Search This Blog

Monday, May 20, 2013

A Thought on the Proposed Built-In Wiretap Capability

The paper CALEA II: Risks of Wiretap Modifications to Endpoints raises very good points about the dangers of requiring vendors to build a wiretap capability into communications technology. I wanted to add a thought.

Let’s say that this capability is built in. As the above paper noted, an attacker can exploit the wiretap capability (which is, of course, simply a known, built-in vulnerability) to monitor the conversation. This may, or may not, alarm law enforcement authorities who are pushing for adding this capability. What should alarm them is that their conversations can also be monitored — that is, the attackers can keep tabs on the law enforcement authorities who are trying to catch the attackers! In other words, the tool intended for catching criminals can also be used to monitor the attempts to catch them.

Saying that vendors can build the vulnerability in such a way that only authorized eavesdroppers (read: law enforcement authorities) can use it underestimates the resourcefulness of attackers, and overestimates the capacity of humans both to design procedures that are flawless, and to carry out those procedures. Quoting from another report [1]:

Finally, no security should ever rely solely on secrecy of defensive mechanisms and countermeasures. While not publishing details of security mechanisms is perfectly acceptable as one security mechanism, it is perhaps the one most easily breached, especially in this age of widespread information dissemination. Worse, it provides a false sense of security. Dumpster diving, corporate espionage, outright bribery, and other techniques can discover secrets that companies and organizations wish to keep hidden; indeed, in many cases, organizations are unaware of their own leaking of information. A perhaps classic example occurred when lawyers for the DVD Copyright Control Association sued to prevent the release of code that would decipher any DVD movie file. They filed a declaration containing the source code of the algorithm. One day later, they asked the court to seal the declaration from public view — but the declaration had been posted to several Internet web sites, including one that had over 21,000 downloads of the declaration! [2] More recently, Fox News reported that information posing “a direct threat to U.S. troops … was posted carelessly to file servers by government agencies and contractors, accessible to anyone online” [3], and thefts of credit card numbers and identities are reported weekly and growing in number.

So, the alternative is to give law enforcement communications tools without these eavesdropping capabilities. Now, there are two sets of communications technology out there: those with built-in wiretaps, and those without built-in wiretaps. How long the market for the latter can be restricted to law enforcement is anyone’s guess, but there is no doubt that those wiretap-free tools will become available to people not engaged in active law enforcement. Restrictions on that type of technology fail quickly.

This point, I think, strengthens what the above paper is saying. Not only does it pose “serious consequences for the economic well-being and national security of the United States” as the paper says, it also hampers the effectiveness of law enforcement.

References

  1. M. Bishop, “Overview of Red Team Reports”, Office of the Secretary of State of California, 1500 11th St, Sacramento, CA 95814 (July 2007); available at http://www.sos.ca.gov/voting-systems/oversight/ttbr/red-overview.pdf
  2. Declan McCullagh, “DVD Lawyers Make Secret Public”, Wired News (Jan. 26, 2000); available at http://www.wired.com/politics/law/news/2000/01/33922
  3. Associated Press, “Government Agencies Posting Sensitive ‘Need to Know’ Material Online”, Fox News (July 12, 2007); available at http://www.foxnews.com/story/0,2933,289011,00.html

1 comment: