The New York Times today posted an interesting article titled U.S. Wants to Make It Easier to Wiretap the Internet. The article discusses a bill the Obama administration plans to submit to Congress next year. Here’s a quote from that NY Times piece about the bill.
Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
We’ve actually got a rather dated law like this in place right now. Back in 1994 the federal government passed the Communications Assistance to Law Enforcement Act (CALEA). Under the law, telecommunications providers must have hardware and/or software installed that will allow law enforcement agencies real-time surveillance of any telephone or Internet traffic.
Originally, CALEA only applied to telephone networks, but in 2004 several federal organizations filed a joint petition with the FCC to expand the ability to monitor voice over IP and broadband Internet connections. Lawsuits challenging that the ruling was unconstitutional under the Fourth Amendment were filed by organizations like the Electronic Frontier Foundation and the American Council on Education.
There are several gaps in CALEA that the Times piece discusses including the use of offshore services and “freeware” applications created and maintained by volunteers. These are some of the holes the new law will try and address. The Times piece claims officials are coalescing around several of the new proposal’s likely requirements:
- Communications services that encrypt messages must have a way to unscramble them.
- Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
- Developers of software that enables peer-to-peer communication must redesign their service to allow interception.
My biggest concern is technology backfire - hackers taking advantage of wiretapping holes. I understand the need to monitor traffic in some cases but based on the way the Internet has been put together and works I don’t see how real-time surveillance can technically be accomplished without eventually exposing holes that could (and would) be exploited by hackers. Be sure to read the entire New York Times piece linked here.
Update 9/27/10 - I received the following message from Kyle at newsy.com
I just finished reading your take on how federal officials want to improve internet wiretapping in the very near future. I really enjoyed how you citied the New York Times as well as offered your own opinion on how this opens the door for a different kind of security risk: hacking. It's kind of interesting that by increasing monitoring of the internet, the government could also open doors as you say for hackers to exploit. In terms of security, that's a pretty big issue to deal with right there.
I think you would enjoy this video from newsy.com, it analyzes what the national media is saying about this possibility in a 2:30 video. The video actually references the same Times article that you talk about with mention to the three major requirements the bill will request.
Here's the newsy.com video: