Posted on 08/06/2005 11:00:35 PM PDT by dila813
Tech Mandates Force Companies to Build Backdoors into Broadband, VoIP
Washington, DC - Today the Federal Communications Commission (FCC) issued a release announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). The ruling is a reinterpretation of the scope of CALEA and will force Internet broadband providers and certain voice-over-IP (VoIP) providers to build backdoors into their networks that make it easier for law enforcement to wiretap them. The Electronic Frontier Foundation (EFF) has argued against this expansion of CALEA in several rounds of comments to the FCC on its proposed rule.
CALEA, a law passed in the early 1990s, mandated that all telephone providers build tappability into their networks, but expressly ruled out information services like broadband. Under the new ruling from the FCC, this tappability now extends to Internet broadband providers as well.
Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements.
"Expanding CALEA to the Internet is contrary to the statute and is a fundamentally flawed public policy," said Kurt Opsahl, EFF staff attorney. "This misguided tech mandate endangers the privacy of innocent people, stifles innovation and risks the functionality of the Internet as a forum for free and open expression."
At the same time, the Department of Justice (DOJ) is asking airlines to build similar backdoors into the phone and data networks on airplanes. EFF and the Center for Democracy and Technology (CDT) submitted joint comments to the FCC arguing against the DOJ's unprecedented and sweeping new technology design mandates and anticipatory wiretapping system.
The FCC's new proposal to expand CALEA to airline broadband illustrates the fallacy of law enforcement's rationale for its CALEA request. The DOJ takes the position that broadband has "substantially replaced" the local telephone exchange, but this claim is reduced to the point of absurdity aboard an airplane and opens the door for CALEA to cover just about anything.
Contact:
Kurt Opsahl
Staff Attorney
Electronic Frontier Foundation
kurt@eff.org
I am all for wiretaps, but when you purposely put in a universal hole in your security, you are asking for people to target this hole. here, but it sounds like the These people are the Chinese, terrorists, etc.
They will take note to explote this.
I don't know why our government thinks these types of things will work in the future. There was a time when you had to physically had to touch and have the knowledge to exploit security holes.
I don't aggree with everything in this article, but it does appear as if the government is trying to enable the ability to scan all communciations on the internet searching for the subject communications. Problem is that this is subject to abuse and hacking by others that want to use this system.
The feds can already eavesdrop on any electronic commerce they care to. They OWN the backbone....
I agree with you: this won't help the Feds at all and will be a tremendous boon for the criminals.
Don't worry, they'll make it illegal to attack this vulnerability.
It will work as well as outlawing murder.
Let me guess if I know the feds the password will probably be either "password" or "gman"
Sheeesh stupid!
Tell those freaks to stay away from my back door. I'm not that kind of guy.
I feel much safer now. As long as it is illegal I know no one will take advantage of this security hole.
Sort of like the way phreakers take advantage of internal phone company auditing systems...the kind that record your inbound and outbound phone numbers, length of phone calls, and even audio access to your conversations.
What law enforcement needs a court order for the telcos can do with impunity in the name of "internal auditing."
Privacy? It's just an illusion when you're dealing with anything electronic in an unencrypted environ, folks.
Password is "Wiretap"
Actually, that's not true, and hasn't been since 1985.
The backbone (as you so quaintly put it) is composed of high speed circuits owned and operated by huge telle-com companies, little telephone companies, and private parties.
Some parts are owned by other governments, the British, Canadian, etc manage the tell-co in their respective countries.
Uh huh.
I could steal every identity in the United States.
Then watch all these companies get sued by victims for all the holes the government forced them to have.
I can't help but giggle at that.
"CALEA, a law passed in the early 1990s"
Bubba legacy
Look up "AirSnort" as long as you can sniff the traffic, even if it is encrypted, you can crack it.
Most encryption schemes give you the illusion of privacy. As long as you can record the network traffic, there will be a way found to crack it.
Now who in h gave these clowns, no, tyrants, this kind of power? The number one criminal here is our government.
Yes, you are correct. The bulk of the data traffic is carried over telco networks, and the root domain servers are "owned" by a quasi-public consortium.
However, if you don't think that the Feds can sniff any packet they like and at nearly any point on that quaint "backbone", you are sadly mistaken.
Network security, until very recently, has been by bread and butter for years. I'm here to tell you that Prime Choice is right on target: if you want privacy on the "public" network, it had best be heavily encrypted. Even then, if they want to break your traffic badly enough, they will eventually do just that.
Yes, it is a Clinton/Janet Reno thing
Look it up? I use that and Airfart when doing penetration tests. Hell, wireless security is a frickin' joke. The only thing it does is provide wired equivalency at best.
You misunderstand me. I am referring to encryption of the content...even if it moves via an encrypted tunnel such as over a VPN and/or SSL/TLS.
Cracking PGP (or GPG) is another story altogether. That's what I'm talking about.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.