Groups criticize FBI plan to require Internet backdoors for wiretaps

U.S. task force reportedly working on plan to severely penalize companies that fail to comply quickly with wiretap orders

By , Computerworld |  Security

In the past, the FBI has complained about a growing inability to collect evidence against online criminals, drug traffickers and terrorism suspects that use Internet-based communications services to communicate.

Such concerns are valid said Joshua Hall, senior staff technologist at the Center for Democracy and Technology (CDT). However, threatening Internet companies with financial penalties is wrong, Hall said.

"We're not against wiretaps" where warranted, Hall said. "The shot clock is the problem."

Under the proposed approach, any company that receives a federal wiretap request will have a specific time period in which to comply. If the company already has an intercept mechanism in place, complying with the request should not be a problem.

But smaller companies that don't have such a capability in place will be forced to implement something quickly to avoid huge penalties, he said. "Companies are going to say 'let's do this as cheaply as we can,'" Hall said. Such rush jobs would produce insecure and poorly integrated tools, he added.

Alan Butler appellate advocacy counsel at the Electronic Privacy Information Center (EPIC), said the FBI proposal would force companies to build unsecured backdoors into otherwise secure communications services.

Many communications providers currently use encrypted connections to ensure greater security for their users, a policy that makes "perfect sense at a time when cyberattacks are a persistent threat and both Congress and the Obama Administration have been focusing on implementing a comprehensive cybersecurity program," Butler said.

"Many companies, like Google, already have access to the content of their user's communications, but other newer companies are competing for users based on the security and privacy of their services," he noted. "A truly secure communications connection would not have an access point that could be used by some unknown intermediate party to monitor the conversation."

In addition to encouraging the creation of security vulnerabilities, the proposed system of penalties would also degrade some privacy protections, he said.

"In many cases the service provider is the only party able to advocate on behalf of user privacy in the case of an overbroad or otherwise illegal law enforcement surveillance request," Butler said.

The proposal would punish such companies by threatening fines that could quickly outstrip their entire revenue stream. "This would mean that companies like Twitter can no longer advocate for their user's privacy without risking financial ruin."

Originally published on Computerworld |  Click here to read the original story.
Join us:






SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Ask a Question