US Gov't Assisted Iranian Gov't Mobile Wiretaps 161
bdsesq sent in a story on Ars Technica highlighting how the US government's drive for security back doors has enabled the Iranian government to spy on its citizens.
"For instance, TKTK was lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the US government's CALEA rules that require all phone systems, and now broadband systems, to include these capabilities."
Re:Wait, what ? (Score:4, Interesting)
One man's misleading headline is another man's truth. Interesting, that.
Re:This. (Score:4, Interesting)
This is the biggest reason why we fight against greater wiretap rules in the U.S. It's not that we don't trust our government
Uh, no, I'm pretty sure it's actually because the 4th amendment makes what the government has been doing illegal. A side-effect of that is that other governments also don't get to use the loopholes our government would like, but I'm not fighting for their rights, I'm fighting for mine.
Re:This. (Score:1, Interesting)
But your government doesn't think it's wrong ("It's for the children to fight the turrists!"), so that argument falls flat.
The way to get the point across to a government official is to make it at the lobbyist level: Dear Politicians: these CALEA-mandated backdoors are causing public embarassment for us when we try to sell the product to international clients, and more importantly, they're costing us sales. If America legalized secure cryptographic communication, and leaned on other states to legalize secure communications, TKTK, Cisco, Juniper, and others could have the same sort of PR benefits (and competitive advantages) that those flappy-headed Canucks at RIMM get when selling their enterprise-level gear.
Right and wrong doesn't matter. Profitable and unprofitable matter. Either legalize secure crypto so we can start building things our customers want, rather than backdoors that serve only to benefit non-American governments at the expense of our clients' security. Or forget about the next campaign donation.
Re:Wait, what ? (Score:5, Interesting)
Oh, awesome. So I guess any day now I should see an article titled "Albert Einstein assisted North Korea in acquiring Nuclear Weapons", or "Movie Industry instrumental in helping Oppressive Regimes conduct surveillance of dissidents".
Re:This. (Score:1, Interesting)
No, the people who sound like complete wackos or naive 12 year olds are people in law enforcement who whine and scream when we just don't trust their pure motivations and dare to question why they should be given more power when they've proven over and over again that they can't be trusted with what they have. Grow up. It's one thing to say you don't trust someone or something without evidence, but saying you don't trust law enforcement to not abuse power in the face of overwhelming evidence that this is what they do all the time is just moronic.
Re:Unfair to just put the blame on the US (Score:1, Interesting)
The fault lies with us.
The only reason it's possible to do this stuff, is because we use telecommunications equipment with telecommunications networks, instead of general-purpose equipment with general-purpose networks, which just happen to be running telecommunications applications.
We know that, and yet we (geeks) keep buying into it. As long as phone calls still need to (usually) talk to the legacy system, they're vulnerable.
Stuff like CALEA only applies to these specialized networks, because, well, first because that law happens to be written that way, but second and yet most importantly, because these networks are administrated by a relatively small group of people, who can be coerced (lawfully, in this particular case -- let's not disgress into possible variants of what happened in Greece) into complying. The legacy design and requirements ensures that the providers will always have the plaintext, and those providers can be controlled, whether by government (wait, which government?!) or someone else. From a privacy perspective, that is a bleak scenario.
It's just not feasible to do that with the Internet, even if they update CALEA. Unlike "providers," software can't be centrally controlled. (If it were possible, then you wouldn't be able to play DVDs on your Linux computer.) And ciphertext on the Internet? Without doing some serious work reconstructing the context of every packet, nobody knows whether that's a phone call or just a reasonably well-compressed lolcat image or an Amazon credit card purchase.
The upshot is that technically, it's pretty damn easy for people to have secure communications. And we all know it, and we're not really doing anything about it, so that the only people who actually do have secure communications are the criminals, while the rest of society is exposed.
We have the knowledge of the problem and the power to do something about it. That makes it our fault.
The manufacturers are just complying with the law, which is easy because people are stupid enough to still be buying phones instead of pocket-sized personal computers.
Build the system, then show some non-geek user how a secure phone call works, and that'll be the end of phones as we currently know them. There aren't enough Phil Zimmermans right now. Be one of them.
Re:This. (Score:3, Interesting)
If a wiretap provides the proof that a violent criminal actually committed the crime for which they are being charged, then that is a good thing
The fact that if you were to shoot into a crowd of people, occasionally you might hit a murderer, doesn't make shooting into crowds of people a good thing.
Wiretaps are bad because their costs to society today far outweigh their benefits. That didn't use to be the case; when phone service was analog, wiretapping didn't require modifying the infrastructure, but it did require a significant effort to perform. But today, it requires destroying our communications infrastructure and gives governments (and likely others) potentially unlimited access to communications with no oversight.