

Obama May Back FBI Plan to Expand Wiretap Laws - sehugg
http://www.nytimes.com/2013/05/08/us/politics/obama-may-back-fbi-plan-to-wiretap-web-users.html?pagewanted=all

======
moxie
In the 2010 "aurora" attacks, it was Google's "lawful intercept" systems that
were targeted by the attackers. Microsoft just recently revealed that it was
the same in their case
([http://www.cio.com/article/732122/_Aurora_Cyber_Attackers_We...](http://www.cio.com/article/732122/_Aurora_Cyber_Attackers_Were_Really_Running_Counter_Intelligence)).

The original CALEA has had serious ramifications for security world-wide:
telecommunications equipment manufactured for compliance with the US market
gets shipped everywhere, enabling smooth surveillance for countries like Iran
and Egypt. It also becomes a major vulnerability vector, the most public case
being the Greek wiretapping affair
([https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2...](https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005)).

It's interesting that the government is floating this with a straight face at
the same time that they're seriously debating a nominal "cyber security" bill.

~~~
daniel-cussen
Hacking is commutative. If I hack you and you've hacked John Doe, I've hacked
John Doe as well with no additional effort.

I can see the US government backing strong privacy laws and desisting from
wiretapping in the future (not without trumpeting how noble it is for them to
do so) if only to stop foreign hackers from easily spying on Americans.

------
Spooky23
Obama is such a disappointment. At least Bush/Cheney punched you in the face
and took your rights. This guy gives you some flowery speech and stabs you in
the back.

How are you going to regulate IM wiretapping? I wrote a simple IM app as a
sophomore in 1997. Will that be a criminal act?

~~~
glurgh
So one administration came into power with surpluses at hand, cut taxes,
increased entitlements, launched a couple of wars, established some rather
questionable detention and surveillance programs, damaged relations with a
number of allies and on and on.

The other one, well, whatever their deficiencies, not most of those things.

This is the sort of silliness ('they're all exactly the same!') that, with the
help of the Naderites actually helped put a Bush administration in power.

~~~
alan_cx
So, essentially Bush did all the hard work paving the way for Obama.

From what I can see, Obama has not given Americans back one single freedom
that Bush removed, in fact he has expanded and built on them.

Or, just imagine if that Bush monkey had been able to do the Hollywood USA,
USA, USA murder of Bin Laden, sitting there sniggering (Insert Jon Stewart
impression) like a nut job while the operation was executed, like Obama petty
much did. (Lets be honest, Obama could hardly contain himself.) The left and
rest of the planet would have gone mental.

Don't get me wrong, I do exaggerate to show the point, but we in the UK
experienced something like this and you could see it coming a mile off. When
Blair (remember the British gimp Bush had in tow?) came to power it was after
Thatcher and the limp replacement, John Major (forgotten him? Most have).
People were over the moon and expected much. With in 3 days it was pretty
clear that we had just replaced one terrible regime with one while was moulded
in its image, and just build on the questionable things the previous
government did, and reversed nothing what so ever.

This pretty much destroyed my engagement with politics and I saw the exact
same tragedy unfold with Obama. Its a real shame, and damning indictment of
western politics. Frankly the whole thing is a sad tragedy.

~~~
glurgh
_This pretty much destroyed my engagement with politics_

That's certainly your privilege and right but surely you have to recognize it
automatically makes any discussion of politics with you impossible or at
least, deeply unproductive.

And my point is, very specifically, not that 'if you have misgivings about one
side or administration, you ought to have none about another'. It's just that
lumping them all together as equivalent seems so utterly naive and simplistic
and wrong that why even bother discussing politics with anyone? - it's a
decidedly unfalsifiable position to begin with.

~~~
aethertap
There are certainly clear differences between parties, otherwise people
wouldn't be fighting each other over who gets elected. I like to think of it
via a mental picture though - the American political system is like a line: on
one end, you have the republicans, and on the other you have the democrats.
Moderates and independents generally fall somewhere on the line between the
two extremes. The issue is that the line they all lie upon is actually just a
one-dimensional slice of a higher dimensional space (like a plane, to make it
simple). My political beliefs lie on that plane, basically equidistant from
both of the potential parties. It is therefore basically impossible to get
meaningfully closer to what I would like to see by supporting either party, so
in that sense "there is no difference between them."

I actually feel empowered by thinking that way though, because it eliminates
distractions (politics) in favor of actual meaningful actions I can take in my
own community (building things, helping people, etc.). If politics is removed
as a tool, then problems no longer look political and you can do something
about them that is ultimately much more effective than voting (in my opinion).

~~~
bmelton
"otherwise people wouldn't be fighting each other over who gets elected"

Perhaps you're not familiar with the way campaign funding works. In short, the
parties band together to increase funding that, while really only good for
making it easier to get elected, and is therefore somewhat self-perpetuating
(e.g., I need money to win, to get more money, to win, etc.) - it is still
money, and people covet it.

~~~
aethertap
I am familiar with how that works, but that's not what I was talking about in
the above quote. Specifically, I had in mind relatives of mine who will get
into fisticuffs with each other over which politician is the best. They
clearly see important differences and feel strongly about it, and I was
attempting to acknowledge that those differences are important to many people.
For them, funding is utterly irrelevant except as a means to get their guy in
office.

------
HistoryInAction
We're tracking this and will be fighting it. Support groups like EFF and
Center for Democracy and Technology (CDT), the latter of which I consult for.

The gist is that the FBI push is a trial balloon—aka the changes proposed
aren't expected to be introduced as legislation for many months. That said, if
we push back hard through folks who agree with us in DC, like EFF and CDT, it
may prevent the bad CALEA changes from ever getting introduced in the first
place.

~~~
mtowle
I apologize for the cynicism, but can you point to an example wherein pushing
back accomplished more than mere delayment and/or change of form?

~~~
HistoryInAction
No, cynicism is warranted and expected.

There were the crypto fights of the '90s, where the government tried
classifying it as weaponry subject to export regulations, caused the open
sourcing of PGP rather than subject it to the regs. That's probably the best
example of an actual game-change that we drove through our pushback against
the national security apparatus.

It's taken 10 years, but we've been striking some solid blows against the
National Security Letter regime, with the ACLU and EFF working with folks like
Nicholas Merrill of Calyx. But that's just trying to claw back from a godawful
status quo post-PATRIOT Act.

SOPA isn't valid because we know that the MPAA/RIAA will keep trying to slip
their policies through; we haven't hit a major realignment point yet on IP
issues. But it opens up the possibility of a win, as long as our activist
groups don't oversimplify, as a solid minority of HN pointed out with the
recent CISPA debate.

But c'mon, we of all people know that rates of change are what matter, not the
current state of things. Groups like EFF and CDT act as a force. The force at
any given point can be and often is overmatched by content or national
security. It's one of the reasons why I'm arguing that we can't just ignore
the political world anymore. We need to more actively support these groups,
offline as well as online.

They are our best defenses to continue to be able to grow the pie, and yet the
old money of content or the government contract money of national security
continues to make more sustained, ongoing arguments in their favor to our
detriment.

~~~
mtowle
I appreciate the thoughtful response. You've clearly weighed these issues more
than a little, and you appear to have done so with an effort toward
intellectual self-honesty.

That said, I would submit to you that the above position suffers from the same
collection of blind spots which manifest in 99% of political positions
(hopes?) of the e^x variety.

Chief among them is the habit of obfuscation, not just to others but perhaps
to yourself, via lofty rhetoric. It's true, such rhetoric is far from unusual
in the political sphere-- and far be it from me to argue against the general
use of hyperbole-- but when its usage and another thing's absence occur
together so frequently, one can possibly infer it's being used to distract
from that other thing's absence.

I hope this doesn't sound confrontational or condescending; I suffered from
this exact same intellectual disease for years before giving up politics
entirely in 2011. Do I still have the same beliefs? Yes. Do I pursue political
action/conversation? No, hardly ever.

The disease is the notion that politics in the agora can build into a movement
capable of effecting highest-level institutional change, and the disease's
symptoms are "fights," "game-change," "drove," "pushback," "striking," "solid
blows," "claw back," "a win," "a force," "the force," "overmatched," "best
defenses," etc.

The difference between politics and any other domain that uses this language
is that in politics, The Good Fight is never over. It sucks you in, and you
die trying, no matter what you're trying for. The only movements ever to
effect high-level institutional change did not start in the agora, they were
born into people. Be it for women or for blacks or for union workers (not
literally, but they think of themselves that way, which, here, is the point),
the only movements ever to effect high-level change had in their back pocket
millions of supporters they didn't even need to persuade. Persuasion. Doesn't.
Work. Even when it's successful, it doesn't work. Biggest agora political
movement of all time were the anti-war protests of Vietnam and Iraq; neither
accomplished a single thing.

But they sure thought they were accomplishing something at the time. Ballots
and marches and protests and sign-waving and signature collecting and, yes,
donation collecting. Fighting the fight, striking some solid blows here and
there, what have you.

The thing they hid from themselves via their rhetoric, same as you, was that
nobody knew how to end the fight. Nobody knew what it would take. (If you
don't believe me, Roe v. Wade was 40 years ago. Let that sink in.) So they
fought the way the system told them to fight the system: by attacking the
system at its point of greatest strength: the public narrative. I can't
believe the system would just lie like that, can you?

If there is a way to end this, it's via technology. They can't ticket you for
jaywalking if you can fly. Next meeting, tell the CDT to take however many
thousands they spend on lobbying or "awareness" (whatever that means) and
start funding bittorrent-, darknet/meshnet-, etc.-based projects and startups.
I don't know how many CS profs are interested in that kind of research, but I
know how many are getting corporate funding for it.

------
shmerl
_> since 2010 has pushed for a legal mandate requiring companies like Facebook
and Google to build into their instant-messaging and other such systems a
capacity to comply with wiretap orders._

Their IM services aren't encrypted by default, at least with their default
clients. Therefore nothing stops law enforcement from requesting the data with
the court order. And presumably they already collect _literally_ all open
communication anyway.

However anyone can of course use OTR, ZRTP and etc. with normal standalone
clients through these same services. So they now want to request building
backdoors into those protocols? Or they want to make encryption illegal? Or
what is this really about?

~~~
mpyne
According to the article, _at this point_ they've given up on the idea of
disabling end-to-end encryption or holding keys in escrow, due to the concern
that hackers could use the same backdoors.

From what I can tell, the proposal is that a judge would be order to order a
technically-feasible wiretap, and be able to fine the company for not
complying.

The problem is that "technically feasible" would be up to the judge, so the
company would need to be able to explain via their lawyers why a given wiretap
could not actually be implemented.

------
malandrew
The irony of this is that it will most certainly have opposite affect as the
FBI wants. Means to secure communications end-to-end will just be built into
browsers and other clients that much faster.

Eventually more and more companies will be severely limited in what
information they can even with respect to information between any two end
users. Most information will end up being limited to information the user
chooses to share with the company hosting the service, such as preferences,
publicly published information and queries to the service.

Right now encryption typically requires a user to seek out special software
with encryption features, but my bet is that encryption will move down the
stack to the operating system and browser in a way that not only encrypts
private information on the device, but that guarantees encryption end-to-end
between users over any service. Full disk encryption is already becoming more
common. HTTPS and SSL are becoming the norm.

I'm looking forward to what fruit future research in homomorphic encryption
bears.

~~~
bad_user
Unless encryption itself becomes illegal.

------
jacoblyles
Meanwhile, it's likely that the US government records every domestic phone
call:

[http://www.guardian.co.uk/commentisfree/2013/may/04/telephon...](http://www.guardian.co.uk/commentisfree/2013/may/04/telephone-
calls-recorded-fbi-boston)

~~~
HistoryInAction
Yep. Again under the CALEA law. What's going on here is that the FBI wants to
expand CALEA to the online world, for both VoIP and IM.

We can talk about this at the next PolitiHacks meetup if you want.

------
mparr4
The amount of the fine is interesting: "starting at $25,000 a day".

Despite official's assurances at a number of points that this new policy
wouldn't target smaller startups--and the article implying that this policy
would mostly impact "companies like Facebook and Google"--it's hard to imagine
$25,000 even registering with a Facebook or a Google.

Perhaps the small start-up need not worry about this new policy change, but it
sounds like the medium start-up might.

Fines "starting" at $25,000/day. Where do they go from there?

~~~
frogpelt
That's about $10 Million a year. And, like you said, that's where it starts.

Look at the fines that they are imposing on companies that don't comply with
Affordable Care Act. Some will incur fines upwards of a $1 Million/day.

I think even Facebook and Google would feel $365 Million a year in fines.

~~~
mparr4
I do see a fundamental difference between the two regulations, at least on a
moral basis.

One compels you to provide health insurance to your employees, the other
requires you participate in a wiretapping program in the name of "national
security".

Not to say anything about the outrageous cost of healthcare in this country...

------
RKearney
I can't wait for end-to-end encryption to become more mainstream.

What would happen if Apple or Samsung started selling cell phones that
encrypted voice communications end-to-end and prevented any kind of
intercepting? Would the government just ban them?

~~~
moxie
We're working on open source mobile end-to-end encryption at Open Whisper
Systems: <http://www.whispersystems.org>

We'd love it if more interested folks got involved.

~~~
mheathr
I am very impressed by this. Are their plans to integrate the software
elsewhere such that it is available ubiquitously in every environment instead
of just Android?

~~~
moxie
iOS development is in the works.

------
jkn
Most contributors here seem to wish for widespread end-to-end encryption, to
make wiretaps a thing of the past. I'm a bit surprised at this apparent
consensus... What is the estimated number of people who have been
significantly wronged by abusive wiretapping, and how does it compare to the
number of criminals arrested and crimes averted by wiretapping? I'm asking
this in the context of Western democracies. I understand that the situation is
different in authoritarian countries.

I have my doubts on the wisdom of this specific plan from the FBI, but
security implications seem only a peripheral concern for the majority of
people complaining. It rather seems that people don't want to compromise on
privacy and I don't get it. Generally speaking, don't we want wiretaps to be
possible?

~~~
Zigurd
> Generally speaking, don't we want wiretaps to be possible?

I'm not sure about that. Wiretaps don't play much of a role in prosecuting
violent crimes. White collar crime can be revealed through requiring
regulatory disclosure. What's left?

~~~
jkn
All kinds of organized crime I expect...

~~~
Zigurd
Terrorism and organized crime are high-value targets. Wiretapping, in those
cases, can literally mean placing a bug and audio or radio bug, or placing a
physical tap on a landline. If you plan to spend millions on the prosecution,
you can spend a few tens of thousands on bugs.

------
venomsnake
"The more you tighten your grip, Tarkin, the more star systems will slip
through your fingers."

Same is with communications. We will have easier time in the short run, but a
few years down the road we will face MSRB terrorists and criminals - that have
learned to be ghosts due to the selection pressure. We don't want them to
become smart and imaginative.

------
cpursley
Of course he will. Bureaucrats only have one objective: Increase their
political influence/power. Anyone who goes to the polls thinking otherwise is
naive.

------
LekkoscPiwa
<sarcasm><cynism>Yeah, he can do it. And if you don't like it then you are
obviously a racist.</cynism></sarcasm>

