On Sept. 27, Charlie Savage from the New York Times reported that the Obama administration plans on introducing a new bill that would make communications sent over the Internet easier to wiretap sometime next year.
Although the bill itself is still in the drafting process, some of the provisions of the bill would require three things: companies that provide encrypted communication services must have the ability to easily decrypt those messages, companies based outside the United States must have an office within the country that is capable of intercepting and decrypting messages, and lastly, peer-to-peer communication software must be redesigned to accommodate for interception. If the bill passes, companies who fail to follow these guidelines will face penalties. The bill would affect major technology companies such as Google, BlackBerry, Facebook and Skype.
The bill was proposed to counter terrorism in today’s age of technology. An increasing number of terrorists communicate through secure channels online. And although law enforcement agencies are able to intercept these communications through lawful means, they are not always able to decrypt these messages at a fast enough rate. Also, some of the software that can be used for secure communication don’t have ways to be easily intercepted.
Although the concept is simple, its application won’t be as easy as it sounds. For starters, existing companies will have to spend money on research and development on products that already work simply to comply with the law. This could force some products to become temporarily unavailable as software developers tweak them. For domestic startups, this legislation could also impede on the software development of new products and make innovation and competition with foreign startups more difficult.
A major flaw in the conception of this legislation is that even if it successfully forces all companies to provide backdoors for easy interception and decryption of messages, open-source software will be virtually unaffected because the First Amendment protects it.
Even if the bill does not pass, law enforcement agencies still have other options. These options include installing software or hardware that tracks keyboard strokes on a suspect’s computer to sending them spyware nicknamed CIPAV – Computer and Internet Protocol Address Verifier. Such spyware has been successfully used by the FBI and DEA in cases where communications and files were encrypted using PGP – Pretty Good Privacy, a software that provides users with encryption that is close to military-grade. Therefore, the electronic surveillance capabilities of these agencies are not completely crippled without the legislation.
Still unconvinced that this is a bad idea? Sometime between June 2004 and March 2005, someone exploited a back door on Vodafone cell phones that belonged to Greek government officials. Installed by Ericsson, designed solely for government usage, this system was breached by a group that still remains unknown.
Overall, no one sums it up better than computer security specialist Bruce Schneier in his commentary on the proposed legislation:
“Yes, communications technologies are used by both the good guys and the bad guys. But the good guys far outnumber the bad guys, and it’s far more valuable to make sure they’re secure than it is to cripple them on the off chance it might help catch a bad guy.”
