Feds Seek Broad Authority To Wiretap Internet Communications

If the Obama Administration gets it's way, your secure Internet communications won't really be all that secure.

Doug Mataconis · · 9 comments

The Obama Administration is seeking broad new powers to monitor Internet communications of every kind:

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone. Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally. James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design. “They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.” But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers. “We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni, general counsel for the Federal Bureau of Investigation. “We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”

As the Cato Institute’s Julian Sanchez notes, however, what Federal authorities are asking for is indeed a significant expansion of current federal wiretap authority:

While the Communications Assistance for Law Enforcement Act (CALEA) already requires phone and broadband providers to build in interception capacity at their network hubs, this proposed requirement—at least going on the basis of the press description, since there’s no legislative text yet—is both broader and more drastic. It appears that it would apply to the whole panoply of online firms offering secure communication services, not just big carriers, imposing a greater relative burden. More importantly, it’s not just mandating that already-centralized systems install a government backdoor. Rather, if I understand it correctly, the proposal would insist on a centralized (and therefore less secure) architecture for secure communications, as opposed to an end-to-end model where encryption is handled client-side. In effect, the government is insisting on the right to make a macro-design choice between competing network models for thousands of companies.

Sanchez goes on to note that the proposal would also essentially require developers to design their systems with a built-in capability of being breached, something which poses the risk of opening the system up to hackers and, to foreign governments:

Networks designed for interception by U.S. authorities will also be more easily tapped by authoritarian governments looking to keep tabs on dissidents. And indeed, this proposal echoes demands from the likes of Saudi Arabia and the United Arab Emirates that their Blackberry system be redesigned for easier interception. By joining that chorus, the U.S. makes it more difficult for firms to resist similar demands from unlovely regimes.

Even if you aren’t concerned about foreign governments having access to supposedly secure networks, though, the prospect of the Federal Government being able to access those networks at will, and it probably won’t do much to stop the illicit activity it’s supposedly aimed at:

Power over information in today’s world is so critical that it is almost a proxy for political and military strength. Allowing government to create an infrastructure in which information can be sucked up at the flip of a legal switch is an immense concession of authority to the center. But, as the history of law enforcement often shows, it will be hard to extend to terrorists and criminals who opt out of the licit system. Increasing the power of the state to deduce criminal activity by surveilling those in the compliant system may provide certain advantages, but they are in large part the advantages of the drunk looking for the coin he lost under a lampost, not because it was mislaid there, but because that is where he can look.

What he finds in the process is something that should concern all of us.