Monday, September 27, 2010

New Internet Wiretap legislation

The Obama administration attempts to send "sweeping new legislation" demanding "all services that enable communications" including blackberry, facebook, peer to peer messaging and Skype have the ability to allow government wiretaps, unencrypting all communications to plain text. http://www.nytimes.com/2010/09/27/us/27wiretap.html

Well first off, this would appear to be a terrible idea. Forcing companies to create backdoors and master private keys is just adding new avenues for attack.

Perhaps this is just one sided journalism, but I noticed they were not able to find any tech or industry professionals to quote in support of this bill, only against. All the "for" quotes are by politicians. This is also an amazingly poor time to bring up something so fiercly unpopular just before November Elections.

Anyway, looking at the technical aspect:

Facebook, I'm sure they store every keystroke ever entered on their site for advertising purposes anyway, so they shouldn't have a problem.

Blackberry, I assume this only includes the encryption built into the default mail program. Users should be able to still encrypt their own messages with a key system if they have the technical knowhow, if blackberry was forced to ban personal encryption from their devices, well I would suspect every major corporation would ditch blackberry. Do you want any joe smoe at an ISP or blackberry corporate being able to view defense data being e-mailed between people at Lockheed Martin or Boeing? I assume this would mean government oversite committees would have to be created (and funded with our tax dollars) for every company dealing with government contracts and want to use a blackberry?

Skype: Ok, so how would this work. Skype is not like vonage or a regular phone company that sends everything through a central office, skype is peer to peer. After the call creation the users are talking to each other, not a skype server. So do wiretapped phones then get re-routed to skype servers? Wouldn't this be noticed and affect service? I'm sure people would make programs to alert them if Skype wasn't being routed directly to the end user.

Peer2Peer Messaging: Well, there is certainly a variety here, from IRC to ICQ to MSN Messenger to google to .... Microsoft and google might be able to keep track of messages fairly easy, but IRC? I can't imagine what it would take to get all the IRC servers around the world to listen to the FBI/NSA. IRC has been part of wars, coups, and rebellions without anyone being able to stop the flow of information. I doubt a US wiretap request for "fear someone might be a terrorist" is going to change that.

My personal oppinion (if you couldn't tell from the post) terrible idea, unpopular politically and socially, and a nightmare of new costs, both trying to implement something like this as well as the lawsuits/profit loss that would come from any new security holes that are created and used by malicious users. This could also destroy consumer confidence in online usages. (yes I just wrote usages because I was too lazy to think of a real word)

The governments only defense was: it worked out with cell phone companies despite fears. Well, lets just say that is comparing apples and oranges.

No comments: