CALEA

How the FBI Wants to Penalize Internet Companies for Providing “Too Much” Security

by

Remember my recent post titled: Former FBI Agent: All Phone Conversations are Recorded and Stored?  Well now they now want to ensure doing the same on the internet is as easy as possible.  The latest proposal by the FBI, which would require companies to provide a backdoor for the feds to spy on American citizens on the internet, has been covered extensively in the mainstream media over the past couple of weeks, first in the Washington Post and then later in the New York Times.  It centers around this push to make communications on the internet “wiretap capable” and would impose fines of $25,000 per day for companies that do not comply with Big Brother.  Julian Sanchez of Wired has written and excellent article explaining how this proposal would not only crush privacy rights of law abiding citizens, but would also help cyber criminals, enable totalitarian governments, make the internet less secure and stifle the remnants of innovation that remain in the economy.  Oh, and unsurprisingly, Obama backs the proposal.  My favorite excerpts:

The FBI has some strange ideas about how to “update” federal surveillance laws: They’re calling for legislation to penalize online services that provide users with too much security.

I’m not kidding. The proposal was revealed in The Washington Post last week — and a couple days ago, a front-page story in The New York Times reported the Obama administration is preparing to back it.

While it’s not yet clear how dire the going-dark scenario really is, the statutory “cure” proposed by the FBI — with fines starting at $25,000 a day for companies that aren’t wiretap capable — would surely be worse than the disease.

The FBI’s misguided proposal would impose costly burdens on thousands of companies (and threaten to entirely kill those whose business model centers on providing highly secure encrypted communications), while making cloud solutions less attractive to businesses and users. It would aid totalitarian governments eager to spy on their citizens while distorting business decisions about software design. Perhaps worst of all, it would treat millions of law-abiding users with legitimate security needs as presumed criminals — while doing little to hamper actual criminals.

Read more

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.

An Open Letter to Skype

by

I’ve known about security concerns related to Skype for quite some time, but I never really understood the details.  Thanks to this letter, signed by a large number of organizations and individuals, I now know quite a bit more.  For those as ignorant as me on this topic, here is some background:

In June 2008, Skype stated it could not eavesdrop on user conversations due to its peer-to-peer architecture and encryption techniques. Additionally, Skype claimed it was not required to comply with expanded CALEA rules on lawful interception as long as it was based in Europe. As a result of the service being acquired by Microsoft in 2011, it may now be required to comply with CALEA due to the company being headquartered in Redmond, Washington. Furthermore, as a US-based communication provider, Skype would therefore be required to comply with the secretive practice of National Security Letters.

Since Skype was acquired by Microsoft, both entities have refused to answer questions about exactly what kinds of user data can be intercepted, what user data is retained, or whether eavesdropping on Skype conversations may take place.  In 2012, the FBI stated that it had issued a warrant for chats going back to 2007, and that it had utilized those chats as evidence as the basis for criminal charges. This contradicts Skype’s own policy stating that chats are retained for a maximum of 30 days.

The letter begins as follows:

Read more

Like this post?
Donate bitcoins: 35DBUbbAQHTqbDaAc5mAaN6BqwA2AxuE7G


Follow me on Twitter.