The FBI is proposing a plan to force backdoor surveillance on social networks, VoIP and Web e-mail providers. The bureau is also requesting that Internet companies support this effort, even though passage of the law would make their participation mandatory. Impacted would be companies such as Microsoft, Facebook, Yahoo and Google.
Senior FBI officials, the White House and various U.S. senators have argued that the gradual move from telephone systems to the Internet has made it significantly more difficult for agents to wiretap Americans suspected of illegal activities. Because of that, the FBI general counsel’s office has drafted proposed legislation deemed to be the best solution. The proposed law would require social-networking websites and providers of VoIP, instant messaging and Web e-mail to alter their code so that their products are wiretap-friendly.
The FBI’s proposal would amend the Communications Assistance for Law Enforcement Act (CALEA), a 1994 law that at present applies only to telecommunications providers and not Internet companies. The Federal Communications Commission extended CALEA in 2004 in order for it to be applied to broadband networks.
Following in the footsteps of the FBI, there are indications the Federal Communications Commission (FCC) is contemplating reinterpreting CALEA to include products that allow video or voice chat over the Internet — from Skype to Google Hangouts to Xbox Live. So, surveillance backdoors would be added to these services, as well. So, in essence, CALEA applies to any technologies that are a “substantial replacement” for the telephone system.
According to Christopher Canter, lead compliance counsel at the Marashlian a
nd Donahue law firm, a hefty uptick in the amount of FCC CALEA inquiries and enforcement proceedings has ensued over the past year. Canter said that the majority of them are intended to address ‘Going Dark’ issues. “This generally means that the FCC is laying the groundwork for regulatory action,” he said.
A representative for the FBI told CNET:
“(There are) significant challenges posed to the FBI in the accomplishment of our diverse mission. These include those that result from the advent of rapidly changing technology. A growing gap exists between the statutory authority of law enforcement to intercept electronic communications pursuant to court order and our practical ability to intercept those communications. The FBI believes that if this gap continues to grow, there is a very real risk of the government ‘going dark,’ resulting in an increased risk to national security and public safety.”
The FBI’s pending legislation has been approved by the Department of Justice and is part of what the FBI internally refers to as the “National Electronic Surveillance Strategy.” The White House, however, hasn’t sent the FBI’s CALEA amendments to Capitol Hill yet, though they were expected last year. A representative for Sen. Patrick Leahy(D-VT), head of the Judiciary Committee and original author of CALEA, has said that “we have not seen any proposals from the administration.”
The Justice Department did not respond to a request by CNET for comment and an FCC representative referred questions to the Public Safety and Homeland Security Bureau, which declined to comment.
To suggest this wiretapping legislation is not likely to be well received by the Internet community and civil liberty advocates is an understatement. We’ve been down this road before with the Stop Online Piracy Act (SOPA) and the CISPA data sharing bill—both of which prompted mass protest. What it boils down to is that the FBI’s “update” of federal surveillance laws would end up penalizing online services that provide users with too much security. And, there are other issues.
It Chokes Innovation
The FBI’s plan would render an entire category of emerging security products illegal. Examples include the encrypted voice app Silent Circle and the Dropbox-like cloud storage service Spider Oak, services which protect user confidentiality and limit who can access sensitive data.
Wired Magazine points out that while the FBI’s claim is that they just want internet platforms to be subject to the same requirements as phone networks (which are familiarly accessible to them under CALEA), a group of renowned computer scientists have illuminated the futility of the FBI’s scheme in a paper entitled, “Going Bright: Wiretapping without Weakening Communications Infrastructure.” The FBI’s analogy is flawed and ignores key differences between the architectures of these networks.
It Won’t Provide the Level of Protection Anticipated
“But if slowing innovation and weakening security is the price of catching terrorists and child pornographers, isn’t it a price worth paying?
Not if it doesn’t work.
Once it’s clear that online companies can’t promise true security, the most sophisticated and dangerous criminals will simply implement their own client-side encryption. DIY encryption may be too difficult or inconvenient for ordinary users, who benefit from services that take the hassle out of security — but the criminals the FBI is most interested in will doubtless find it worth the extra trouble.”
It has been argued that most recent legislative attempts at regulating the Internet infringe on civil liberties. As Benjamin Franklin said, “They who can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.”