Blog Round Up: Experts on CALEA II Proposal
Edward W. Felten is a Professor of Computer Science and Public Affairs at Princeton University, and the founding Director of Princeton’s Center for Information Technology Policy. Felten was the Federal Trade Commission’s first Chief Tecnologist.
Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.
Bruce Schneier is an internationally renowned security technologist and author. He has testified on security before the United States Congress on several occasions and has written articles and op-eds for many major publications, including The New York Times, The Guardian, Forbes, The San Francisco Chronicle, and The Washington Post.
The FBI wants a new law that will make it easier to wiretap the Internet. Although its claim is that the new law will only maintain the status quo, it’s really much worse than that. This law will result in less-secure Internet products and create a foreign industry in more-secure alternatives. It will impose costly burdens on affected companies. It will assist totalitarian governments in spying on their own citizens. And it won’t do much to hinder actual criminals and terrorists.
Center for Democracy and Technology Report on USG Proposals to Expand CALEA to Peer-to-Peer Communications
Susan Landau, Guggenheim Fellow, Author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies
Our first concern is something that I have written about on multiple occasions, namely that an architected security breach—which is what a wiretap is—is exploitable not only by law enforcement but also by criminals, other nation states, etc. Then, to satisfy law enforcement, companies must either enable a 24/7 capability for wiretapping whenever law enforcement requires it or — very dangerous — give any law-enforcement organization, no matter how small and poorly secured, the ability to conduct the tap on its own. This is really dangerous.
Peter P. Swire is the C. William O’Neill professor of law at the Moritz College of Law of the Ohio State University. He is a senior fellow with the Future of Privacy Forum and the Center for American Progress and policy fellow with the Center for Democracy and Technology. Under President Clinton, he served as Chief Counselor for Privacy in the U.S. Office of Management and Budget.
Building holes and backdoors into widely-available software and services creates vulnerabilities that can be exploited by a range of bad actors, including hackers, individual employees at the software companies and government officials in the numerous countries that will expect the same access afforded to the FBI. When it comes to cybersecurity online, the first rule for government should be ‘do no harm.