LawMeme briefly summarizes and collects a number of articles on several law enforcement agencies' (FBI, DOJ and DEA) recent petition to the FCC to expand government wiretap capability (FBI seek to expand the system-formerly-known-as-Carnivore).
C|Net News reports that the petition "aims to give police ready access to any form of Internet-based communications" (FBI adds to wiretap wish list):
Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply.
That's just wonderful. And I suppose only the US government will have access to these backdoors?
The Washington Post (reg. req.) talks to one of the leading experts on wiretapping, CDT's James X. Dempsey (Easier Internet Wiretaps Sought):
But privacy and technology experts said the proposal is overly broad and raises serious privacy and business concerns. James X. Dempsey, executive director of the Center for Democracy & Technology, a public interest group, said the FBI is attempting to dictate how the Internet should be engineered to permit whatever level of surveillance law enforcement deems necessary.
"The breadth of what they are asking for is a little breathtaking," Dempsey said. "The question is, how deeply should the government be able to control the design of the Internet? . . . If you want to bring the economy to a halt, put the FBI in charge of deploying new Internet and communications services."
Dempsey is right. The amount of intervention in technology development necessary for the FBI and DOJ to accomplish what they want with regard to wiretapping is enormous. The costs will be both direct (money out of consumer's pockets) and indirect (loss of innovation). However, that is only half the picture. Unfortunately for the FBI, the costs to defeat the wiretapping are relatively small and will continue to decrease. We have here an asymmetric situation that will only grow more asymmetric as time goes on.
The problem is with the underlying architecture of the internet. Advances in technology along with the end-to-end/layers principle mean that it will always be cheaper to add encryption to the edges of the network than to increase the amount of surveillance at the center of the network. How much does it cost to write an encrypted VoIP app? Not much. How much does it cost to build the surveillance mechanism and conduct the surveillance across all possible ISPs? A heck of a lot more.
Ok. Now that the first encrypted VoIP app is compromised ... how much will it cost to build another encrypted layer on top of the first one? How much will it cost to conduct surveillance on this new layer? Hmmmm, if this progression continues, as we add additional layers of encryption and surveillance, the costs will increasingly diverge. Not a game you can win ultimately. In fact, it doesn't make much sense to even start. The FBI should be happy with what they've got.
Nor should we forget how darn cheap computing is getting. I wish my first computer had the power of a Treo 600. How hard is it to write voice encryption software for Treos and all the follow-on smart phones? How hard will be to add additional layers to the communications stack especially given all the various options for communication being made available through ubiquitous grid-network wireless?
If I were the FBI, I wouldn't waste my time on a battle I ultimately couldn't win and instead would concentrate my efforts on the place where I could still achieve my goals - the ends. You want to know what someone is up to online? I would recommend, for example, key loggers, "real" spyware, and social engineering. It ain't gonna be easy, but you have a chance of winning in the long term. The sooner you quit a race you can't win, the faster you can enter a race where you have a chance.
Bonus FBI Inanity: Sunday, March 14th was the 54th birthday of the FBI's "Top Ten Most Wanted Fugitive List." What better way to celebrate than with a humorous quiz? For example,
5. What Bible-carrying female impersonator was captured in 1964 while working as "Bobo the Clown" with a traveling carnival?
ANSWER: Leslie Douglas Ashley. And for extra credit, Isaie Aldy Beausoleil [apparently another man] was arrested in 1953 dressed as a woman...acting v-e-r-y suspiciously in a Chicago ladies' restroom.
7. Who was arrested in Japan, extradited to the U.S., and in Honolulu presented FBI Agents--in all seriousness--with [sic] a Monopoly "Get Out of Jail Free" card?
ANSWER: James Robert Ringrose, arrested in 1967.
And this one is really a laugh riot, har-d-har-har:
4. What Top Ten terrorist who was apprehended in 1995 said at his trial in New York City, "I am a terrorist, and I am proud of it"?
ANSWER: Ramzi Ahmed Yousef, who masterminded the 1993 World Trade Center bombing in New York and planned the bombing of an American airplane in the Far East, an act that was prevented. Judge Kevin Thomas Duffy of Manhattan's Federal District Court called him "an apostle of evil [who] wanted to kill for the thrill of killing human beings."
Bonus FBI Inanity 2: A Strengthened Partnership to Protect Children: Name that Sexual Predator! - That's the real name for the page - no foolin'. Frankly, I am somewhat disturbed when law enforcement agencies turn child abuse into a game.
UPDATE
Brother Dana has some observations here: Following The Chinese Way
Famed computer science professor Ed Felten runs the Freedom to Tinker blog, where his discussions of cryptography, security, copyright and freedom and technology generally are deservedly popular. Popularity comes with a price, however. In this case, the cost is the expense of bandwidth. In order to offset some of his costs Felten decided to try Google AdSense (ADS). The system puts AdWords on the bottom of the individual entry pages for Freedom to Tinker. The ads are supposed to be "relevant to what your readers see on your pages."
Interestingly, the ads on Felten's site are almost all for copyright/patent enforcement and digital rights management - topics upon which Felten has strong opinions, most of which would not be viewed favorably by the advertisers. I'm not sure which is more ironic - Felten advertising DRM systems - or DRM companies funding Felten through advertisements.
Be sure to read the comments on Felten's site.
The Detroit News has a story on special infrared transmitters that can can broadcast a signal to receivers on traffic lights, turning the light from red to green (Gadget may wreak traffic havoc). The purpose of the devices is to ease the way for emergency vehicles. However, now civilian knock offs are being sold, allowing the average citizen to clear their own traffic path. The traffic headaches this can cause will be enormous, not to mention the problems it will cause for emergency vehicles. The consumer devices themselves are probably legal to sell currently.
Educated Guesswork notes how easily this could have been prevented with some simple cryptography (Remote traffic light control).
Ed Felten notes how poor engineering practices might result in poor law: banning transmitters and thus creating a black market (Remote Controls for Traffic Lights).
Tim Oren has an interesting post on his Due Diligence blog concerning the intersection of security and business concerns in the design of systems (What's Your Threat Business Model?). He uses SSL as an example of how business models and security models can interact in odd ways.
According to C|Net News' Declan McCullagh, the famous cryptography export case Bernstein v. US DOJ has been dismissed due to statements by the DOJ that they promise not to enforce the law against cryptographic researchers (Cold War encryption laws stand, but not as firmly). Bernstein's case involved the desire of a cryptography researcher to distribute encryption software, which is/was strictly controlled by export regulations. The case has gone through many permutations and procedural twists. It has certainly resulted in changes to government regulations such that encryption software is much less tightly controlled than it once was. More importantly, the case has been one of the main sources for several once novel legal arguments, particularly those establishing that computer code is speech protected by the First Amendment.
See also EFF's archive on the case ("Legal Cases - Crypto - Bernstein v. US Dept. of Justice (formerly Bernstein v. Dept. of State)" Archive).
