Law enforcement, intelligence agencies want to 'like' you on social media
WASHINGTON — Law enforcement and intelligence agencies want to be able to wiretap social media, instant message and chat services. But building in ways to wiretap these kinds of communication can lead to less secure systems, say technical experts, including former National Security Agency officials.
Some security experts suggest hacking as an alternative, but other experts, including FBI officials, say that method poses serious risks.
Right now only phone companies, broadband providers and some Internet phone services are required by law to build in intercept capabilities, but the government wants to extend that requirement to online communication providers.
“From a purely technical perspective, when you add this sort of law enforcement access feature to a system, you weaken it,” said Steven Bellovin, a computer science professor at Columbia University. “First, it creates an access point that previously didn't exist. Second, you've added complexity to the system ... and most security problems are due to buggy code.”
In 1994, the government passed the Communications Assistance for Law Enforcement Act, which mandated that phone companies make their systems wiretap-ready.
Richard “Dickie” George, a former NSA technical director until he retired in September 2011, recalled how in the mid-1990s, “in the early days of CALEA,” the NSA tested several commercial phone systems with intercept capabilities, and “we found problems in every one.” Making the systems hack-proof, he said, “is really, really hard.”
He said, however, that over the years, “we've come a long way.”
Susan Landau, a faculty member in the Worcester Polytechnic Institute Department of Social Science and Policy Studies in Massachusetts, said phone services are more complicated now — and so the switches are, too.
“It's highly doubtful,” she said, “that the new switches are secure.”
The United States, she said, “has a lot more to lose by building ways into communications networks than it has to gain, because those ways last for a very long time, and we enable others who couldn't afford to build ⅛back doors⅜ in themselves with ways to get into our communications systems.”
One alternative to wiretaps is to hack the target's phone or computer, Bellovin and Landau said. In so doing, the FBI would be exploiting software flaws that exist instead of making new ones, Landau said. And the FBI would be getting communications before they are encrypted or after they are decrypted, Bellovin said.
“They have to be very careful that they don't create a risk that the exploit will proliferate elsewhere,” Landau said. “That's why we argue for increasing the funding for research.”
Marcus Thomas, a former FBI official, said hacking is “unreliable and dangerous because hacks can propagate.”
Show commenting policy
TribLive commenting policy
You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.
We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.
While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.
We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers.
We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.
We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.
We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.
We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.
- Experts: Convictions against police officers will be tough to win in Baltimore case
- White House mum on hack of computer system by Russia last fall
- Researchers find new, elusive bird species
- New York City officer critically shot; hunt under way for suspects
- Rift invites talk of Florida split
- Shellfish farmers’ planned use of pesticide under fire
- Severe storm with tornado roars into north Texas
- Storm knocks out power to New Orleans airport for hours
- Utah outpost stands in for Mars
- Federal judge who blocked Obama immigration order painted as unbiased
- Lessons sought from 2001 Cincinnati riots over 15 slayings