Wiretapping the Cloud

The way we communicate has been steadily shifting away from telephone calls to e-mail, instant messaging, Skype, BlackBerry Messenger, Facebook, and other Internet-based communication methods. This shift has been bad news for more than just telcos; the difficulty of wiretapping the myriad of cloud-based communication methods has become an increasing cause of frustration for law enforcement agencies around the world.

That may be about to change. The New York Times reports that the FBI, NSA, US Justice Department and other agencies are seeking extensive new regulations that will significantly bolster law enforcement’s ability to wiretap Internet-based communications. Internet-based services such as Skype and Facebook would be required to provide plain-text versions of communications to law enforcement. Companies that facilitate encrypted peer-to-peer communications, such as Research in Motion, would be required to retain a copy of decryption keys so that plain-text versions of encrypted communications could be provided to law enforcement officials.

The proposed changes have far-reaching implications both for individuals’ privacy and for software companies providing any level of cloud-based peer-to-peer communication capabilities. The Obama administration plans to table the bill with the proposed changes to lawmakers next year.

Retweet information »

Comments

  1. Law enforcement hates encryption. Business and privacy advocates love encryption. Apparently the folks who tried to get the Clipper Chip and other backdoors and trap doors built into Internet protocols in the mid-1990s are back in the saddle in the US government, after several years in which the private interest in secure communications was allowed to predominate over the interests of the state – or at least some of the interests of the state. One can argue that the state has a long-term interest in the freedom of expression.

    I have seen suggestions from knowledgeable techies that what is mentioned in the NYT article is simply not possible with today’s technology. However, that is not to say that it will not become possible with tomorrow’s.

    This US policy would put the country on a par with Saudi Arabia, the United Arab Emirates, India, China, and other great lovers of freedom. Of course our ‘lawful access’ bill would be a step in the same direction for us, though I don’t think the most recent version is quite so intrusive as this. Maybe Mr Nicholson and Mr Harper didn’t dare go that far – and maybe now they will…

  2. John,

    My feeling is that what the government is looking to do here is technically viable, but it would require that “back doors” in virtually every type of cloud-based communication be created. All existing software versions of a given cloud-based communication method would have to be upgraded. In the case of hardware – like the BlackBerry – upgrading the software may be difficult or even impossible.

    And while this will create newfound privacy concerns and, potentially, new security holes in software, I have no doubt the bad guys will find ways of working around whatever new technical obstacles are put in their way.

  3. and the bad guys will also find their way to the trap doors, so previously secure communications will be insecure not only with respect to government (which not everybody trusts to stick to limited legitimate uses of the information) but also with respect to high-tech criminals.

    That’s a bit why the Clipper Chip and its ilk failed in the 90s – the downsides were more likely and more scary than the upsides in better law enforcement.