By Peter Suderman
The federal government knows you’re Skyping. And Blackberrying. And chat-rooming. And peer-to-peer communicating. And otherwise trading
messages, perhaps encrypted, on the Interwebz. But it doesn’t always have the ability to intercept your digital-era communications or figure out what, exactly, you’re saying. And so, as Jesse Walker noted in today’s morning links, law enforcement authorities are readying new legislation to change that.
Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.
Essentially, officials want Congress to require all services that enable communications—including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype—to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.
James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution”—including its decentralized design.
“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”
The Times notes that federal “investigators have been concerned for years that changing communications technology could damage their ability to conduct surveillance.” And the FBI says it’s simply preserving its existing intercept authority, not expanding it. But it's hard to say you're not asking for expanded authority when you are, in fact, pushing for new rules and greater control over online communications. Nor is it clear that encrypted connections are actually all that much of a barrier to law enforcement investigations. As Cato’s Julian Sanchez notes, the most recent report on government wiretap efforts “cited only one instance in which encryption was encountered, out of 2,376 wiretap orders.”
Meanwhile, even if you buy the FBI’s argument, this effort to preserve its authority could entail significant changes in the overall design of the Net—changes that are more likely to open the web to government interference, not just in the U.S., but worldwide. And those changes would be likely to have unpleasant long-term ripple effects in terms of what security and communications technology gets developed. As Sanchez argues, forcing security technology creators to design their systems with back doors is essentially a request for an “insecure Internet”:
They are basically demanding that providers design their systems for breach. This is massively stupid from a security perspective. In the summer of 2004, still unknown hackers exploited surveillance software built in to one of Greece’s major cell networks to eavesdrop on high government officials, including the prime ministers. The recent hack of Google believed to originate in China may have used a law-enforcement portal to acquire information about dissidents. More recently, we learned of a Google engineer abusing his access to the system to spy on minors.
This demand has implications beyond the United States. Networks designed for interception by U.S. authorities will also be more easily tapped by authoritarian governments looking to keep tabs on dissidents. And indeed, this proposal echoes demands from the likes of Saudi Arabia and the United Arab Emirates that their Blackberry system be redesigned for easier interception. By joining that chorus, the U.S. makes it more difficult for firms to resist similar demands from unlovely regimes.