Sides dig in as FBI warns of 'going dark' in online era

To the FBI, it would be substantively the same as what the agency has had the authority to do for generations with a court warrant: wiretap phones to listen in on possibly criminal communications. To privacy and civil liberties advocates, it amounts to another expansion of the FBI's already excessive authority to spy on innocent American citizens.

"It" is a proposed amendment to the 1994 Communications Assistance for Law Enforcement Act, that would require social-networking Web sites and providers of VoIP (such as Skype), instant messaging and e-mail to provide a so-called "backdoor" to give the FBI the same ability to tap into communications as they can with mobile or landline phone networks.

And the common targets of a lobbying war over the legislation are the various tech companies that would be affected, along with the tech industry in general. The FBI hasn't asked for the outright support of giants like Microsoft, Facebook, Yahoo and Google to offer outright support for the the law, but has quietly been asking them not to oppose it.

CNET's Declan McCullagh reported last week on the FBI's argument, that the massive shift of communications from the telephone system to the Internet "has made it far more difficult for the agency to wiretap Americans suspected of illegal activities."

The law has already been expanded once, in 2004, to include broadband networks, but still excludes Web companies. The FBI says its surveillance efforts are in danger of "going dark," if it is not allowed to monitor the way people communicate now.

As McCullagh put it, "From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. Rather, it's making sure that a wiretap is guaranteed to produce results."

Not surprisingly, a range of opponents from privacy advocates to legal experts disagree -- strongly.

The affects of the amendment could easily spill into the economic arena, says John Koetsier in VentureBeat, who begins a May 4 post with, "George Orwell was an optimist."

In "1984's" Oceania, the government could only monitor its citizens over TV screens. This, he notes, would allow surveillance through any kind of communication service. "I can't imagine a better way to kill U.S. competitiveness in the tech sector abroad," he writes. "What European, Asian, or South American will want to use a U.S. product such as Google+ or Facebook knowing that the U.S. government has easy access to whatever is said, shared, uploaded, or done there? This could accelerate massive migration away from predominantly American tools and networks."

But the major concern remains government invasion of citizen privacy. Jay Stanley, a senior policy analyst at the ACLU, writes: "If the government has a warrant and happens to have a means of eavesdropping, that is one thing. But to rearrange the world to guarantee eavesdropping is something else entirely."

Stanley also worries about government interference with popular methods of communicating online that may include encryption. "Should the FBI be able to dictate what kind of code runs on your computer? That crosses a line that we have never crossed before," he says.

Glenn Greenwald, writing at Salon, contends, "This isn't about expanding the scope of the government's legal surveillance powers -- numerous legislative changes since 2001 have already accomplished that quite nicely -- but is about ensuring the government's physical ability to intrude into all forms of Internet communication."

Greenwald accuses the Obama administration of rank hypocrisy. It condemned the governments of Saudi Arabia and the United Arab Emirates for banning BlackBerry smartphones, since they were unable to monitor communications on them, calling the actions "a dangerous precedent" and a threat to "democracy, human rights and freedom of information."

"Yet six weeks later, the very same Obama administration embraced exactly the same rationale -- that it is intolerable for any human interaction to take place beyond the prying eyes and ears of the government," Greenwald writes.

ACLU attorney Mark Rumold says the FBI hasn't yet even made the case that it will "go dark" if it doesn't have backdoor access to Web communications. "In 2010, we filed a lawsuit against the FBI and Department of Justice, and part of that was asking them about their difficulties in interception communications," he says. "So far, they have not produced much. When their premise is that they're having difficulties but won't disclose them, that doesn't do much for their case."

Rumold and others say there is a difference between wiretapping phones and demanding a backdoor to Internet services. "A backdoor doesn't just make it accessible to the FBI -- it makes it vulnerable to others," he says.

Marc Zwillinger, founder and owner of the law firm ZwillGen, says that all Internet communication "has to go through pipes," so the answer is not to put the burden on developers, but to conduct surveillance "at the edge," of the end users, including putting a key logger on a suspect's computer, if they think he or she may be using encryption.

"[But] intercept authority isn't everything," Zwillinger says. "In many instances [online], you're leaving stored communication, unlike a phone conversation, where unless one hears or records the person speaking, there is no record of the communication."

Read more about investigations/forensics in CSOonline's Investigations/Forensics section.

BlackBerry Hints at Complete End Point Security

READ THIS ARTICLE
DO NOT SHOW THIS BOX AGAIN [ x ]
Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Cloud Trust Authority

Reduce complexity and increase trust for public cloud service providers and their customers.

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.