Law enforcement, intelligence agencies want to 'like' you on social media
WASHINGTON — Law enforcement and intelligence agencies want to be able to wiretap social media, instant message and chat services. But building in ways to wiretap these kinds of communication can lead to less secure systems, say technical experts, including former National Security Agency officials.
Some security experts suggest hacking as an alternative, but other experts, including FBI officials, say that method poses serious risks.
Right now only phone companies, broadband providers and some Internet phone services are required by law to build in intercept capabilities, but the government wants to extend that requirement to online communication providers.
“From a purely technical perspective, when you add this sort of law enforcement access feature to a system, you weaken it,” said Steven Bellovin, a computer science professor at Columbia University. “First, it creates an access point that previously didn't exist. Second, you've added complexity to the system ... and most security problems are due to buggy code.”
In 1994, the government passed the Communications Assistance for Law Enforcement Act, which mandated that phone companies make their systems wiretap-ready.
Richard “Dickie” George, a former NSA technical director until he retired in September 2011, recalled how in the mid-1990s, “in the early days of CALEA,” the NSA tested several commercial phone systems with intercept capabilities, and “we found problems in every one.” Making the systems hack-proof, he said, “is really, really hard.”
He said, however, that over the years, “we've come a long way.”
Susan Landau, a faculty member in the Worcester Polytechnic Institute Department of Social Science and Policy Studies in Massachusetts, said phone services are more complicated now — and so the switches are, too.
“It's highly doubtful,” she said, “that the new switches are secure.”
The United States, she said, “has a lot more to lose by building ways into communications networks than it has to gain, because those ways last for a very long time, and we enable others who couldn't afford to build ⅛back doors⅜ in themselves with ways to get into our communications systems.”
One alternative to wiretaps is to hack the target's phone or computer, Bellovin and Landau said. In so doing, the FBI would be exploiting software flaws that exist instead of making new ones, Landau said. And the FBI would be getting communications before they are encrypted or after they are decrypted, Bellovin said.
“They have to be very careful that they don't create a risk that the exploit will proliferate elsewhere,” Landau said. “That's why we argue for increasing the funding for research.”
Marcus Thomas, a former FBI official, said hacking is “unreliable and dangerous because hacks can propagate.”
Show commenting policy
TribLive commenting policy
- Alamo named as World Heritage site by United Nations
- Years will be needed to gauge efforts to cut Lake Erie algae
- Police: Maine man shoots firework from top of his head, dies
- Arizona prison to relocate more than 350 inmates after disturbance
- Deteriorating nails blamed for North Carolina deck collapse
- Republican Christie criticizes high court’s gay marriage ruling
- Woman who tries to sneak on planes arrested twice in 2 days
- Measles carries risk of deadly complication for young
- Notorious New York escapee Sweat returns to prison
- Austin police kill gunman in slaying in hotel lobby
- Risk of government shutdown to worry Congress on return from July Fourth