US seeks to pressure Google, Facebook et al. into installing wiretapping backdoors

US seeks to pressure Google, Facebook et al. into installing wiretapping backdoors

FBI backdoorIn the US, the Federal Bureau of Investigations (FBI) has what it calls a Going Dark problem.

As the FBI has been telling it for the past few years, the agency is unable to tap the latest generation of Internet communications venues – at least, not always easily or quickly – as it seeks to eavesdrop on terrorists, child pornographers, human traffickers, arms traffickers, drug dealers or other criminals.

A government task force is now preparing legislation that would fix all that by putting the screws on companies such as Facebook and Google, forcing them to enable law enforcement to intercept communications in real time, according to The Washington Post.

The proposal is designed to expand the reach of CALEA, the 1994 Communications Assistance for Law Enforcement Act.

CALEA is a wiretapping law passed under President Bill Clinton that requires telecom service providers and equipment providers to design or modify their products, facilities and services to have surveillance capabilities built in from the ground up so that Feds can monitor all telephone, broadband Internet, and VoIP traffic in real time.

The panel’s proposal will broaden the reach of the law by specifying that it also covers peer-to-peer communication—e.g., Internet phone calls.

Relying on “current and former U.S. officials familiar with the effort,” the Post reports that the task force will propose penalties for companies that fail to comply with court authorizations for wiretapping.

As it is now, FBI lawyer Valerie Caproni told a government committee back in 2011, G-Men are getting stymied by surveillance targets’ reliance on an ever more tangled web of communications providers.

Some of those providers are based overseas, far from the long arm of the Feds or otherwise outside the scope of laws such as CALEA that force providers to roll over when the government tells them to.

Then again, some of the communications players who could help the FBI to eavesdrop just don’t have the existing technical means to let them listen in, or even the know-how to set it up, according to the FBI.

It all adds up to big time delays for the government when it comes to getting the information it needs to catch bad guys, Caproni said:

"[Some] providers may not have intercept capabilities in place at the time that they receive the order. Even if they begin actively attempting to engineer a solution immediately upon receipt of the order and work diligently with government engineers, months and sometimes years can pass before they are able to develop a solution that complies with the applicable court order. Some providers never manage to comply with the orders fully.

"Even providers that are covered by CALEA do not always maintain the required capabilities and can be slow at providing assistance. Indeed, as with non-CALEA providers, for some CALEA-covered entities, months can elapse between the time the government obtains a court order and surveillance begins. In the interim period, potentially critical information is lost even though a court has explicitly authorized the surveillance."

Rather than just strong-arming the providers whose cooperation they need to listen in on communications, the Feds typically just back off if a company resists, according to The Washington Post’s sources.

Hence the concept of “going dark”, as the FBI portrays itself, increasingly groping blindly in information lock-out.

The panel’s draft proposal reportedly would allow a court to levy a series of escalating fines, starting at tens of thousands of dollars, to those companies that fail to comply with wiretap orders.

Those companies that don’t open up their doors to wiretapping within a certain period of time would automatically face judicial inquiry, which could lead to fines.

To light a hotter fire still under recalcitrant companies, the fines would double if left unpaid after 90 days.

The proposal would let companies figure out how to satisfy surveillance demands themselves. Smaller companies would be exempt from fines.

Some services, as The Washington Post points out, have never fallen under CALEA compliance, including social media networks like Facebook or chat features of online gaming sites.

Google GFormer officials told the newspaper that Google seriously mucked everything up for wiretapping when it initiated end-to-end encryption of Gmail back in 2010, after it and at least 20 other companies got hacked.

Other sites, including Twitter and Facebook, quickly jumped on the Secure Sockets Layer (SSL) encryption bandwagon, further gumming up the wiretapping works.

A former senior Justice Department official, Kenneth L. Wainstein, assistant attorney general for national security from 2006 to 2008, told The Washington Post that the proposal isn’t about seeking expanded surveillance.

Rather, he said it’s about making sure that officials’ existing authorities “can be applied across the full range of communications technologies.”

But is the US government really in the dark? Are its surveillance powers diminished greatly?

Privacy watchdogs say No, quite the contrary.

In fact, some privacy experts have dubbed this the golden age of surveillance.

The Center for Democracy and Technology in the fall published an excerpt from a paper by Peter Swire, the C. William O’Neill Professor of Law at the Moritz College of Law of the Ohio State University, and Kenesa Ahmad, Legal and Policy Associate with the Future of Privacy Forum.

In the excerpt, the O’Neill and Ahmad noted that while the internet and evolving IP-based communications do present obstacles to lawful interception of communications, law enforcement has “far greater capabilities than ever before” with regards to location information, information about suspects’ contacts and confederates, and “an array of new databases” that can be mined to help identify suspects and create “digital dossiers” on individuals.

Furthermore, some say that wiring in eavesdropping backdoors will leave servers vulnerable to getting hacked.

The Washington Post quoted Susan Landau, a former Sun Microsystems distinguished engineer, on the point:

"What you’ve done is created a way for someone to silently go in and activate a wiretap. [illicit surveillance was possible with traditional phone communications because of CALEA but the problem] becomes much worse when you move to an Internet or computer-based network."