
FBI pushing for surveillance backdoors on websites - quadrahelix
http://news.cnet.com/8301-1009_3-57428067-83/fbi-we-need-wiretap-ready-web-sites-now/
======
DanielBMarkham
Some days I wish I could purchase a huge lighted sign, kilometers in length,
and place it on the moon.

It'd say "The internet is not broken" I think I'd make it flash.

That's it. It's not perfect, security is a real threat and hassle to those on
it, but it's not broken. It does not need fixing by the government.

I am very sorry that the FBI is unable to track communications on the net.
Really I am. But this is no different than the problem they had before
telephones were invented. In fact, throughout much of our nation's history,
law enforcement had no idea what kind of communications criminals had. The
universe did not explode. Somehow life went on.

I read last week that although most recent college grads are having problems
finding work, there are exceptions. One of those are, sad to say, legal
professionals seeking government work. The federal government is snatching up
young lawyers and even paying off all their college bills in addition to their
salary. In return we're creating an army of legal attack dogs in each agency
looking for new ways to "fix" things for their paymasters.

Once again, it's not perfect. But it does not need fixing. What we're seeing
now isn't the end of some long civil discussion about what rights everybody
should have in a technological world. It's the beginning -- just the beginning
-- of a new world where a lot of things we took for granted just a decade ago
aren't going to be true any more.

~~~
crazygringo
> In fact, throughout much of our nation's history, law enforcement had no
> idea what kind of communications criminals had. The universe did not
> explode. Somehow life went on.

Not really. Crime rates have been going down. Murder rates have been going
down. People's lives have been saved, that wouldn't have "gone on" before.

This is due, in part, to better policing. To what extent this has do to with
wiretapping abilities can be debated/analyzed, but a "somehow life went on"
attitude is pretty much a blunt argument for "let's never change anything
then", and is therefore irrelevant to the discussion.

~~~
mapleoin
_This is due, in part, to better policing._

That's... debatable.

I think it's due to Disney movies.

~~~
crazygringo
Well I didn't say it's _entirely_ to better policing, hence the "in part".

For a citation, why not look at the last part of this article which was _very_
popular on HN a few months ago:

[http://www.newyorker.com/arts/critics/atlarge/2012/01/30/120...](http://www.newyorker.com/arts/critics/atlarge/2012/01/30/120130crat_atlarge_gopnik)

273 points: <http://news.ycombinator.com/item?id=3691372>

You're going to have a hard time debating that improved police techniques
haven't made a difference _at all_ , regardless of your personal opinion of
Disney movies.

~~~
kbolino
Crime rates could be going down because...

1\. The methodology of collecting and reporting crime statistics has changed;

2\. The use of said "improved police techniques" has discouraged people from
reporting crimes;

3\. The "justice" system has favored reducing its rate of Type I errors at the
expense of increasing its Type II errors;

4\. Enforcement of the laws is no longer consistent across and within
jurisdictions;

5\. There are more corrupt legal officials, and they are in better positions
than ever before;

6\. Social conditions and individual motivations have changed, and people are
less inclined to commit crimes.

I'm not saying any of these are true, but they are all equally plausible
explanations (as is any combination of them). You cannot establish a causal
relationship by correlation (and "common sense") alone; you must identify all
of the variables and control for them.

------
bgentry
_In meetings with industry representatives, the White House, and U.S.
senators, senior FBI officials argue the dramatic shift in communication from
the telephone system to the Internet has made it far more difficult for agents
to wiretap Americans suspected of illegal activities_

I call that progress.

~~~
dailyrorschach
I think there's plenty of abuse and they should be improved - but I don't
think its crazy that in time there would be a system where, with a warrant,
investigators could wiretap someone's online activities - provided they had
reasonable suspicion that they were conducting their illegal business over the
certain sites or one internet connection. I know this might sound like
cleaning the noose we're about to hang someone with, but there are legitimate
law enforcement needs, I often think the collective energy from the EFF and
others would be better spent not on opposing anything like this, but on
advocating and lobbying for strict judicial review and process.

For example if we suspected someone was using Craigslist and other internet
tools like Skype, to organize and coordinate a human trafficking ring, I would
want them to be able to collect evidence akin to a wiretap to investiate the
extent of the organization and bring prosecutions.

That after-all is the main thing, if the representatives of the people in
terms of law enforcement/districts attorneys/federal have a reasonable
suspicion that you're committing a crime, we should be allowed to investigate
- and for you to challenge any evidence gained in a court. Previous abuses of
power are of course troubling, the NSA phone tapping and others comes
immediately to mind, which is why I believe energy is best spent on ensuring
proper checks and balances and the rule of law - it requires constant work to
ensure we have adequate protections for citizens and an adequate ability to
prosecute suspected offenders.

Just a final point - I want to stress that I do believe the government has and
will continue to overstep its bounds with regard to law enforcement, this has
been true for time immemorial, and citizens will continue to fight back and
push for legal reforms - but simply throwing our hands up and ignoring real,
legitimate law enforcement needs seems silly too. Especially when agencies
like mine can right now hijack individual sessions of you on our website and
watch everything you do.

~~~
cgoddard
It's ridiculous to design a system for the purpose of spying on its users,
with users being aware of that. The only people that will be discussing
illegal activities using that medium then will be those so oblivious and dense
that they likely would have been caught any number of other ways without the
eavesdropping.

Savvy criminals will migrate to darknets and other methods of communication
that are more robust against eavesdropping.

Personally i think authorities should just give up on the idea of
eavesdropping. With proper encryption modern communications can perhaps be
intercepted, but never deciphered.

Honeypotting seem like a much better strategy for catching internet criminals.
Why would you ever shut down a child porn site or copyright infringement hub
when you can instead take over and catch gather loads of evidence for
prosecution?

~~~
abalashov
You are imagining sophisticated criminals from movies. Yes, genuinely
sophisticated criminal rings with ample resources do exist, but they are in
the tiny minority. I think you would be amazed at how low-tech, careless, and
quite frankly, stupid most criminals are. This is the common denominator they
are aiming at, as it offers the broadest and most dense prosecution yield.

~~~
tomp
> you would be amazed at how low-tech, careless, and quite frankly, stupid
> most criminals are

Then I'm sure there are other ways of catching them that don't threaten our
privacy and freedom.

------
wmeredith
"In meetings with industry representatives, the White House, and U.S.
senators, senior FBI officials argue the dramatic shift in communication from
the telephone system to the Internet has made it far more difficult for agents
to wiretap Americans suspected of illegal activities, CNET has learned."

That's a feature not a bug.

------
rdtsc
> If you create a service, product, or app that allows a user to communicate,
> you get the PRIVILEGE of adding that extra coding," a person who has
> reviewed the FBI's draft legislation told CNET.

Wait how is that a "privilege". Are they kidding? Is that supposed to be
funny? How is adding wiretapping features to invade my users' privacy a
privilege. It is like saying if you do something we don't like you get the
privilege to get punched in the face.

~~~
to3m
I assume it is dry humour.

But perhaps they meant, "reward". After all, it won't happen if you aren't
successful. It is like paying tax in that respect.

~~~
citricsquid
I assumed it's a patriotic thing, "you get to help protect Americans citizens"
type deal.

~~~
cantankerous
It'd definitely dry humor, as it was in the context of a conversation with an
industry rep who presumably wouldn't be interested in making more work for his
constituents.

------
abruzzi
This would seem to be an opportunity for CS people to do what the do best--
obfuscate through bad UI design. If they're legally obligated to provide an
interface, then why make it a good interface? I'm thinking that the FBI's
interface to the snooping back door should be through a pseudo-lisp
interpreter with vividly named functions:

(violateRights (shackle (humiliate userID)))

Or similar.

~~~
malandrew
Alternatively, there is no reason such a backdoor can't be programmed to
inform the user.

"Usage of this backdoor will inform the user that they are being surveilled"

I don't think you can execute a National Security Letter gag order against
source code.

~~~
corin_
Obviously the fact that it's in source code is irrelevant, otherwise every gag
order could be got round with a quick <p>here is the information</p> page
hosted on a webserver..

It's like saying you can shoot somebody because a gun can't be prosecuted for
murder.

~~~
malandrew
Yeah, but when someone gets shot with a gun you can't prosecute the
manufacturer, so long as they put warning labels on their guns and sell them
according to the laws regulating the sale of guns. The person responsible is
the person who pulled the trigger, which in this case would be the Feds.

The key is to make sure that they get access to the backdoor directly.

At the end of the day you can always code loopholes around the law, which will
work until they legislate the loopholes away with more legislation. Almost
every industry has been doing this since the beginning of government.

One of the best ways to code this into the system is to provide security
measures that allow you to prevent what machines can access your account and
notify you if machines not your own try to access your account.

"You recently tried to access your account from the IP address X.X.X.X located
in Quantico, Virginia. If this was not you, please report this to customer
service."

Customer service can then legitimately comply with the gag order by admitting
nothing and say they'll look into it.

~~~
corin_
> _Yeah, but when someone gets shot with a gun you can't prosecute the
> manufacturer_

Right, so you can't prosecute Google if I use gmail to send something that
violates a gag order. If Google violate a gag order through their source code
they are entirely liable for it.

~~~
malandrew
If Google gets served a gag order and violates that specific gag order served
because of a piece of code they wrote, then I could see that happening. If
they get served a gag order and then modify that code so that all future gag
orders are not possible then I don't see a crime being committed for which
they are liable.

Gag orders are circumstantial. Code that applies to general situations is not.
Backdoors (access) and confidentiality (disclosure) are concepts that are
mutually exclusive of one another.

------
nollidge
"To serve and protect." Is that even true anymore? Was it ever? Was just
reading about an apparent increase in cop-on-citizen sexual assault among
Occupy Wall Street protesters:

[http://www.nakedcapitalism.com/2012/05/david-graeber-new-
pol...](http://www.nakedcapitalism.com/2012/05/david-graeber-new-police-
strategy-in-new-york-sexual-assault-against-peaceful-protestors.html)

Why aren't our law enforcement professionals more accountable to _us_ , the
citizens they purportedly "serve"? The transaction ought to be that we, the
citizenry, grant them privileges - go through red lights, carry firearms,
right to detain people - _in return_ for restraint and considered application
of those privileges. I no longer believe in the integrity of that transaction.

Maybe I'm overreacting to propaganda. But what reassurance does our law
enforcement ever offer us that they are not abusing their privileges?

~~~
meej
"To protect and serve" is the motto of the LAPD. Otherwise, it's a TV trope
that arose out of the fact that most television in the US comes from southern
California; it has never been a generic police slogan.
[http://tvtropes.org/pmwiki/pmwiki.php/Main/StandardPoliceMot...](http://tvtropes.org/pmwiki/pmwiki.php/Main/StandardPoliceMotto)
<http://tvtropes.org/pmwiki/pmwiki.php/Main/SoCalization>

~~~
nollidge
Your own source says it "has been adopted by many other police departments
across the English-speaking world" and has "been adopted by so many police
departments, in fact, that it's practically a Stock Phrase in the English-
speaking world."

And even if that's not true (since I'd hardly call TVTropes an authoritative
source), I was using it rhetorically. I should think that regardless of its
origin, that motto closely represents the ideal that we want our police
agencies to uphold.

------
cnbeuiwx
Hmm. Isnt the world aware that these sites already provide the government with
all the info they could possibly want?

You cant get privacy if you use any american company. This should be well
known by now. Just for reference, here is a nice list of 800+ massive
companies who support CISPA:

[http://www.digitaltrends.com/web/cispa-supporters-
list-800-c...](http://www.digitaltrends.com/web/cispa-supporters-
list-800-companies-that-could-help-uncle-sam-snag-your-data/)

We are experiencing the last days of freedom on the Internet. Our generation
is the last one. Enjoy while it lasts.

~~~
zacharypinter
I share your concerns, though I don't necessarily agree that it's the last
days of freedom on the internet. With peer to peer and encryption any number
of secure platforms can and have been built that are impossible for third
parties to spy on. However, just because we can build these, doesn't mean
they'll get the critical mass required for use. People will still gravitate
towards the cool/popular/easy-to-use systems like Facebook, GTalk, Google
Hangouts, Skype, etc. Those systems will be increasingly subject to
eavesdropping and a general lack of privacy.

The irony is that even if this bill went through and got every major internet
company to provide backdoors for wiretapping, they'd only be catching the low
hanging fruit.

~~~
cnbeuiwx
I think you and me and other people into computers will always find ways to
avoid big brother. But if 99% of the population is being watched (since the
majority will gladly give up privacy for convenience), its not a very free
internet anymore.

Yes, government acts such as these would be ironic _IF_ they were about
fighting "terrorism" (lol). But thats just their excuse.

~~~
enqk
Which leads me to wonder, why do they need surveillance of the common man. The
government does not trust its citizen. Is it because it knows it has turned
its citizenry into something that can be manipulated?

~~~
cnbeuiwx
There are many theories. But lets look at what they are doing:

\- They dont care about their spending (US national debt is insane).

\- They dont put any money in improving the country (almost everything goes to
the war machine).

Only a country who knows none of this is going to matter in the future would
do this since its suicidal, obviously.

So why is it not going to matter? I dont think we want to know... but the
survellience is there for them to feel safe against us when it happens.

------
forgottenpaswrd
I do not use facebook, but...

...If they pass this law I am also quiting from gmail. We need a freedom box
that we control and is distributed, not centralized so automation of
surveillance is harder.

I know that there are bad guys out there, but not only in terrorist
organization, secret service use to have garbage people too (the people that
love power too much).

~~~
ajross
I don't think Google delivers over TLS (it doesn't to my server anyway), so in
general your mail is subject to wiretapping anyway. And even if it did there's
no way protocol I know (maybe DKIM has a section for destination
verification?) for them to know that they're really delivering it to the right
host.

Basically unencrypted email is a lost cause already. If you care about this
stuff you need to dump webmail right now and go with a client encryption
solution (and convince all your friends to use it).

~~~
sp332
Gmail is https by default.

~~~
ajross
That's between your browser and their server. I'm referring to the content of
the SMTP connection over which the mail travels, which remains almost always
unencrypted in the modern world. Which essentially means that the FBI doesn't
need Google's assistance to wiretap your email per se, they just use and
machine they probably have sitting on the backbone pipe anyway.

~~~
sp332
POP, IMAP, and SMTP access to Gmail servers all require TLS.
[https://support.google.com/mail/bin/answer.py?hl=en&answ...](https://support.google.com/mail/bin/answer.py?hl=en&answer=78799)
and
[https://support.google.com/mail/bin/answer.py?hl=en&answ...](https://support.google.com/mail/bin/answer.py?hl=en&answer=13287)

Edit: oh you mean from e.g. comcast.com server to mail.google.com server.
Never mind.

~~~
khuey
And again, that's between the client and the server. The path between Gmail's
mail server and the sender/recipient of the mail's server is not always
encrypted.

------
agwa
_In meetings with industry representatives, the White House, and U.S.
senators, senior FBI officials argue the dramatic shift in communication from
the telephone system to the Internet has made it far more difficult for agents
to wiretap Americans suspected of illegal activities_

It is not at all a given that this "going dark problem" actually exists. In
many ways, surveillance is easier than it has ever been. See
[https://www.cdt.org/blogs/2811going-dark-versus-golden-
age-s...](https://www.cdt.org/blogs/2811going-dark-versus-golden-age-
surveillance)

------
jcoder
> The requirements apply only if a threshold of a certain number of users is
> exceeded

They're not even _pretending_ that this is really about catching savvy
criminals, and not mass-surveillance.

~~~
molesy
The FBI wants to catch "criminals", and they like easy backdoors. The NSA is
the one interested in mass-surveilance and they usually are very good at
collecting information with little to no help from corporations, seeking more
direct interaction only when the scale of a particular target (say Facebook)
becomes so large that they need to move their filters closer to the real data
to keep up.

Usually these things start pretty innocently - you'll be approached by a local
police department who has a real murderer they're trying to catch, who happens
to be stalking people on your service. I've been through and heard of that
kind of approach happening several times. Everyone knows the big NSA/MegaFed
style visits happen as well, usually not before your CEO is hobnobbing with
Senators anyways, giving keynote speeches to large globalist audiences, etc.
(IE by the time they let you know, you're already part of the system anyways.)
That's theory, I've only experienced the former not the latter.

Some day hopefully!

(edit: I've witnessed the FBI backdoor, not the NSA. :P)

------
zupreme
I just heard a BBC news spot where one of the interviewees, a law professor if
I recall correctly, indicated that the support for CISPA by Facebook and other
prominent startups was in order to provide legal cover for just these types of
requests.

Under current rules, it was stated, while these companies can be pressured by
the FBI to release certain info and give certain access, they have no immunity
from litigation - so they can still be sued for complying with the requests by
their users and other concerned parties.

The interviewee indicated that CISPA gives them the legal immunity they need
so that they can comply with the FBI while being able to fend off potential
lawsuits.

------
cookiecaper
Use encryption on ALL data that you don't want to publicly readable.

I post something that says this pretty much weekly on here and I'm sure I
could post it every day if I had the time. Stop trusting third parties to keep
your data back; they lose it all the time, through subpoenas, leaks,
accidents, exploits, whatever. Take responsibility for yourself. If you have
comms that can't safely be aired on CNN, ENCRYPT THEM. There's simply nothing
else to say on the matter. Don't trust anyone else to protect you, because
they aren't able to even if they try. You must use real, client-side
cryptography to keep your message even semi-secure.

~~~
mvip
While I most certainly agree, this begs the question: what encryption tools
can you use (and trust)? I'm pretty confident that there are backdoors in most
commercial tools from Apple, Microsoft and PGP (just to name a few). Before
anyone is too quick on say that TrueCrypt is the answer, please note that
there have been wild speculations about backdoors etc in TrueCrypt too (but I
don't think anything has been proven).

~~~
Karunamon
Truecrypt is OSS and has some insanely brilliant people working on it. I think
that more than a couple people would notice if there were shenanigans afoot.

~~~
cnbeuiwx
Hmm. Interesting statement since the authors have chosen to remain anonymous.
You would think it would be impossible to know weather or not they are
brilliant, or if they are working for the US security agencies.

So you have people working on the most well known full disk encryption system
on planet Earth, but they are living in obscurity.... kind of interesting isnt
it?

~~~
mvip
_or_ they have chosen to stay anonymous to _avoid_ being pressured by various
governments to implement backdoors. I guess we will never know for sure.

------
igorsyl
I hope this spurs the massive adoption of client-side encryption. Server-side
encryption has proved to be just a marketing tool.

~~~
tarr11
I think the real problem is that almost all applications default to cloud
storage of data. They are not going to accept data that is unintelligible to
them (certainly not for free).

If developers would start to make their apps "cloud optional", then you could
at least choose how your data is shared.

~~~
cnbeuiwx
You wont see that from massive American companies (except possibly Mozilla who
always have had strong interests in consumer privacy and integrity).

But there is still alternatives out there. You just have to give up the sites
and corporations you have gotten used to over the years. Google, Facebook,
Microsoft...

Also, if you use Windows, you can pretty much count on it having backdoors
already. Thats just my opinion based on common sense. The largest american
operating system being free from backdoors? Heh, not very likely. THe NSA
could pretty much force them to put it in, and put a gag order on them
afterwards. Thats the reality of United States.

------
readme
I hope someone stands up to these bullies. They can't make us do this. Really,
a few powerful people just need to say no.

If you are in this position, please for the love of god don't agree to put a
surveillance backdoor in your website.

~~~
kozubik
Done and done:

<http://www.rsync.net/resources/notices/canary.txt>

We've been running it for seven years now:

[http://blog.kozubik.com/john_kozubik/2010/08/the-warrant-
can...](http://blog.kozubik.com/john_kozubik/2010/08/the-warrant-canary-
in-2010-and-beyond.html)

~~~
cnbeuiwx
Very nice, but what if you get a gag order from FBI or NSA? Then you would be
required to go to prison if you uphold your promises on the web site and
disclose what happened.

But I would be interested in your comments regarding this theoretical
situation. Surely you must have thought about it.

~~~
kozubik
The gag order is the whole point.

Read through it again - it is a positive, affirmative statement that we make
each week (and make in three continents). A judge (or LEA, whatever) would
have to compel us to make false public statements on an ongoing basis, and
would have to further compel foreign (swiss) nationals to do likewise.

Can we be held in contempt, etc., for refusing to make public false statements
? Perhaps.

In reality, since rsync.net is not actually an ISP (we take pains to make sure
we do not count as an ISP, since it allows us to skip things like the OP has
posted) and since we host no publicly available materials, we're not likely to
get a warrant. If we do, it's likely to be an extremely mundane act of
discovery, etc. That would get added to the warrant canary and we would
continue updating it.

In our 11 years of running this service (7 years under the "rsync.net" brand)
we've not gotten a single one.

But the parent to these comments was speaking of taking a stand, which is why
this was instituted - people do indeed need to make a stand. We refuse to live
in a world with Lettres de Cachet, and that's that.

~~~
wow123
11 yrs without ever receiving a warrant.

That seems quite impressive.

And it suggests to me your customers are well-behaved. Is that how you would
characterise them?

I also think it's a great selling point.

Maybe it's desirable not to have "unruly neighbors" in your "cloud service
neighborhood".

We've seen plenty of examples what can happen when such neighbors draw
attention to themselves.

~~~
kozubik
The key is that our service is cold storage only. All access, regardless of
protocol, is with a username and password - there is no anonymous access to
data stored here.

So there is no "hosting" or publishing of any kind.

The unintended consequence of this that we are really starting to appreciate
is that we are NOT an ISP. The definition is fluid, and there's no guarantee
about future regulation, but up to this point every one of the major
"provider" laws has not applied to us as we are currently structured.

So the reporting, the LEA interfaces, the logging, etc. - we have no more
responsibility to perform these items than your bakery does.

We are not a web host, and we are not an ISP.

------
charlieok
Woah, I didn't know that Joe Biden was the sponsor of the exact bill that Phil
Zimmerman referenced in his essay, “Why I Wrote PGP”.

From the OP:

“On the other hand, as a senator in the 1990s, Vice President Joe Biden
introduced a bill at the FBI's behest that echoes the bureau's proposal today.
Biden's bill said companies should "ensure that communications systems permit
the government to obtain the plain text contents of voice, data, and other
communications when appropriately authorized by law." (Biden's legislation
spurred the public release of PGP, one of the first easy-to-use encryption
utilities.)”

The bill:

    
    
      S.266 
      Latest Title: Comprehensive Counter-Terrorism Act of 1991 
      Sponsor: Sen Biden, Joseph R., Jr. [DE] (introduced 1/24/1991)  Cosponsors (3)
    
    

From Zimmerman's essay:

“Senate Bill 266, a 1991 omnibus anticrime bill, had an unsettling measure
buried in it. If this non-binding resolution had become real law, it would
have forced manufacturers of secure communications equipment to insert special
"trap doors" in their products, so that the government could read anyone's
encrypted messages. It reads, "It is the sense of Congress that providers of
electronic communications services and manufacturers of electronic
communications service equipment shall ensure that communications systems
permit the government to obtain the plain text contents of voice, data, and
other communications when appropriately authorized by law." It was this bill
that led me to publish PGP electronically for free that year, shortly before
the measure was defeated after vigorous protest by civil libertarians and
industry groups.”

<http://www.philzimmermann.com/EN/essays/WhyIWrotePGP.html>

In that case, thank you Joe Biden? :)

------
hhastings
If al-Qaeda can build their own bombs and guns, I'm pretty damn sure they can
set up their own secure Email & VOIP servers.

~~~
typicalrunt
Screw email and VOIP servers. In the movie Traitor, one person would compose
an email and then save it to the draft folder. Then the other person would
login to the same Webmail account and read the draft message. Since the
message is never sent over the wire, there's no need for secure email (only
SSL for the email client).

------
zmmmmm
"only if a threshold of a certain number of users is exceeded"

And thus the stupidity and evil-ness of the whole plan is revealed. They don't
want to spy on criminals, who will use the minority methods that aren't
monitored. They want to spy on the general population who is innocent of any
crime.

------
spoiledtechie
I don't know about anyone else here, but I am getting sick and tired of this.
I personally think we as a community need to start a movement.

This is ridiculous.

------
theorique
Do not fear, subjects. If you have done no wrong, you have nothing to worry
about.

Sleep safely in your beds. The government is watching over all who might do
you harm.

------
lukeschlather
In related news, the FBI has banned sales of regular paper, and requires that
any paper be embedded with microtransmitters that the FBI can easily activate
and read the contents of the paper, effectively closing the analog gap that
prevents papertapping.

------
albertsun
The worst part is that laws like these add to the regulatory burden faced by
small internet startups to get off the ground. The trickier the legal
environment and the amount of rules that a company has to abide by to do
business online, the harder it will be to do business and the fewer startups
will succeed.

The internet giants, Microsoft, Google, Facebook, et al. might even welcome
additional rules like this. They provide additional barriers to entry and
provide them more protection against new competitors.

I'd reckon that it's in large part because the internet hasn't had many rules
like this that the cycles of innovation online have been so fast.

~~~
simonbrown
The article said there would be minimum number of users for the rules to
apply.

~~~
albertsun
The effect is still there, it makes scaling up more difficult. There are
possible futures where very small teams can run services for very large
numbers of people.

------
twelvechairs
When things like this happens it makes it seem sensible that China doesn't
allow US companies (facebook et al) into their market. When it comes down to
an argument of who gets to spy on users - theyd rather do it themselves than
allow another country to do it behind the back door. (note: I'm not saying its
right that anyone should)

So whats the net result? Bad for business - bad for innovation, because you
are further dividing the internet (and hence the market for internet services)
up on nationalistic lines.

------
jasonjackson
I can't imagine how this ability would combat terrorism. It's trivially easy
to write your own communication software -- why would anyone doing serious
crime use Skype?

On the other hand, now the government gains widespread power over the vast
majority of innocent citizens.

However, it's also worth noting that this request is merely reinstating wire
tapping abilities that the government once had over communication before the
rise of the internet.

~~~
bdunbar
_why would anyone doing serious crime use Skype?_

I don't agree with this at all but ...

I'd venture that most criminals are not exactly tech savvy. We've all seen
those stories about guys caught because they posted pictures of their deeds on
Facebook or Myspace.

~~~
pdubs
>I'd venture that most criminals are not exactly tech savvy

Even if this is currently true; it will change.

~~~
thematt
Will it? Criminals know they can be wiretapped, but that hasn't stopped them
from using phones for communicating.

------
SkyMarshal
2012 is shaping up to be a deluge of rights-curtailing legislation.

Did the guys behind the curtain just decide that smart-bombing Congress with
this shit doesn't work, it gives citizens enough time and leeway to resist it,
so instead they're gonna try the carpet-bombing strategy instead?

WTF. We shouldn't have to keep fighting these battles.

------
getpost
I don't see how this could ever work, in practice. What constitutes a
sufficient surveillance capability for a webapp that is constantly evolving?
With every change to your app, you have to update the surveillance aspect as
well. This seems like a real burden that limits innovation.

> The requirements apply only if a threshold of a certain number of users is
> exceeded

So, you start the next Instagram with barebones resources. You don't
design/build surveillance into your admin console. Your service takes off, and
then you have to stop accepting users after some magic number?

The government needs to get over the idea that surveilling everyone in all
circumstances is the best way to promote a civil society.

------
wyck
This is convoluted at best, the internet is not the telephone.

The more they push, there more technology that uses
encryption/vps/offshore/offworld/alternative routes/etc will become easier for
the average user and not just the command line jockey.

So what will the FBI do when sites start registering in other countries, use
hosting in other countries, use alternative non U.S. DNS, open source, and
encryption?

ps. This is already happening on the small scale , and the losers are the job
market.

As a Canadian I no longer register .com names nor do I host in the U.S., and I
did so for 10 years.

------
novalis
Let us all just stream, wait... triple stream everything to that new shiny spy
center they built in Utah and just get over with it already. These people are
simply out of control now.

The fact that this is in the works just shows how unapologetic the clueless
little three letters are these days. One step up from that is the analysis
that these people intend to operate above the law and these "secret"
understandings that they build on laws must be put to an end while the authors
must be jailed for a long time.

------
chefsurfing
The influence of RAND Corp on this legislation is instructive. CISPA is not
the creation of Hollywood or even the FBI, it's coming from people building a
technocratic military-industrial complex.

Interesting background interview with RAND researcher here:
[http://www.corbettreport.com/episode-173-alex-abella-
inside-...](http://www.corbettreport.com/episode-173-alex-abella-inside-the-
rand-corporation/)

------
compilerc
"The FBI draft also contains provisions for requiring mobile phone customers
to speak clearly and slowly."

------
jpdoctor
The FBI needs to learn: Implementing surveillance techniques like these is the
best business subsidy that foreign web sites could ever dream of. What a great
way to drive email servers out of their reach.

Someone needs to make the FBI more supportive to US businesses.

------
cantankerous
Ala Field of Dreams: if you tap it, they will encrypt. Encryption was much
harder to obtain on phone-like devices for 'common-folk'. On data-oriented
medium, it's pretty much par for the course. Not sure how this is so readily
justifiable.

------
generateui
This is potentially very destructive to Silicon Valley.

------
WiseWeasel
This is sure making offshore hosting/incorporation look pretty sweet right
now.

Facebook should move their headquarters to New Zealand.

------
kaichanvong
It would seem they are more obsessed dealing with the symptoms of the problem
than the real problem.

------
bretthardin
I think the FBI is watching the movie, "The Net" too much.

------
lurkinggrue
There's something that totally won't be hacked or leaked.

------
Joss451
Can't they just borrow it from the NSA?

------
nirvana
I wonder how they are going to enforce this law on cryptographically secure
communication software written by some anonymous group and released as open
source software out on the net? I guess being able to pin the maintainer of
the github repository to the wall might be a problem, but its easy to imagine
this just forcing development underground and users upgrading only in big
jumps every couple of years.

Its not like this software would need to be changing all the time... people
could email each other their ip addresses or the software could take care of
it for them in the background. (e.g.: when its running it polls your email
server to see if you've gotten an email with your friends ip address being
updated, signed by his private key, then if you want to call him your client
has the right email address to send the packets to directly)... negating the
need for any kind of centralized server. (I'm sure there are better ways to do
this.)

Write a javascript version that can run in the browser and anyone with a web
browser can then use it (and you can sidestep the appstore as well, because
you can make downloadable installable javascript apps that show up on the home
screen in this way. Apple's had that in there since before the appstore and it
still works and is supported.)

~~~
lurchpop
They can just make it illegal to use that software, and use a gun silencer
analogy. a 75 year old judge would eat that up.

------
tubbo
"If you create a service, product, or app that allows a user to communicate,
you get the privilege of adding that extra coding"

What kind of sick, twisted monster thinks "adding extra coding" is a GOOD
THING???

------
rodly
If this gets any traction we will at least benefit in 100% knowing our
(American) government is a joke. The FBI has a "going dark" problem? Really!?
How is that possible exactly? Criminals aren't using Facebook and Skype to
discuss their activities. Even if they were, I'm sure Facebook and Skype have
some automated flagging system for keywords that come up in any communication
channel they operate. Nonetheless, aside from cyber criminals, "hackers",
traditional criminal behavior is executed in real life. The same reality that
the FBI has sufficient surveillance on 24/7.

~~~
drivingmenuts
We might understand the joke, but we're only an insignificant part of the
voting population. The vast majority of American voters don't understand that
their ability to sleep at night free of terror comes at the chipping away of
their freedoms elsewhere. They don't make the connection between feeling up
someone else's kids in an airport and the loss of freedoms in general.

The things we talk about (encryption, backdoors, etc.) seem trivial to us
because we're buried in it every day or at least have some context to place it
in. But Joe the Plumber or Betty the Housewife doesn't. They don't even really
have a place to start to get simple, concise information on how to start
understanding it in a way that fits in with their daily lives.

It's not that they can't learn - they don't have the resources or the time.

