Even if we (dubiously) assume that the FBI's proposed solution is technically impeccable, and can't be comprised, what solutions exist to prevent people from social engineering their way to the data? Heck, what prevents corrupt FBI agents and federal IT staff from just accessing the data themselves?
Of course, the same worry exists for the data at each individual company, but at least those breaches are limited to a single company's data. And, from what we've seen, externally, it seems like at least some companies are more interested in protecting privacy than covering things up. When Google found that an engineer was using his access to stalk someone, he was fired, and the indecent wasn't covered up. It's not uncommon for companies to tell users about security breaches in their own product that would otherwise have gone completely unnoticed (e.g., Pinterest announced a security flaw they had rather than just silently fixing it).
Conversely, in most cases of police and government corruption I hear about, the news breaks after a failed cover-up. No doubt I don't even hear about most cases, because they're swept under the rug. I don't have a particular fondness for Google's employees or process, but, given their track record, I trust them with my data a lot more than I trust some random government employee.
Moreover, if this law gets passed, why would serious criminals continue to use any of these services? This strikes me as having the same impact as most anti-piracy measures: highly inconvenient to non-criminals (in this case, when data gets leaked to actual criminals), but completely ineffective against real criminals. Not to mention the effect on the companies themselves -- I'm certainly not going to use a Chinese email service, because I don't want the Chinese government reading my email. What's an EU citizen going to do if this law is passed?
This is why I always laugh at NSA or FBI proposing ideas such as this because they need this to defend the country against "cyber threats". If anything a centralized solution like this where NSA has access to a lot of private companies's data would only make national security weaker and the country more vulnerable to attacks because of such single points of failure.
On the other hand, the FBI and NSA aren't full of total idiots. They must realize that centralized solutions have these huge problems. Do they believe they can secure against the potential universal data breeches, or do they have some overriding ulterior motive that allows them to accept the risk?
But it doesn't take much idiocy to make a mistake (keep passwords in cleartext in a database, leave unpatched machines open to the wild, allow SQL inject attacks, etc.).
Security needs to be taken seriously at a practically fractal level. Historically the FBI has not been good at this.
> why would serious criminals continue to use any of these services?
For the same reason they use cell phones which are easily monitored - it's how the bad guys you're dealing with are already accustomed to communicating.
You have to get pretty high up on the chain before encountering a criminal who's taking any real steps at counter-surveillance.
However, an issue for the FBI is that while the big telcos have back doors in place, companies like Tango, Text+, etc do not, making it a pain in the ass to monitor/identify those criminals who at least take that step to duck law enforcement.
This is why strong, asymmetric crypto is necessary. I'm worried that the US government will try to put the genie back in the bottle and go back to the 90's where strong crypto was considered a munition not suitable for export [0] and when they wanted all "secure" telecommunication to include an NSA backdoor [1].
Also use much much much longer keys than even a dedicated ASIC manufactured with a futuristic 3 nm technology could crack. Since these spooks are storing the data forever (e.g. at the Stellar Wind facility in Utah), then in a scary future where the USA no longer represents freedom but is instead arresting citizens for political reasons, they could use faster future hardware (even quantum if that's possible) to crack your current data and get you for 30-year-past misdemeanors. I wish the founding fathers were still around to talk some sense into the current "big surveillance" faux-patriots.
Protecting symmetric crypto against quantum computers in the future requires doubling the key length. AFAIK that's the main reason for 256 bit symmetric crypto today.
Protecting commonly deployed asymmetric crypto against quantum computers [1] in the future is AFAIK impossible. Shor's algorithm and the ecc/dlp variants turn factoring, dlp, and ecc dlp, into BQP problems. Key lengths to protect against quantum attacks would render rsa, ecdsa, dh, and ecdh much too computationally expensive.
There are some alternatives like NTRU (lattice-based crypto) but none are in wide use, and patents don't help that situation.
That is the last thing the FBI would let you see. It would be so damning that immediate removal will be the only perceived option and the solution would unequivocally to re-double security efforts while maintaining security holes as much as possible.
It's not clear from the article what the FBI wants.
But it's important to note that most services will cooperate fully with law enforcement when provided with valid legal documentation. (Probably a warrant or other court order.)
I guess it's better that they're asking for transparently weakened services, and access with warrants, rather than just hiring grey-hats to hack the systems.
Interesting point. It could actually hurt american companies. With privacy becoming a more mainstream concern people might well steer clear of companies that have to give access to the FBI and go for european alternatives. Not that the EU doesn't screw up but at least they seem to hold privacy in higher regard.
Is it so unreasonable for the FBI to want to be able to 'wiretap' a facebook conversation, with a warrant, as easily as they can do so to a traditional phone line?
This is not to say I approve of the idea of an insecure back door into my online behaviours, more that I wonder whether there is not at least some validity in their desire to replicate land line style monitoring for currently untraceable online communications.
They can desire it all they want, but is it worth the costs? Keep in mind that it's a radically different environment. Phone lines are easily tappable because the phone system is fundamentally insecure. The police generally obtained cooperation from phone companies for taps simply because it's easier. Phones that could do secure end-to-end communication basically didn't exist.
Compare with the modern internet, where secure end-to-end communication is easy to accomplish and requires no cooperation from the parties involved in transmitting the message. This is totally different from before, when the police could just go have a friendly chat with the phone company. Now they need to get access to at least one end of the communication in order to eavesdrop reliably. This is vastly more onerous than the previous regime, even if their ultimate goal is the same.
Yes, it's unreasonable. Asking to make a TCP/IP/SMTP communication traceable in the same sense as a land-line is traceable ignores the underlying technology. It's like trying to schedule automobile rides the same way that steam-engine trains got scheduled in 1905. I suppose that a very powerful, very organized agency could accomplish such scheduling, but at a very large cost, and by making automobile rides far less convenient and efficient.
Agreed. I got thrown by the use of "traceable" in the parent to my comment. But I think the point still stands. Asking to monitor cross-country TCP/IP connections (multiple routes, relaying, etc etc) is still ignoring the underlying technology. Not to mention ignoring the market. Where "The Bell System" used to be a nearly monolithic phone company (with pockets of GTE), anyone can make an app. And you really can't tell well-compressed data from encrypted data without a lot of effort.
That's possible today, and even easier than tapping a phone conversation since Facebook stores the content of the communication essentially forever and is more than happy to turn over their data pursuant to a warrant.
Part of this push by law enforcement is likely due to the increasing recognition of courts regarding the privacy expectations of email. Until recently, for example, U.S. courts have considered a service provider a "third-party", thus certain privacy protections were not available. However, the increasing ubiquity of electronic messaging has caused courts to rethink their position. It is natural law enforcement agencies would want to "push back" to effectively maintain the level of access they've enjoyed previously.
I won't echo everyone else's privacy concerns, though I agree wholeheartedly. But does anyone else think it's ironic that the FBI's internal policy is named the "National Electronic Surveillance Strategy"? That's abbreviated NESS and has to be an homage to one of the FBI's more controversial lawmen.
Ness started his career trying to enforce prohibition ... 80 years later our privacy is being prohibited.
The shortsighted aspect of this is that our government wants to order businesses to become spy-friendly to foreign governments that have a track record of stealing economic, industrial, and scientific data. Foreign governments will model their laws after ours, and specify the same interfaces.
Of course, the same worry exists for the data at each individual company, but at least those breaches are limited to a single company's data. And, from what we've seen, externally, it seems like at least some companies are more interested in protecting privacy than covering things up. When Google found that an engineer was using his access to stalk someone, he was fired, and the indecent wasn't covered up. It's not uncommon for companies to tell users about security breaches in their own product that would otherwise have gone completely unnoticed (e.g., Pinterest announced a security flaw they had rather than just silently fixing it).
Conversely, in most cases of police and government corruption I hear about, the news breaks after a failed cover-up. No doubt I don't even hear about most cases, because they're swept under the rug. I don't have a particular fondness for Google's employees or process, but, given their track record, I trust them with my data a lot more than I trust some random government employee.
Moreover, if this law gets passed, why would serious criminals continue to use any of these services? This strikes me as having the same impact as most anti-piracy measures: highly inconvenient to non-criminals (in this case, when data gets leaked to actual criminals), but completely ineffective against real criminals. Not to mention the effect on the companies themselves -- I'm certainly not going to use a Chinese email service, because I don't want the Chinese government reading my email. What's an EU citizen going to do if this law is passed?