How the FBI uses hackers and malware

The FBI has some new crime-fighting technology in its collective utility belt.  FBI-employed hackers can now infect suspects’ computers with malware that will allow investigators to download whatever they might find.

This process, which still requires a court order, takes wiretapping to a new level. [Read more…]

Wiretapping the internet

The Obama administration is seeking the authority to wiretap the internet–including Facebook, Skype, smart phone e-mails, and every other kind of online communication–and to force sites to provide unencrypted access to law enforcement agencies. From the New York Times:

Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.

“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”

But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.

Webmonk, who alerted me to the issue, has some special expertise on the subject and offers some useful explanation:

I developed software for police departments to do (almost) exactly this – wiretap an Internet signal. That is perfectly legal (in most jurisdictions) as long as one has a warrant – the police take their software/hardware to the Internet Service Provider, and hook it up to whichever of their routers happens to funnel the subject’s Internet traffic. My software made a copy of every bit that the subject passed in or out and stored it. Then, the police could go look at that stored information.

The problem we ran into was encryption: encryption encodes the information being passed back and forth so that even if someone is listening in the middle (hackers, police, stalker) and can see what is going back and forth, they can’t decode the message to understand the contents. . . .

The same sort of thing that helps keep my banking information from being stolen can also keep illegal activity safe. Most of the websites that we were interested in knowing the subject’s activity, used encryption, so the police weren’t able to see the details of what the person was saying or doing on that site.

The difference in what I developed and what is being proposed here is that this would require all “communications” websites to install software that would allow the government (with a warrant, presumably) to access everything that someone was doing in an UNENCRYPTED form.

For example: Facebook uses encryption. If the police get a warrant to tap your Internet signal, they can see that you are going to Facebook, but they can’t see what you are doing on there. The proposed law would require Facebook to install software that somehow provides a completely UNENCRYPTED copy of what you are doing on their site to the lawman with a warrant because Facebook could be used by (rather dumb) terrorists to communicate with each other. This would apply to all websites that provide “communications” of some sort.

So what do you think about this? Is it a legitimate update of law enforcement needs in light of new technology or a dangerous assault on civil liberties? Do you see anything wrong with this statement?: I don’t do anything wrong, so I don’t have anything to hide. Might there be a time when a law aimed at terrorists could be used against other “subversive” groups, such as Tea Partiers? Or Christians?

HT: Webmonk