According to reports, the FBI is asking for the authority to require all Internet communications platforms build in a “backdoor” allowing law enforcement easy wiretapping access
[From Should Government Mandate “Backdoors” for Snooping on the Internet? | Center for Democracy & Technology]
In parallel, the FBI is talking to technology companies about how they could be making it easier for criminals to see your credit card details and for the government to read to your e-mail.
Robert S. Mueller III, the director of the Federal Bureau of Investigation, traveled to Silicon Valley on Tuesday to meet with top executives of several technology firms [including Google and Facebook] about a proposal to make it easier to wiretap Internet users.
[From F.B.I. Seeks Wider Wiretap Law for Web – NYTimes.com]
This, superficially, sounds likes a good idea. Who could object? We don’t want the aforementioned Nazi drug-dealing child pornographers plotting terrorist acts using the interweb tubes with impunity. No right-thinking citizen could hold another view. But hold on…
In order to comply with government search warrants on user data, Google created a backdoor access system into Gmail accounts. This feature is what the Chinese hackers exploited to gain access.
[From U.S. enables Chinese hacking of Google – CNN.com]
It’s not that simple, is it? If you create a stable door, then sooner or later you will find yourself bolting it long after the horse has had it’s identity stolen. What I can’t help but wonder about in this context is whether the content actually matters: suppose you can’t read my e-mail, but you can see that a lot of mail addressed to Osama bin Laden is coming from my house? Surely that would be enough to put me under suspicion and trigger some other law enforcement and intelligence activity?
If we rely on mass surveillance via keyword searches, reading a billion e-mails hoping to find the one that tells where the suicide bomber is going to strike next may not be the most efficient (or practical) way forward – apart from anything else there are too many false positive – but it is plausible that the technology might improve enough in the future to make it worthwhile. Unfortunately, there’s no way of keeping that technology to the good guys.
Another concern is that wiretapping requirements in software have a tendency to be used not just by governments bound to the rule of law. For instance, TKTK was lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the US government’s CALEA rules that require all phone systems, and now broadband systems, to include these capabilities.
[From FBI drive for encryption backdoors is déjà vu for security experts]
I suppose that one way forward might be to focus on symmetry. If society is to be more transparent, then the only way forward is to make that transparency omnidirectional, if you see what I mean. Let the government read my e-mail if they let me read theirs. Unfortunately…
Federal investigators have identified several dozen Pentagon officials and contractors with high-level security clearances who allegedly purchased and downloaded child pornography, including an undisclosed number who used their government computers to obtain the illegal material
[From Pentagon workers tied to child porn – The Boston Globe]
It looks as if there is a paradox here. There is just no way forward. We want to peek, but we don’t want them to peek We want privacy, but we don’t want them to have privacy.When it comes to identity, politicians suffer from the China syndrome: that is, they want anonymity for Chinese human rights campaigners and Iranian dissidents but not for kids downloading MP3s or Islamic terrorists plotting to blow up Paris. As a consequence, they have no actual strategy. As I mentioned
In fact, US (and other governments’) policy in this isn’t just confused and pointless, it’s actually dangerous. If you create a mechanism to spy on people, you cannot assume that it will only be the good guys who use it
[From Digital Identity: Joe Bloggs]
You have some people from the government talking about transparency and freedom and others talking about censorship and spying: so what is the policy? In the UK, there is no vision for digital identity infrastructure, but there are some tactics. A few months ago, for example, we were all going to get a government web page.
He is now set to use a speech on Monday to unveil plans to give every voter a unique identifier allowing them to apply for school places, book GP appointments, claim benefits, get a new passport, pay council tax or register a car.
[From Every citizen to have personal webpage – Telegraph]
I have no idea whether this is still true or not – it’s not in the new government’s Manifesto for a Networked Nation – but it is clear to me that we need a national strategy and perhaps even a European strategy, and we need to start with a digital identity infrastructure at the base. But to get to this, we need an education campaign to try to explain the core identity engineering principles to the arts graduates who are in charge of policy, and I have no idea how to do that. Suggestions gratefully received.
These opinions are my own (I think) and presented solely in my capacity as an interested member of the general public [posted with ecto]