullying and wish us to stop.

              Actually
              • by 87C751 ( 205250 ) <sdot&rant-central,com> on Sunday August 07, 2005 @04:00AM (#13262869) Homepage
                The sad part is that the US finds that limiting personal freedoms is a viable way to combat terrorism.
                No, they find that limiting personal freedoms is a viable way to limit personal freedoms. That's the real agenda. Combatting terrorism is just this year's excuse.
              • Actually, the rest of the world feels that the US foreign involvement has little to do with terrorism. I should know, i'm part of them :)

                Actually I'd say it who you ask and how you ask, how the questions are phrased. The US has supported terrorists, bin Laden for instance. He is a terrorist the US supported along with the Taliban when they were fighting against the Soviet Union. President Bush gave the Taliban millions of taxpayer dollars shortly after entering office. In Kosovo, Serbia, the US s

    • Hey guys this isn't new news, my father works for a telecom company where they produce cable modem termination systems. One of the requirements mandated by federal law was that in order to sell their product they had to write a backdoor for the FBI. This is nothing new and unfortunately is just another example of creating alot of noise by not doing that much under the guise of protecting citizens.
  • ...WTF? (Score:4, Insightful)

    by Pantero Blanco ( 792776 ) on Saturday August 06, 2005 @05:40PM (#13260343)
    Wasn't there a ruling just a few weeks back that the FCC didn't have the authority to regulate the Internet, which would include things like VoIP? Did that get overturned at some point?
    • Re:...WTF? (Score:4, Insightful)

      by twiddlingbits ( 707452 ) on Saturday August 06, 2005 @05:55PM (#13260453)
      It's the actual networks the telco's own, which technically IS the Internet and technically IS not as some data (such as corporate data) travels on the networks mixed in with Internet data (i.e. a VPN over the Internet). It's really a gray area as to where the Internet stops and the carrier newtworks begin. A private, seperately routed network for say Wal-Mart using dedicated SBC/Wilco/Sprint/MCI lines would NOT be the Internet, but if they sent the data via the public side of a network then it is the Internet. Next thing ya know the Feds will want all the corporate encrypt/decrypt keys and all of our PGP keys so if the data the monitor from those they deem are suspicious they can unlock the data. Of course since they don't know in advance WHO will need to be monitored we have to err on the side of caution and EVERYONE has to give over thier keys. Even with the Patriot Act (which is well intentioned but very flawed in execution) I think this goes too far. I expect this one to be ruled on by the Supreme Court before too long. In the meantime, I guess we should all be very careful.
      • Re:...WTF? (Score:3, Interesting)

        by tomhudson ( 43916 )

        Next thing ya know the Feds will want all the corporate encrypt/decrypt keys and all of our PGP keys

        Interesting thought, but how are they going to do that?

        Looks to me like more and more people are going to gt into wireless mesh networks and pgp/gpg just to avoid big brother.

        Its' like back in (IIRC) the '60s, when one guy who was being watched by the FBI made it a habit of writing "Fuck the FBI" on sheets of paper in every hotel room he stayed in, shredded them, then dumped them in the trash. So the ag

    • As printer manufacturers have shown, you don't actually need regulatory power in order to regulate. It appears at least some companies will silently and secretly sell out their customers if the government so much as asks nicely.
  • Awesome. (Score:4, Insightful)

    by ThatDamnMurphyGuy ( 109869 ) on Saturday August 06, 2005 @05:40PM (#13260348) Homepage
    More regulations to drive up costs and actually lower security. That's our government. I can't wait for the first time that a feds-access method is discovered and published. Of course I'm sure they'll label that discovery person a terrorist.
    • Re:Awesome. (Score:4, Insightful)

      by paulproteus ( 112149 ) <slashdotNO@SPAMasheesh.org> on Saturday August 06, 2005 @05:49PM (#13260411) Homepage
      It's so nice to have market-loving, freedom-creating, innovation-pushing Republicans in power. And we all know Republicans are all for limiting the size, scope, and expense of government.

      Wait - you're saying they added regulation that limits busineses' freedoms to innovate with broadband and adds invisible costs to the consumer? I thought that was what commies and big-government Democrats do!
      • Re:Awesome. (Score:2, Interesting)

        by stevew ( 4845 )
        Oh stop blaming the Republicans for this. The FBI has been seeking this type of capability for a LONG time, including during the entire Clinton administration.

        An ODDLY - the simple fact is that the manufacturers are happy to comply because the capability is likely already there.

        A few years ago I had a discussion with a friend who was the CEO of a networking company (before it got bought by Alcatel...) He told me that the companies build this type of backdoor into the routers, etc. for their own reasons anyw
        • Re:Awesome. (Score:5, Interesting)

          by Surt ( 22457 ) on Saturday August 06, 2005 @07:43PM (#13261050) Homepage Journal
          Interesting that they sought these powers all through the clinton administration, yet didn't receive them until the bush administration.
        • Re:Awesome. (Score:4, Insightful)

          by i_am_not_a_bomba ( 904443 ) on Saturday August 06, 2005 @08:32PM (#13261293)
          Wait,

          So your saying that the republicans shouldn't be blamed because they have caved in where the democrats didn't?

          Seriously, that's what you've just said in that post.

          Sometimes i wonder if you lot would *ever* condem your partys actions, then i read posts like yours and think "no".

          (I am not an american)
        • Re:Awesome. (Score:3, Insightful)

          by HangingChad ( 677530 )
          The FBI has been seeking this type of capability for a LONG time, including during the entire Clinton administration.

          But the Republican controlled Congress gave it to them.

          It's time to stop apologizing for Republican misdeeds and failed policy. It's my party and it's time for an overhaul.

    • Oh yeah. Guaranteed, knowing about how these back doors work -- Like that's gonna stop some mafia hacker in Moscow, or Albania who's collecting information to blackmail you with or steal your identity.

      They won't get how bad this idea is until it's used to completely (and publicly) botch some top-secret investigation.

  • Aww!! (Score:3, Funny)

    by hypergreatthing ( 254983 ) on Saturday August 06, 2005 @05:41PM (#13260353)
    Think of the children! It's for fighting terrorists and will never be used otherwise!
  • by Rosyna ( 80334 ) on Saturday August 06, 2005 @05:41PM (#13260354) Homepage
    Cisco, for example, has complied with this new rule before it even existed.
  • This is a good idea? (Score:5, Interesting)

    by hobbesmaster ( 592205 ) on Saturday August 06, 2005 @05:41PM (#13260355)
    If you have a backdoor - how long before somebody malicious has access? 30 minutes? If you can get into any box anywhere (because apparently everything will have to have this) then couldn't one little malicious script bring down everything connected to the internet?
    • by Sancho ( 17056 ) on Saturday August 06, 2005 @05:56PM (#13260462) Homepage
      I'm sure the implementation would be a little more secure than requiring the username/password "fbi/fbi" to grant full access on the box. More likely, companies would be required to have a login/secure password (if not some sort of public key encryption) access on the boxes, preferably through firmware. Each manufacturer would have a different password/key. Possibly each unique model would have a different password/key. Any time a leak occurred or someone discovered the backdoor, a new firmware could be issued as a "security fix", which would revoke the old method of access and create a new one. Thus breakins would be limited to companies (Cisco) or specific devices (2950t line). Any time a breakin does occur, a firmware patch would be all that is required to seal the breach.

      Additional security could be implemented to prevent the entire Intarweb from being owned by a single leak. For example, there is no good reason that the FBI should have write-access on these devices. That in-and-of-itself should be enough to prevent worms from spreading. Also, certain key files should be unreadable, such as password lists, in order to prevent the spread of worms.

      Now, all that said, I do not think this is a good idea. Nevertheless, backdoors can be created securely.
      • by sgant ( 178166 ) on Saturday August 06, 2005 @06:18PM (#13260564) Homepage Journal
        At the very moment, the FBI is cursing under their breath as they change their passwords from "fbi/fbi" to something else.

        DAMN YOU SANCHO!
      • by Anonymous Coward
        >a firmware patch would be all that is required to seal the breach.

        Because we all know, especially when it comes to Routers/firewalls and other infrastructure, Joe Six-Pack Owner *Always* keeps up with the latest firmware releases. :)
      • by Anonymous Coward on Saturday August 06, 2005 @07:26PM (#13260948)
        I am once again surprised with the high mod points here. This guy is as niave as hell. It's pretty damned hard to design a secure front door leta alone a back door. This may be flame bait but it goes to show the level of technical knowledge on slashdot is dropping like a rock.
      • by myov ( 177946 ) on Saturday August 06, 2005 @07:36PM (#13261010)
        You're assuming they'll manage the passwords properly. Why spend the effort when you can be lazy?

          I know of field techs at numerous companies who use a password based on the serial or model number. One of my clients with a number of higher end printers/copiers has a password of "1111" or "0000". It's set that way so that all the techs know how to get in. In some cases, there isn't a password - only a key combination (like stop-*-1)
        Of course, many others quickly figure it out. I can get into maintenance menus of many photocopiers knowing this trick.

        Instead, passwords should be based on something like a site number. Still accessable to the techs, but not to the random users.

        Why is it dangerous to have a bad password? One tech told me a trick for free copies - either using the maint menu to "test" the machine, or going as far as to disable the pin menu or coin collector. Other machines now have many interesting options to play with - including watching an email address and printing automatically to things like LDAP lookups. Somebody could social engineer your network and get your company directory using the photocopier!
      • by MourningBlade ( 182180 ) on Saturday August 06, 2005 @07:56PM (#13261116) Homepage

        I think the fundamental problem here is not one of incompetence but one of interest.

        When you have ways to get unlimited access into the phone network, some very unscrupulous people with lots of money begin to think that maybe they should have access to it as well.

        In Columbia, they ran a "drug tip hotline" that was supposed to be anonymous. They got a few leads, then it dropped off. Why? Because the drug cartel had someone in the phone company feeding them the numbers of everyone who called in - whom they then killed.

        They switched it up and told people to call from a pay phone. Cartel solution? They tapped the line and started identifying people by voice.

        The program was eventually shut down.

        There's not much you can do about some of these things - but having back doors like this hurts more than it helps, and with enough resources you can get the keys.

        Another problem is that law enforcement likes as few barriers as possible to do their work (no surprise there, I'd hate to have red tape to cut through just to start up vi), so they tend to avoid solutions with things like...logging.

        I'm told that the older CALEA systems do not track their uses, and there were some very odd occurrences in NJ several years ago regarding a mafia case that suggested that someone had a way into the system - specifically confidential informants who discussed some things over the phone were then killed.

        Of course, no way to tell - there's no logs.

        My point is that when you set something like this up, you are point-balancing a sword with many edges.

        • by 0x0000 ( 140863 )

          There's not much you can do about some of these things - but having back doors like this hurts more than it helps, and with enough resources you can get the keys.

          I think you've gone to the point of the problems with this idea - it brings to my mind the whole problem with gun bans - if you make it illegal to own a gun, it is only the law-abiding citizens who will be disarmed - the people you're trying to get them away from will still have them.

          Legislation which assumes that the criminals will follow

    • So what? (Score:3, Informative)

      by MacFury ( 659201 )
      then couldn't one little malicious script bring down everything connected to the internet?

      Big deal. So anyone with a little bit of knowledge and desire can cripple the entire internet in one blow.

      We can't let the terrorists win! We must comply with this obivously good idea.

      Oh wait...

    • I think it's a great idea. As you point out, within 30 minutes someone will have malicious access. Within a month every script kiddie on the net will have access to every PC in America.

      At which point, I welcome the government's attempt to successfully prosecute me for anything whatsoever: "No, that file of Dubbya, the underage pretzel salesgirl and the goat wasn't mine. You idiots left the backdoor to my system wide open. Literally anyone on the net could have used my PC to host it and you guys are responsi
    • sounds like the spy/malware industries have significant "lobbying" power now.

  • right to privacy (Score:5, Insightful)

    by garstka ( 144691 ) on Saturday August 06, 2005 @05:43PM (#13260373) Homepage
    It's funny how you never hear the phrase 'right to privacy' nowadays. Is privacy no longer a concern to people now that we have terrorists to worry about? The things I think about and read and what I do in my personal space (yes, my computer is MY space) is frankly not the business of anybody except me. Get a warrant, then search me - I'll live with the fear of a terrorist attack, I can handle the responsibility.

    • by dratox ( 894948 )
      "Is privacy no longer a concern...?" People don't know enough to be concerned. Most people happily ignore politics; their right to privacy is just a subset of this. The government tells them its good for them, and they'll blindy buy into it, to lazy or too stupid to actually see the facts. should the government tell them that losing their freedoms is a good thing, then they'll buy right into it, no questions asked
    • You're right, it is your space. Pull out that little network cable at the back of the machine. There, nobody has access to it anymore. See how easy that was?

      Some of us remember what it was like to use a computer before the internet. Strangely, they were still pretty useful for a lot of things.
    • Re:right to privacy (Score:5, Interesting)

      by bezuwork's friend ( 589226 ) on Saturday August 06, 2005 @08:01PM (#13261138)
      Just finished the bar. Don't remember it from Constitutional law but for the bar, we studied the fundimental rights pretty thoroughly. The right to privacy is a fundamental, if implied, right which in turn leads to other rights - the right to marry, to procreate, to use contraceptives, to have an abortion, etc.

      So for now, it is alive and well in theory.

      But scotus has taken rights that once were fundamental and reclassified them as not (forget which ones right now). So it comes down to what the scotus du jure thinks.

      There was a guy in my law classes who, after 911, kept saying that we may have passed into an era where privacy must be sacrificed. I don't think it is necessary and hope he was wrong.

      Related comment - last year I reported some vandalism on my property. I refused to fill out the fields for age, race, hair and eye color, etc. The police called me and refused to enter the report (I did it online) unless I provided that information. I said "why? You know where I live and I was the victim (sort of - my property was)" Their reply? "The FBI won't like it." Scary.

      • Government will always seek an excuse to exercise more control over its people - it is a natural tendency. The reasons may seem benign at first, and may be made out of a sincere desire for peace and prosperity for all, but governments are invariably run by people, and people are notoriously unreliable.

        The good people who start something get replaced by less-adequate, or even corrupt, people, and eventually things go wrong. Not an absolute, but history has shown this time and time again.

        There has never bee
    • by demachina ( 71715 ) on Saturday August 06, 2005 @10:25PM (#13261812)
      "Is privacy no longer a concern to people now that we have terrorists to worry about?"

      The stock response is if you aren't doing anything illegal why would you care about privacy. This is only to catch bad people doing bad things. You aren't a bad person doing bad things are you? At this point you can see why only activists will fight it. Your average citizen isn't going to complain because that just makes you ripe for further attention by the authorities. The man in the suit might come knocking and ask, "Why are you wanting to use encryption and hide your activities from us Mr. Garstka."

      American's don't really have much of a sensitivity, at present, as to why police states are bad. They aren't likely to start caring until its to late. At the moment its really only Muslim's that are taking the brunt of it and most Americans aren't Muslim. For example two men in Detroit were convicted on terrorism charges by the DOJ. The two main exhibits:

      - A homemade video of their trip to Disneyland which the government insisted was really a surveillance tape to plan for a terrorist attack, and just cleverly made to look like a tourist video.

      - A conman up on fraud charges was offered a reduced sentence if he testified against them. Predictably he took the offer. Unfortunately for the DOJ he started talking to cell mates and admitted he lied to get his charges dropped and the case was overturned, but not until two Muslim men and their families had been put through living hell for having video taped their Disney vacation.

      This instance is covered in the fascinating BBC documentary The Power of Nightmares [archive.org]. If you want a primer on why your right to privacy is being eviscerated by the powers that be, its a good starting point. It also highlights some fascinating similarities between the neoconservatives currently running America and Britain and Islamic fundamentalism. In many respects they need each other and are using each other to attain their goals, the end of western liberalism and liberties. They both want a return to regimented societies dominated by their respective religion's concept of law and order.
  • I can think of no better reason to start looking for off-shore hosting providers.
    • Re:Great (Score:3, Interesting)

      by CdBee ( 742846 )
      I was just thinking, this is the point at which I stop buying US Robotics broadband routers and start pondering the benefits of using either a Mac Mini or a small-footprint intel PC as a linux router...
  • SSH tunneling (Score:4, Insightful)

    by paulproteus ( 112149 ) <slashdotNO@SPAMasheesh.org> on Saturday August 06, 2005 @05:45PM (#13260389) Homepage
    I was going to reply to this with, "Well, I can tunnel my connections via SSH to add instant magic security powder," but then I realized - the server I'd be doing the tunneling *to* is on a cable modem, and it'll have all the same backdoors.

    I wonder if I can trust my university's networks; maybe I should SSH tunnel to my computer science department account.

    Huh.
    • The server you're tunneling to will have a public key to authenticate itself. If you make sure you have a fingerprint (there are various ways to do this, it's usually doable even if you have to pick up a phone), you can be reasonably sure you're getting the server you wanted.
    • Upon reading the PDF, it's only about VoIP, so they can tap phones of Vonage, Packet 8 etc. I wonder how SkyPE or Project Gizmo will react to this.
    • "I was going to reply to this with, "Well, I can tunnel my connections via SSH to add instant magic security powder," but then I realized - the server I'd be doing the tunneling *to* is on a cable modem, and it'll have all the same backdoors."

      Seems to me this problem exists whether gov't interferes or not. Sure, it'll be worse, no doubt about that. But if you ask me, you should be taking steps to a.) Limit the amount of sensitive info going through an b.) Minimizing the risk of somebody having that info.
  • ".. to build insecure backdoors into their networks, ..."

    What if it means that the equipment will accept connections if it passes a rigerous sshv2-dsa key handshake, with a really, really big key size? I don't see that being insecure, setting aside concerns about the stupid feds being bitches [wikipedia.org] in power games leaking the key. Technically, there's nothing stopping them from making it secure (as secure as you or I have our home systems, that is).
    • When there's one key to the whole American Internet infrastructure, that sounds pretty insecure to me.

      One malicious Fed with the access key can leak it, or eavesdrop on anyone at will. Perhaps he was blackmailed by the mafia, or wants extra money by selling info to spammers, or incentives are otherwise skewed.

      Time and time again, we see that eavesdropping systems are abused by insiders. That's why limiting the availability of eavesdropping technology to exactly what's required is the most secure choice.
    • by ArbitraryConstant ( 763964 ) on Saturday August 06, 2005 @05:58PM (#13260471) Homepage
      "What if it means that the equipment will accept connections if it passes a rigerous sshv2-dsa key handshake, with a really, really big key size? I don't see that being insecure, setting aside concerns about the stupid feds being bitches in power games leaking the key. Technically, there's nothing stopping them from making it secure (as secure as you or I have our home systems, that is)."

      The dominant SSH implementation (OpenSSH) isn't even based in the US, so the FCC doesn't have the power to mandate backdoors in it.
  • huh? (Score:4, Insightful)

    by zappepcs ( 820751 ) on Saturday August 06, 2005 @05:46PM (#13260395) Journal
    How does this hobble technical innovation? It is a logical extension of CALEA.

    I see problems with it, like Skype is not a US company and implementing CALEA functions for monitoring on Skype servers would not be legal in other countries?

    I don't think that the government has a clear grip on what the Internet is yet, but by allowing VoIP to replace traditional switched circuit voice networks, they lose monitoring functions for legal wiretap operations. This just gives it back to them, though I'm not sure how they will implement it worldwide, nor do I think it can be done simply within the borders of one country since it is run over the Internet in many cases. Sure, if Comcast offers VoIP, then CALEA would apply, but I see trouble with Skype and Gizmo services.

    Also makes me wonder how far the reach of CALEA will go, given the current state of anti-terrorism and related activities.

    I just don't see how this hobbles innovation.
    • Re:huh? (Score:3, Insightful)

      by laffer1 ( 701823 )
      Innovation is hampered because US companies have the additional burden of providing the back door in their products. Its an added cost, and security hole. If I lived in another country, I would not buy American products now. As an american, i may consider buying foreign products without the back doors. Obviously i'd have to mail order them for a less than reputable source as products imported will probably need the lame back doors too!
  • The Order is limited to facilities-based broadband Internet access service providers and VoIP providers that offer services permitting users to receive calls from, and place calls to, the public switched telephone network. These VoIP providers are called interconnected VoIP providers.

    How many people have a service like that? It looks like they want to retain their wiretap capability for voice communication as we move into VoIP, not monitor everything you do.

    Sheesh.

  • It was really bothering me that American network equipment manufacturers were able to sell so many units to foreign governments and companies. This should take care of that problem lickety split.

    Oh, I'm sure the economist weenies will start crying, "The trade deficit is too high already!" Claptrap. You want a trade deficit you can really sink your teeth into? America is barely even working at raising the trade deficit. But this sort of move is a great step in the right direction. Focus the entire country

    • the very odd thing about what you say is that while they're selling these units to other countries, they themselves make use of a foreign government's telecommunications system. they apparently handle all the billing and wiretapping services for the US populace and federal and governmental agencies.

      sounds like a disaster waiting to happen...
  • by MrLint ( 519792 ) on Saturday August 06, 2005 @05:52PM (#13260434) Journal
    Well since companies like Linksys use linux in their devices, they still have to comply with the gpl. meaning if they keep using Linux they will be revealing all the back door code, or they'll have to stop using it or get sued.

    Of course knowing our govt, the spec will be sooo poor and it'll get out and the internet will have huge security holes and hackers and spammers will get a hold if it.. and *foom* govt facilities zombies!

    mebbe its time to switch to a bsd router.
    • Who'd actually sue?

      And the case would obviously end up in a federal court... in which the judges would most likely demean the GPL'ers for attempting to destroy national security.
    • Well since companies like Linksys use linux in their devices, they still have to comply with the gpl. meaning if they keep using Linux they will be revealing all the back door code, or they'll have to stop using it or get sued.

      Not necessarily. The backdoor could be, for example, a certain username/password account for logging in via ssh, a piece of GPL'd software. I think this was all trivial; for another example, you can use https for secure banking even if all the software is Free. The security is ind

  • by Anonymous Coward on Saturday August 06, 2005 @05:53PM (#13260439)
    If the goal of terrorists was to destroy our freedoms and way-of-life, it is starting to look like they are winning -- and while I sure terrorism is the excuse for this law, I'm really not sure I trust the intentions or our current government.

    In addition to the immediate 'what kind of country are we becoming?' blood-curdling privacy implications of this law: what is this going to do the competitiveness of American manufacturers? Other countries are not going to accept back-doors for the US government in their network products.
  • global pw (Score:2, Funny)

    by WrongOne ( 872463 )
    I hear the password is gonna be PENCIL... SHHH dont tell anyone.....
  • With already over 2/3 of computers running the spyware CoolWebSearch, this could be implemented tomorrow by buying that spyware company, and requiring Microsoft to preinstall it, and thus any hack to take it off the computer would be a violation of the DMCA.
  • for more contraband. "Hey, buddy. Wanna buy a modem? Guaranteed secure. Only a thousand bucks. Buy two for eighteen hundred." This will turn our economy into a pure black market(I wish). Everything will be illegal. A pirate's paradise this will be. The hardware hackers have their work cut out for them. I hope they can handle it. Our new machines will be giant breadboards and wire wrap. All electronic engineers will be required to register. There will be a three day waiting period to buy soldering irons whil
  • by artifex2004 ( 766107 ) on Saturday August 06, 2005 @06:06PM (#13260513) Journal
    If you use open source router software, and tunnel or SSL or SSH to everything, this should not be a problem.

    The question is, why aren't people assuming that plaintext is a bad thing already?
  • And? (Score:4, Interesting)

    by roybadami ( 515249 ) on Saturday August 06, 2005 @06:10PM (#13260528)
    AFAICS, all the linked press release says is that VOIP should be subject to the existing laws on telephone tapping....

    Or am I missing something?

  • that make me give thanks for living in a 3rd world country... I think.
  • that WIFI (and all it's many variations)are so easily crackable ... because it was designed with something like this in mind?

    i just find it hard to believe that after so many tries, the standards body couldn't find a way to make wifi even remotely secure. a war driver or a script kiddie can crack it in a matter of minutes at most.

    also it isn't the populace's responsibility to make it easier for law enforcement agencies to eavesdrop/do their job.
  • Invading Iraq was Bush's genius stroke in the G-WOT? Now we're fighting them "over there", so we won't have to fight them over here, because terrorists can't hijack planes and slam them into buildings [global-conspiracies.com]. Everyone agrees that these Patriotic efforts are making us safer [msn.com]. Don't you feel safer, knowing that the FBI will outsource to China [blogs.com] the grunt work of monitoring these backdoors? Then they'll swing into action [antiwar.com], and save us all.
  • Lemme get this straight -- they'll require a backdoor on those little boxes you can buy with commercial service, but not from random software you can download and use with a microphone and speakers?

    Criminals and terrorists can get said software if they want to. Heck, they can probably get it for free, legally. They can use that to talk to each other over the internet; granted, it won't be as convenient as phone-like service with standard phone numbers, but it'll work. Meanwhile, the government retains the a
  • by ChiralSoftware ( 743411 ) <info@chiralsoftware.net> on Saturday August 06, 2005 @06:22PM (#13260589) Homepage
    If I use a Linux box as my broadband router, is that a regulated device? What I'm wondering is, where does this law stop? If there is a Linux distro that is specifically designed as a "broadband router on a CD", would that fall under the regulation? What if I have a broadband card plugged directly into my computer? Is the broadband card the device, or is the whole computer the device? What about if the broadband card does everything in drivers which are part of the kernel?

    Even regular consumer devices like Linksys routers are running Linux, so that makes me wonder if the changes have to be hardware or software changes. It's my impression that on a Linksys router, basically everything important is done in software, so I don't see how this could be implemented in hardware.

    And obviously, if this means that Linksys routers need to have a patched kernel, will they have to be locked in some way to prevent changes to the kernel? What about the GPL? If the backdoor is implemented as a part of the kernel, and then that kernel is redistributed, then the backdoor code would need to be published, right?

    Back in the days when everything was hardware, regulations like this would be cleanly enforceable, but now that the work is done almost entirely in software, it's a mess.

    -----------------
    mobile search [mwtj.com]

  • Backdoor Login to all American Homes. Terrorists will love this. Yes, they can finally sniff the Traffic from everyone.

    I think, America is heading down to a big revolution. At some point, if this goverment doesn't change, it will get overthrown. Empires never lastet.
  • Now hardware manufacturers need to not only to make this backhole for their us customers, but also create another version for the rest of the world. Someone I don't think European govts. will much like Uncle Sam being able to spy on them.
  • ...as it was in Roe vs. Wade where a "right to privacy" which is ennumerated in no way, shape, or form in the constitution was found by the SCOTUS, and then used to imply further that under this right there was a right to abortion. If these invasions of privacy, erosions of private individual and group securit at the hands of the state continue without appropriate challenge, it will eventually come about through force of history and precedence that there is no right to privacy and with that goes any right t
  • by 2ainman ( 700247 ) on Saturday August 06, 2005 @08:52PM (#13261373) Journal
    ... rather than just taking everything I hear from the internet (interpreted thanks to eff.org). Kudos to people like sheetrock, teilo, and others for doing the same. Im not going to bother reiterating some of their previous points regarding "backdooring our routers!". If you're confused ... lookup "backdoor" and "wiretap" on some jargon files or something.

    Heres a link to the fcc announcement (NOT eff.org's) http://hraunfoss.fcc.gov/edocs_public/attachmatch/ DOC-260434A1.pdf [fcc.gov]

    Ooooh theres some big telco words in there that I had to look up.

    facilities-based isp: isp owns the switches and access servers.

    Many isps are non-facilities based or hybrid based, meaning that they buy some access from other facilities-based isps, and have some equipment of their own. It only makes sense that the fcc would want access to the equipment through the people that actually own them.

    More specifically the announcement mentioned that they would target the facilities based isps / voIP carriers that allow connection to pstn (public switched telephone network).

    You guys have all seen those cop movies where they sneak into the bad guy's house and tap his phone. Well, if a bad guy is using voIP, you can hardly do that. (Well you can, because voIP's standard is not encrypted, although some like skype claim to). So rather than try to tap at the source, which could possibly be encrypted (as teilo said), they just tap it at the point at which it is just pstn traffic again. (Remember they were focusing on services that allowed communication to pstn from voip). So if bad guy A tries to do voIP to bad guy B whos just on pstn, then fbi can listen in, without knowing the location of bad guy B.

    This leaves the idea of the bad guys just talking voIP to voIP with encryption. People say that the government can already sniff our traffic and see everything we do, so whats the point of this new legislation? Where are they sniffing from? As of now, I don't think its via these ISPs who are commercially owned with little to no regulation. So maybe this is the government just moving their pieces in to better position on the board.
    Just my 2 cents.
  • by ediron2 ( 246908 ) * on Saturday August 06, 2005 @09:04PM (#13261426) Journal
    Heh, perhaps this is being done so that the Government can cause a catastrophic security event so big it'll make Cisco's looming problem look trivial.

    After all (and I do government security work), Uncle Sam usually does mediocre to terrible infosec...

    Seriously, this idea is terminally stupid to the point where I doubt it'll succeed. Even if we dodge the risk (hah!), and the letter of the rule is implemented, grunts like me will just be required to implement secure tunnels to hide stuff that is too important to risk (they add a key, so we add another lock).
  • by Anonymous Coward on Saturday August 06, 2005 @10:59PM (#13261968)
    1: RIAA/MPAA sniffs out a pirate on a P2P network, they send an automatically generated electronic form to the Department of Homeland Security, which has an Intellectual Property enforcement team, complete with IP address. In moments, the DHS automatically fills out another form, which is stored on a computer, then sends the hack signals to the cable box in question to begin sniffing network packets. This system then automatically checks the data of the packets to see if the data is similar to any files the RIAA/MPAA doesn't want provided.

    Or anything else the government doesn't happen to like.

    The DHS then begins seizing computers out of homes with search warrents obtained with said data, at gunpoint.

    Depending on the dissident or resident, they then go in unnannounced and when they raise their hand above to block the light from going into their eyes during a night raid, they get shot for making a wrong move...

    2: A political dissident radio network, TV network, website, ect is broadcasting all over the world wide web. The ADL, APAIC, Oil corporation, wood corporation, ect doesn't like this. DHS gets a sniffer on the line going from their place, then sniffs IP address and begins sending hack signals to the IP's requesting services to the box they are sniffing. They then systematically send signals to each box in line to shut it off or ban it from getting onto said website, radio network, ect.

    3: Is there such a thing as secure transmissions on that kind of a line if they can intercept the encryption key going over it?

    4: You are now on a "Internet Terrorist Red List" where if you don't do what we will just keep sending disconnect packets to your cable modem every 10 seconds so you can't get on. ...Is there any good use for this?... ... ... ... ...

    The ISP's already have to oblige by federal regulations regarding searches and seizures. So if they've got the evidence they go over the CO, hook a tap on the DSL or tap the phone line itself.....a phone tap works for any residential or other internet service if you've got access to the other end.

  • by the_REAL_sam ( 670858 ) on Saturday August 06, 2005 @11:34PM (#13262115) Journal
    Don't you remember the good old LRP?! It was an open source implementation of a firewall router that fitted onto a floppy, ran on an old 486 with 2 network cards, no cooling fan, no monitor. Most importantly, NO BACKDOORS.

    Barring that there would always the option of circumventing the commercial "spook" internet with a homespun wireless routing or "pringles can" internet.

    There is no way that the spooks can bypass determined ingenuity for freedom.

  • by MMHere ( 145618 ) on Saturday August 06, 2005 @11:52PM (#13262176)
    I consider the port out of my home office to be inherently insecure.

    None of my machines on my network get to send to/from that port without first going thru my NATting and rule-driven Linux firewall machine.

    They can hack the DSL modem thru its "insecure backdoor" all they like, but they'll meet only my silent firewall -- just like everyone else.
  • by CurbyKirby ( 306431 ) on Sunday August 07, 2005 @02:21AM (#13262629) Homepage
    As others have mentioned here, assuming that the Internet is confidential is dangerous and naive. With the rise of cable modem networks and Wifi networks, the zone of trust is even smaller.

    I don't have a problem with the general idea of governments being able to tap the Internet in the same way as they tap phones, if and only if the system is secure and regulated at least as rigorously as phone taps. In fact, given the choice I'd rather they tap the Internet than phones (where things like encryption are expensive/difficult to employ).

    While the general idea of a net tap isn't so bad, the implications are more distressing. Once they get their mitts on the first few layers of the network stack, they'll naturally work their way up. The next logical step is key escrow for encryption. For an old yet relevant paper on this, see:

    http://www.cdt.org/crypto/risks98/ [cdt.org] [html]

    Among the risks and problems cited in that paper are things that will also be relevant in any sort of network tap, including higher costs pushed onto end users, inherent insecurity in having extra access vectors, and difficulty in preventing abuse of the system.

    In the end the idea of a network tap isn't so bad. What bothers me is the difficulty (impossibility?) of doing it right, and the other things that this will set a precedent for.

Heisenberg may have been here.

Working...