
U.S. Is Working to Ease Wiretaps on the Internet - aheilbut
http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1&emc=na&pagewanted=all
======
rsingel
There's no need to feel bad for the DoJ. They rarely encounter encryption and
when they do they get around it. For instance in 2009, there were more than
2,300 criminal wiretaps that caught the communications of more than 230,000
people. The cops encountered encryption once, and still got the plaintext.
<http://www.wired.com/threatlevel/2010/04/wiretapping/>

Moreover, we've been down this road before with the Clinton/Gore push for
encryption backdoors -- the so-called Clipper chip. Congress asked the
National Research Council to look into it and what did they come up with?

"It is true that the spread of encryption technologies will add to the burden
of those in government who are charged with carrying out certain law
enforcement and intelligence activities. But the many benefits to society of
widespread commercial and private use of cryptography outweigh the
disadvantages."

<http://epic.org/crypto/reports/nrc_release.html>

Simply put, this is an egregious power grab that's unnecessary. It's a
technical mandate that limits secure communications and outlaws technology
like PGP and OTR and possibly TOR.

Online encrypted e-mail services are already push-overs. Hushmail will rat it
out its clients with a court order.
<http://www.wired.com/threatlevel/2007/11/encrypted-e-mai/>

And if that doesn't work the FBI can always deploy its zero-day browser bug
that installs spyware -- CIPAV. <http://www.wired.com/threatlevel/2007/07/fbi-
spyware-how/>

Don't feel for the feds, fight them.

~~~
neilc
The FBI have a legitimate cause for concern: if strong cryptography ever
becomes foolproof and widespread, it will make intercepting communications
much, much harder -- and there are legitimate reasons for why the FBI would
want to intercept communications.

Obviously, the proposed legislation is pretty crazy, but I have at least a
little sympathy for the FBI here.

~~~
CWuestefeld
This didn't deserve a downvote, because it's obviously exemplary of the very
sentiment that's driving the thing.

However, that sentiment is assinine. The business of this nation isn't to make
the interception of communications easier, it's to facilitate _our_ affairs.
The article says

 _But law enforcement officials contend that imposing such a mandate is
reasonable and necessary to prevent the erosion of their investigative
powers._

As if the powers of law enforcement are the overriding concern, rather than
the freedom of the people.

~~~
neilc
I don't think my sentiments are "assinine", thank you :)

The FBI has legitimate reasons to want to intercept communications, e.g., to
try to prevent organized crime and domestic terrorism. While most people would
probably support the FBI's interest in doing that, they would also agree that
infringing on privacy is bad. So we have a complicated tradeoff, and a system
of checks and balances -- and that system might potentially be greatly
effected by widespread crypto.

The idea that only privacy rights have any value is just naive IMHO, and it is
unsurprising that most people don't believe that.

~~~
CWuestefeld
Our security is important, but nothing is _more_ important than our freedom.
Thus, the powers of law enforcement must exist in the spaces between our
freedoms, and not encroach, forcing us to alter our behavior for their
convenience.

Surely it would be more convenient to law enforcement if they had DNA samples
and fingerprints from the entire population, but that's not going to happen.

In some ways, demanding the "right" to eavesdrop is even more pernicious,
because it's interfering with our freedom to speak and associate with those we
choose -- one of our most cherished freedoms.

And like at least one other commenter mentioned, the government has a clear
track record of abusing such powers. I'll add another to that list, their
abuse of the Echelon system.

 _One of Echelon's primary roles has been to gather industrial espionage from
European companies for US ones, say some intelligence experts. The French were
said to have lost a $6bn contract for Airbus with the Saudi government to
Boeing and McDonnell Douglas, thanks to Echelon intercepts of faxes and
telephone calls._

 _...The [British Parliament] report warned businesses and ordinary
individuals that they are being spied on and that users should encrypt their
e-mails. It said: "That a global system for intercepting communications exists
... is no longer in doubt. They do tap into private, civilian and corporate
communications."_

[http://www.independent.co.uk/news/world/europe/secrecy-
spy-s...](http://www.independent.co.uk/news/world/europe/secrecy-spy-
satellites-and-a-conspiracy-of-silence-the-disturbing-truth-about-
echelon-686389.html)

------
jakevoytko
The authors of this bill fundamentally misunderstand how the Internet works.

They believe that all useful Internet communication is centralized: for two
parties to communicate, a third party (GMail, AIM, Facebook, HN, Twitter, etc)
must relay the messages. But this isn't even true for email! Most companies
run their own local servers. There is no central broker to tap - it's just P2P
communications. Hell, if you and I open our college number theory books,
implement RSA, and share port numbers and IP addresses, the law hasn't
considered us. But we don't need to do that - there are plenty of expert-
reviewed P2P technologies that allow for secure communication. It gets worse:
I could use a VPN, and pipe my results through TOR, and use secure proxies.
People just use centralized services because they're nice.

In this case, the government is asking citizens to sacrifice their liberty
(and companies to sacrifice their valuable time) for something that can only
be ensured by direct access to a suspect's computer, without providing any
solid evidence that our safety has been threatened. FUD at its finest.

~~~
CWuestefeld
_There is no central broker to tap - it's just P2P communications_

According to the article, the proposed regulations would cover that:

 _Developers of software that enables peer-to-peer communication must redesign
their service to allow interception._

Of course, that doesn't mean they'd have a prayer of enforcing it, but I don't
like the idea of being forced into what would be illegal activity to preserve
my own privacy.

It seems to me that this provision would be hard to make stick, what with the
Clinton-era precedents that encryption code is protected under the 1st
Amendment. It's probably time to pull out my old "This T-shirt is a munition"
shirt [1]

[1] <http://www.cypherspace.org/adam/shirt/>

~~~
gmlk
How does that cover in anyway the case where I run my own SMTP/IMAP server for
me and my minions, and we are encrypting all email with GNU Privacy Guard
using the GPGMail plugin to Apple's Mail.app?

~~~
CWuestefeld
As I read the article (without having seen the actual proposal, and probably
not able to understand the legal-ese if I had), you just would not be allowed
to do that. You'd have to use some alternative to GPG, that has a law
enforcement back door.

------
frisco
This is nonsense. It's technologically impossible to enforce this. Global VPN
providers will always provide a link out of the US, and peer-to-peer
communications will _always_ be secure, no matter what the government wants.
If they push this, it could become a big PR problem for them when it becomes
apparent they can't possibly enforce it.

Be a good citizen and get wiretapped. Be a criminal and stay secure. It's like
the DRM paradox, and just as resistant to litigation, criminal or otherwise.

Edit: I'm not saying that _all_ p2p is secure, only that it will _always_ be
possible to have secure p2p. There are totally-overkill-for-even-normally-
outrageous-circumstances encryption schemes that would be even resistant to a
quantum computer. By altering the frames it's possible to make your secret
traffic look like something totally different to get around filtering.
Whatever filters or taps are dreamt up, new schemes will arise to circumvent
them.

------
w1ntermute
Out of curiosity, do the people writing bills ever bother to consult experts
in the fields that a bill pertains to? I don't have the expertise to tell if
it's the case for most fields other than technology, but if the bill-writing
process is anything similar, are bills on things like health care, the
economy, and the wars in Iraq and Afghanistan also based on a complete lack of
understanding of the facts?

~~~
pak
You could also ask the question if the people voting on the bills actually
read them. The answer is, generally no. Also, the congresspeople who propose
bills sometimes don't even read their own material, because they assume their
staff (who actually wrote it) got everything correct. Strange but true.

------
bincat
Plain-text requirement is almost offensive.

However, I've been toying around with the idea to link bunch of dedicated
servers with OpenVPN tunnels and let users connect to them via OpenVPN server
(tls) also.

The idea is to form a closed or separate network with services and have it be
privacy friendly network.

The main point I am trying to make is that we the people should be able to,
and be allowed to run and manage our own network that isn't wiretapped
constantly by for-profit intel contractors.

~~~
jeromec
A couple quotes from Thomas Jefferson:

 _When the people fear their government, there is tyranny; when the government
fears the people, there is liberty._

 _I would rather be exposed to the inconveniences attending too much liberty
than to those attending too small a degree of it._

<http://jpetrie.myweb.uga.edu/TJ.html> for more

------
quellhorst
So if they have had problems with interception of terrorist transmissions,
where are the new Sept 11th attacks? Fear mongering to give up another inch of
your freedom.

~~~
jeromec
Agreed. Their argument is they are trying to better protect us:

 _But law enforcement officials contend that imposing such a mandate is
reasonable and necessary to prevent the erosion of their investigative powers.
... "We’re not talking expanding authority. We’re talking about preserving our
ability to execute our existing authority in order to protect the public
safety and national security."_

But our intelligence services _had_ all the data necessary to discover the
"Christmas day bomber" but failed to connect the dots.

------
stuaxo
I read this title as them wanting less wiretaps.. doh !

~~~
Estragon
I did too, initially, but I immediately realized that didn't make sense,
because it's about the US government.

------
forgottenpaswrd
Court order, that is the question, what they want is to be able to tap anyone,
always, "just in case you are a terrorist".Read: control your political
adversaries and get more power.

I'm for it if and only if there is a court order(You know they are listening
you).It must be balanced.

I'm working on voice recognition software, in a few years the any government
will have the option to transcribe ALL the skype messages in a very very cheap
way and store them. This way you can search for patterns...and improve your
industrial spying too. If they have the power to do so, they will do so.

------
eru
I hope the rest of the world won't import that US madness.

~~~
yummyfajitas
I hope the US doesn't import the madness that already afflicts many parts of
the world.

<http://rechten.uvt.nl/koops/cryptolaw/cls2.htm>

~~~
eru
Indeed. Keep everyone's madnesses at home (or even ban them from there, too).

------
awakeasleep
Reminds me of the good ol' Indiana Pi Bill

<http://en.wikipedia.org/wiki/Indiana_Pi_Bill>

------
gmlk
I'm guessing that RFC4880 isn't being used nearly enough?

~~~
ahi
openpgp for those too lazy to google.

------
tomjen3
Since they new about the September 11 stuff before it happend _, but still did
not prevent it, they should not be awarded more money, toys or power but
rather punished for their failure.

_ Google for "bin laden determined to strike in US"

------
ars
The FBI has a tough problem on their hands. Probably even an impossible one.

They seem to be trying to strike a good balance here, but especially the
encryption part is likely to rile people up. And in some cases it's totally
impossible.

I actually feel kinda bad for them.

~~~
joe_the_user
They are seeking the ability to tap anything they want, any time they want.

That is a balance between what and what?

~~~
ars
Um, court order?

You really think a world with no law enforcement is a better one?

Before you misunderstand me, there is no way they will get what they want, but
I can still understand their problem.

~~~
jeromec
Of course law enforcement is necessary. But you've jumped and equated
resisting unfettered wiretaps to a world with no law enforcement. That's the
same kind of broad stroke generalization that gets our rights trampled, like
they were in the illegal wiretapping of Internet traffic at Folsom St., San
Francisco:

 _Mark Klein, a retired AT &T communications technician, submitted an
affidavit in support of the EFF's lawsuit this week. That class action
lawsuit, filed in federal court in San Francisco last January, alleges that
AT&T violated federal and state laws by surreptitiously allowing the
government to monitor phone and internet communications of AT&T customers
without warrants._

<http://www.wired.com/science/discoveries/news/2006/04/70619>

~~~
ars
Say what? I did no such thing.

I am talking only about the ability of the FBI to conduct court ordered
wiretaps.

Right now companies can create internet based products without even thinking
about the idea of wiretaps. Making a policy that companies should create
procedures for dealing with ordered wiretaps from the beginning sounds like a
good idea to me. (The encryption part doesn't though.)

Did you even read the article?

~~~
jeromec
Your replied to "They are seeking the ability to tap anything they want, any
time they want" which is unfettered wiretapping with "You really think a world
with no law enforcement is a better one?"

 _I am talking only about the ability of the FBI to conduct court ordered
wiretaps._

Yes, _you_ are only talking about court ordered wiretaps, but I'm wary about
_actual implementation_ of wiretaps, and for good reason, as I posted about
factual historic illegal wiretapping as recently as 2002.

Yes, I certainly did read the article. I take an interest in matters of
politics, government vigilance, and rights infringements I wish more Americans
would. Don't get me wrong. I'm all for legal law enforcement, and aiding those
tasked with doing their job while not trampling civil rights and liberties. I
happen to think there are wise and unwise ways to go about it. For example,
suspending habeas corpus, the right to due process, as George Bush did by
citing national security, and which was reversed by the Supreme Court as
unconstitutional, I think is unwise. I also don't think terrorists will stop
and think, oh well, they've got their country wiretapped, so there is no way
to carry out attacks now...

