viernes, junio 07, 2013

WND – Life With Big Brother : Now FBI Wants Back Door To All Software But Leading Security Experts Say Strategy Would Help Enemies – 7 June 2013


The FBI is unhappy that there are communications technologies that it cannot intercept and wants to require that software makers and communications companies create a back door so they can listen in when they desire.
But a team of technology experts warns the move would hand over to the nation’s enemies abilities they are not capable of developing for themselves.
The Washington Post reported the issue is being raised by the FBI because “there is currently no way to wiretap some of these communications methods easily, and companies effectively.”
The solution, according to the FBI, is to fine companies when they fail to comply with wiretap orders, essentially requiring all companies to build a back door for wiretap capabilities into all their communications links.

“The importance to us is pretty clear,” FBI general counsel Andrew Weissman said in the report. “We don’t have the ability to go to court and say, ‘We need a court order to effectuate the intercept.’”
But a report by the Center for Democracy & Technology warns of unintended consequences.
“Wiretap functionality allows covert access to communications that can be exploited not only by law enforcement, but by criminals, terrorists, and foreign military and intelligence agencies,” the report said. “Wiretap endpoints will be vulnerable to exploitation and difficult to secure.”
It cited a report called “CALEA II: Risks of Wiretap Modifications to Endpoints.”
The report came just as the U.S. government was caught accessing telephone records for the Associated Press and describing a prominent Fox News journalist as a potential criminal.
It was compiled by high-profile leaders in the field such as Matt Blaze from the University of Pennsylvania, Edward Felten of Princeton, Matthew D. Green of Johns Hopkins and J. Alex Halderman of the University of Michigan.
The report said there are some drawbacks to expanding wiretap design laws to Internet services.
“Mandating wiretap capabilities in endpoints poses serious security risks,” the report said. “Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences for the economic well-being and national security of the United States.”
Just what kind of “serious consequences”?
“The FBI’s desire to expand CALEA mandates amounts to developing for our adversaries capabilities that they may not have the competence, access, or resources to develop on their own,” the report said.
CALEA is the Communications Assistance for Law Enforcement Act, which already requires some electronic surveillance possibilities. It’s the plan the FBI wants to expand to all digital forms of communication, including Skype and VoIP services.
The London Daily Mail recently reported that those technologies are hard to track because they convert analogue audio signals into digital data packets, which would have to be retrieved and reassembled.
The team of experts said that besides allowing criminals and terrorists into the networks, the strategy would require software companies to have employees do the wiretapping or give away their company secrets to law enforcement agencies.
“Finally, the wiretap capability that the FBI seeks will be ineffective because it is easily disabled and because knock-off products that lack the wiretap functionality can be readily downloaded from websites abroad. Because many of the tools that people use to communicate are built on open standards and open source software, it will be trivial to remove or disable wiretap functionality,” the report said.
According to the Post report, the draft proposal would let a court levy escalating fines against a company – fines that could double daily.
“This proposal is a non-starter that would drive innovators overseas and cost American jobs,” Greg Nojeim, a senior counsel at the Center for Democracy and Technology, told the Post.
“They might as well call it the Cyber Insecurity and Anti-Employment Act.”
http://www.wnd.com link to original article