Sophos Cloud Optix
In the US, the Federal Bureau of Investigations (FBI) has what it calls a Going Dark problem.
As the FBI has been telling it for the past few years, the agency is unable to tap the latest generation of Internet communications venues – at least, not always easily or quickly – as it seeks to eavesdrop on terrorists, child pornographers, human traffickers, arms traffickers, drug dealers or other criminals.
A government task force is now preparing legislation that would fix all that by putting the screws on companies such as Facebook and Google, forcing them to enable law enforcement to intercept communications in real time, according to The Washington Post.
The proposal is designed to expand the reach of CALEA, the 1994 Communications Assistance for Law Enforcement Act.
CALEA is a wiretapping law passed under President Bill Clinton that requires telecom service providers and equipment providers to design or modify their products, facilities and services to have surveillance capabilities built in from the ground up so that Feds can monitor all telephone, broadband Internet, and VoIP traffic in real time.
The panel’s proposal will broaden the reach of the law by specifying that it also covers peer-to-peer communication—e.g., Internet phone calls.
Relying on “current and former U.S. officials familiar with the effort,” the Post reports that the task force will propose penalties for companies that fail to comply with court authorizations for wiretapping.
As it is now, FBI lawyer Valerie Caproni told a government committee back in 2011, G-Men are getting stymied by surveillance targets’ reliance on an ever more tangled web of communications providers.
Some of those providers are based overseas, far from the long arm of the Feds or otherwise outside the scope of laws such as CALEA that force providers to roll over when the government tells them to.
Then again, some of the communications players who could help the FBI to eavesdrop just don’t have the existing technical means to let them listen in, or even the know-how to set it up, according to the FBI.
It all adds up to big time delays for the government when it comes to getting the information it needs to catch bad guys, Caproni said:
"[Some] providers may not have intercept capabilities in place at the time that they receive the order. Even if they begin actively attempting to engineer a solution immediately upon receipt of the order and work diligently with government engineers, months and sometimes years can pass before they are able to develop a solution that complies with the applicable court order. Some providers never manage to comply with the orders fully.
"Even providers that are covered by CALEA do not always maintain the required capabilities and can be slow at providing assistance. Indeed, as with non-CALEA providers, for some CALEA-covered entities, months can elapse between the time the government obtains a court order and surveillance begins. In the interim period, potentially critical information is lost even though a court has explicitly authorized the surveillance."
Rather than just strong-arming the providers whose cooperation they need to listen in on communications, the Feds typically just back off if a company resists, according to The Washington Post’s sources.
Hence the concept of “going dark”, as the FBI portrays itself, increasingly groping blindly in information lock-out.
The panel’s draft proposal reportedly would allow a court to levy a series of escalating fines, starting at tens of thousands of dollars, to those companies that fail to comply with wiretap orders.
Those companies that don’t open up their doors to wiretapping within a certain period of time would automatically face judicial inquiry, which could lead to fines.
To light a hotter fire still under recalcitrant companies, the fines would double if left unpaid after 90 days.
The proposal would let companies figure out how to satisfy surveillance demands themselves. Smaller companies would be exempt from fines.
Some services, as The Washington Post points out, have never fallen under CALEA compliance, including social media networks like Facebook or chat features of online gaming sites.
Former officials told the newspaper that Google seriously mucked everything up for wiretapping when it initiated end-to-end encryption of Gmail back in 2010, after it and at least 20 other companies got hacked.
Other sites, including Twitter and Facebook, quickly jumped on the Secure Sockets Layer (SSL) encryption bandwagon, further gumming up the wiretapping works.
A former senior Justice Department official, Kenneth L. Wainstein, assistant attorney general for national security from 2006 to 2008, told The Washington Post that the proposal isn’t about seeking expanded surveillance.
Rather, he said it’s about making sure that officials’ existing authorities “can be applied across the full range of communications technologies.”
But is the US government really in the dark? Are its surveillance powers diminished greatly?
Privacy watchdogs say No, quite the contrary.
In fact, some privacy experts have dubbed this the golden age of surveillance.
The Center for Democracy and Technology in the fall published an excerpt from a paper by Peter Swire, the C. William O’Neill Professor of Law at the Moritz College of Law of the Ohio State University, and Kenesa Ahmad, Legal and Policy Associate with the Future of Privacy Forum.
In the excerpt, the O’Neill and Ahmad noted that while the internet and evolving IP-based communications do present obstacles to lawful interception of communications, law enforcement has “far greater capabilities than ever before” with regards to location information, information about suspects’ contacts and confederates, and “an array of new databases” that can be mined to help identify suspects and create “digital dossiers” on individuals.
Furthermore, some say that wiring in eavesdropping backdoors will leave servers vulnerable to getting hacked.
The Washington Post quoted Susan Landau, a former Sun Microsystems distinguished engineer, on the point:
"What you’ve done is created a way for someone to silently go in and activate a wiretap. [illicit surveillance was possible with traditional phone communications because of CALEA but the problem] becomes much worse when you move to an Internet or computer-based network."
Not really sure if this about surveillance. Seems to me it is a money grab for the government. Quick levy a fine because your network and technology is secured. If the government needs access to the network for an individual let them go through the warrant process, does the government need access to all the information and conversations of Facebook or the entire GMail users? No, they don't have the man power to even sort through it all.
Technological problems can always be overcome with technological solutions.
The current technological problems are like ping-pong balls being batted back and forth between the 'Feds' and the 'Bad Guys'.
The Fed's solve their problems by creating problems for the 'Bad Guys'.
But we, the online public and legitimate businesses are caught up in the cross-fire.
The solution to the current problem presented by this 'solution' is encryption and that means that anyone encrypting their personal or business data and communications will come under as much suspicion as the real bad guys and the Fed's will find themselves understaffed, overworked and mistrusted far more than they are at present.
Their over-reliance on technological solutions to real-world problems is counter-productive, creating a rod for their own backs with which public opinion will gleefully beat them.
All of the US governments arguments seem to boil down to, "Whaaa! The world is complicated! Big companies should make it uncomplicated! T-T" All this legislation would do is compromise the security and integrity of large, public, US sites while the really dangerous criminals will stick to the same offshore, encrypted, untraceable sites they are already lurking on. At best this would "help" catch petty criminals of the sort already publicly bragging on Facebook.
"Former officials told the newspaper that Google seriously mucked everything up for wiretapping when it initiated end-to-end encryption of Gmail back in 2010, after it and at least 20 other companies got hacked.
Other sites, including Twitter and Facebook, quickly jumped on the Secure Sockets Layer (SSL) encryption bandwagon, further gumming up the wiretapping works. "
Isn't it telling how the FBI is crying over major security holes being filled? They want peep holes built into our communication systems while promising they wont abuse them. Problem is their is plenty of evidence that if given this power it WILL be abused.
Then you add on top of that the fact you are intentionally making a system less secure. It is hard enough for someone to build a communication system that is secure from hackers and that is before they are told to intentionally add backdoors.
They had this sort of constant surveillance in the Third Reich. They had it in the Soviet Union. It was "legal" there because those who held power said so. They have it right now in communist China. It's legal there too, for the same reason. But what is legal is not equal to what is right.
We have a Bill of Rights that (supposedly) guarantees some fundamental rights, including, "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized" (the Fourth Amendment).
Give the state the power of constant surveillance, and it will be abused. The presumption that it would only be used "for the common good" is a fantastic delusion.
It seems that the feds have given up on going after big-time crooks & decided to stick with the small stuff.The big-time people don't providers in the USA for any of their communications.The smaller criminals do.Since they can't do anything to the foreign providers,they have decided to "kick the dog because the boss chewed them out at work" & try to punish US providers because they can't touch the others.
I can’t wait for an American company to purchase TrueCrypt and Tor. Don’t think it can’t happen!
Even if this happens, these are open source so buying them won't have any real effect, these project will be forked and renamed. You cannot own an idea.
Oh! What nostalgia!
Now for the "Clipper -2" chip?
Remember the "Clipper Chip", "Skipjack" cipher, key escrow and the LEAF attributes – and all that under President Clinton!
So who is watching the Watchmen?
“the agency is unable to tap the latest generation of Internet communications…”
So by extension that must mean those U.S. sites are really dangerous places to go.
Just going to have to start actively looking for non-U.S. sites and companies, close my |Skydrive, and Google Drive…
I will probably even have to restrict myself to sites that are not hosted in the U.S.
My biggest worry is what about the back door getting hacked and how will anyone know? This seems the greatest hole in the system. I know the Government gets hacked and how would we know? I'm sure they would have to have warrants? They had better, and I just don't believe that the Government is is that position. They have always pushed for legislation for them to check out everybody that should end. As a former Law Enforcement Officer, I understand the need, but too often the push their need above that of the privacy that the rest of us need. Some things need to end and this is one of them. As was previously stated the fix is security just bit them.
Jack
There are so many nations that want to overthrow this government its not even funny…its not about the government. Its about protecting its citizens. If someone can use your precious Facebook to overthrow a government to me that is a powerful tool that must be monitored. As long as you are not conspiring against they have no interest in you. After 911 everyone was in shock…but how soon we forget… become compliant not complacent…