Government Wiretapping: Coming Soon to a Computer Near You?
Tap, tap, tap. I'm sorry, could you please speak up? The federal employees playing monkey in the middle on our Skype call couldn't quite make out what you were saying.
In case you missed the headlines in the New York Times this morning, or all the me-too stories in the blogosphere cranked to varying degrees of hysteria, Uncle Sam is angling to wiretap the Internet -- or, at least, expand its ability to get at things like VoIP calls and encrypted emails. Per the Times report:
Essentially, officials want Congress to require all services that enable communications - including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct "peer to peer" messaging like Skype - to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.
[ Also on InfoWorld: Don't look now, but the government can already wiretap your BlackBerry. | For a humorous take on the tech industry's shenanigans, subscribe to Robert X. Cringely's Notes from the Underground newsletter. ]
I'll pause now while you work up a frothy head of righteous indignation. Ready? Alrighty then.
This is nothing new, by the way. The feds have been trying to find a way to snoop on Internet communications since the Clinton administration. In fact, this story has revived the mid-'90s debate over the proposed Clipper chip, a backdoor that would be built into communication devices allowing the FBI and any other spooks with a legal excuse to tap into encrypted conversations. That idea eventually got shot down, as the feds found other ways to eavedrop on the bad guys.
Cnet's Declan McCullagh reminds us of some of the feds' sneakier work-arounds in days gone by:
Police can obtain a special warrant allowing them to sneak into someone's house or office, install keystroke-logging software, and record passphrases. The Drug Enforcement Agency adopted this technique in a case where suspects used PGP and the encrypted Web e-mail service Hushmail.com. And the FBI did the same thing in an investigation of an alleged PGP-using mobster named Nicodemo Scarfo.
Another option is to send the suspect spyware, which documents obtained by CNET through the Freedom of Information Act last year showed the FBI has done in cases involving extortionists, database-deleting hackers, child molesters, and hitmen. The FBI's spyware is called CIPAV, for Computer and Internet Protocol Address Verifier.
What's different here is that the Obama administration is pushing this -- despite campaign promises to enhance and expand our digital privacy. Back then, Obama made a few vows:
Strengthen privacy protections for the digital age and ...harness the power of technology to hold government and business accountable for violations of personal privacy....[and support] updating surveillance laws and ensuring that law enforcement investigations and intelligence-gathering relating to U.S. citizens are done only under the rule of law.
The argument for expanded wiretapping is simple: If you and I can Skype each other in private, so can the terrorists and the mob. And, of course, government authorities would only tap into communications with proper court authorization and would only target potential terrorist/criminals.
We saw how well that worked with the last administration and those warantless wiretaps. (Later, when it turns out that the courts didn't authorize the taps and the targets aren't always terror-iminals, Congress will somehow find a way to retroactively legalize it, regardless of who's in power.)
Theoretically, at least, it seems perfectly reasonable to allow law enforcement authorities the same access to Net communications that they've had for plain-old-telephone service since J. Edgar Hoover was still wearing pleated skirts and knee socks.
In practical terms, though, this could turn out to be a nightmare from which we never awake because, unlike with the closed phone system, we're talking about the open Internet. Though the phone system could be hacked in its day (that is, after all, where hacking originated), it's a whole 'nother animal than the InterWebs. Sure, there was some freelance wiretapping going on, but not at the level you'd see today -- whether we're talking organized criminals in Eastern Europe, South American scam artists, or Chinese cyber spies.
If the feds can sneak in through the backdoor via these types of communications, so can the bad guys. In fact, the bad guys will probably get there first and have enough time to tidy up the place and bake cookies.
Making our VoIP calls and encrypted communications less secure for the bad guys makes it less secure for the rest of us, too. Is the risk worth it? That's what you, me, and our elected officials need to figure out.
I think, though, that discussing what "digital privacy" truly means is a good thing. It's a conversation that's long overdue -- and the more geeks we get involved in this discussion, the better it will be. The question is whether we can talk about it free from the partisan rancor that's poisoned public debate for the last decade.
Should the feds be free to tap the Net? Post your thoughts below or email me: firstname.lastname@example.org.
This article, "Government wiretapping: Coming soon to a computer near you?," was originally published at InfoWorld.com. Follow the crazy twists and turns of the tech industry with Robert X. Cringeley's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.