US Government To Mandate Inbuilt Backdoors in Network Equipment and Internet Services

U

Uiler

Emperor
Joined
Aug 24, 2004
Messages
1,849
On Slashdot today, a new article pointed to a new development.

http://www.eff.org/news/archives/2005_08.php#003876

FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for Internet Services

Tech Mandates Force Companies to Build Backdoors into Broadband, VoIP

Washington, DC - Today the Federal Communications Commission (FCC) issued a release announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). The ruling is a reinterpretation of the scope of CALEA and will force Internet broadband providers and certain voice-over-IP (VoIP) providers to build backdoors into their networks that make it easier for law enforcement to wiretap them. The Electronic Frontier Foundation (EFF) has argued against this expansion of CALEA in several rounds of comments to the FCC on its proposed rule.

CALEA, a law passed in the early 1990s, mandated that all telephone providers build tappability into their networks, but expressly ruled out information services like broadband. Under the new ruling from the FCC, this tappability now extends to Internet broadband providers as well.

Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications – to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements.

"Expanding CALEA to the Internet is contrary to the statute and is a fundamentally flawed public policy," said Kurt Opsahl, EFF staff attorney. "This misguided tech mandate endangers the privacy of innocent people, stifles innovation and risks the functionality of the Internet as a forum for free and open expression."

At the same time, the Department of Justice (DOJ) is asking airlines to build similar backdoors into the phone and data networks on airplanes. EFF and the Center for Democracy and Technology (CDT) submitted joint comments to the FCC arguing against the DOJ's unprecedented and sweeping new technology design mandates and anticipatory wiretapping system.

The FCC's new proposal to expand CALEA to airline broadband illustrates the fallacy of law enforcement's rationale for its CALEA request. The DOJ takes the position that broadband has "substantially replaced" the local telephone exchange, but this claim is reduced to the point of absurdity aboard an airplane and opens the door for CALEA to cover just about anything.
Click to expand...

Basically, all networking equipment and networks in America now must have inbuilt backdoors for the Feds. The first consequence is the obvious decrease in privacy, etc. There are two other major consequences:

1. Say goodbye to the US export industry for networking equipment for sensitive applications overseas. Non-US governments have always been a bit paranoid about the US government putting in backdoors, well, now it's not just paranoia, it's documented US law. US banks and other financial institutions may be forced to use these by law but I think that non-US banks and other sensitive industries would avoid them if they can.
2. I shudder to think what would happen if these backdoors got leaked to hackers who at best would use them for monetary gain to hack into banks etc. At worse would unleash a worm which would be unstoppable. I mean how can you patch a vulnerability which is hardwired into the device and required by Federal Law??? All it would take is one rogue Fed agent or since it would have to be implemented by companies, one rogue company employee to leak the vulnerability and everything goes to hell.

Serious criminals would use encryption and build networks out of machines illegally imported from China which is designed for the non-US market. Actually I see a major black market for privacy freaks for illegally imported network equipment in general. I wonder if eventually it will be illegal to use encryption or if it will be a felony to own network equipment (in your home or business) which does not have this inbuilt vulnerability.
 
Why would a democratic government want to moniter its law-abiding citizens? If they just wanted to moniter specific people, like suspects of crimes, they could easily install spyware onto their computer without doing so to any other American.
 
Who dreams up this crap ?
 
Privacy issues aside, making backdoors is exactly the thing you DON'T want to do. This was done in the 80s (a lot of software had this), and once the Internet came around to everyone, this was a HUGE issue. I remember a "BBS" (T.A.G. BBS), which had a backdoor so that someone could gain access to your DOS system remotely. (a simple DOS system I think -- there were other programs that remote admins could use, too).

:hmm: Just thought of something.... Windows (and others) can easily act as a server without the computer really being a full fledged server. Anyway, you know that's gonna be exploited by very bored teens. ;)

I can see commercial (companies) issues here... Software company A makes an application, and has their Internet powered by Verizon, or Comcast. Verizon/Comcast is forced to have a backdoor. "Hacker A" figures out how to get in, and watches Company A. "Hacker A" finds out the passwords of certain people by using some utilities, and is able to illegally download an application by logging in on a "normal account" (not the back door, since it's likely tracing IPs). I wouldn't be surprised if there's a spike in illegal software...
 
Sims2789 said:
Why would a democratic government want to moniter its law-abiding citizens? If they just wanted to moniter specific people, like suspects of crimes, they could easily install spyware onto their computer without doing so to any other American.
Click to expand...
The issue isn't whether the government should be allowed to wiretap a computer. The law clearly states that the government IS allowed to do so under certain circumstances.

The issue is, once those circumstances are met, the wiretap has to actually be POSSIBLE. Here's a true story to illustrate the problem:

This happened sometime in the 90's. A British company was hit by a series of hacker attacks. The attacker was using a dial-up modem, but it was impossible to trace him--

--because the local phone system was decades-old, and relied entirely on mechanical switches! To perform a trace, somebody actually had to go to the switch room and look at the mechanical relays to see where they were going. It took half an hour to do a trace on this system, and the hacker was never on long enough.

They finally caught him by leaving some made-up "secret" documents on their computers that looked like they had lots of really important information in them. The hacker found them, and he stayed online reading through them--plenty of time to get the trace done and knock on his door. :D
 
They finally caught him by leaving some made-up "secret" documents on their computers that looked like they had lots of really important information in them. The hacker found them, and he stayed online reading through them--plenty of time to get the trace done and knock on his door.
Click to expand...

Guess he wasn't smart enough to download them (or do a quick copy/paste/disconnect). ;)
 
a universal backdoor built into every isps server in the US that sounds like a great idea... to the hackers
 
Shadylookin said:
a universal backdoor built into every isps server in the US that sounds like a great idea... to the hackers
Click to expand...

Ditto. I must say, all of us here at CFC are screwed for identity theft.
 
Maybe some of you are--I'm not. :)

I don't keep any personal info of any kind on my PC, and I shred anything suspicious I see in the mailbox. Including credit card applications of ANY kind, those go in the shredder instantly.

The real privacy threat isn't from the government. I know this, because (I swear I'm not making this up) while I was right here in CFC, CashBackBuddy tried to install itself on my system half an hour ago.
 
It sounds like all they're doing is taking an existing law and applying it to broadband as well as dialup systems. I certainly don't approve, but I'm not alarmed to the point of North King, suggesting that it's time to flee the U.S.

With the FBI's performance at Waco, I'd like to see what they're going to do now. My guess is spend tens of billions of dollars investigating Grandma Betty because she didn't return her library book on time, while letting the young Saudi man without proper immigration papers use his computer to look up nuclear launch codes.
 
rmsharpe said:
It sounds like all they're doing is taking an existing law and applying it to broadband as well as dialup systems. I certainly don't approve, but I'm not alarmed to the point of North King, suggesting that it's time to flee the U.S.
Click to expand...

Sarcasm wasted on you?

:p

I've already decided that if I can manage it without too much hassle I'll leave... This does nothing more than reinforce my decision to that effect.
 
One of the hallmarks of a police state is that it's very difficult to get out.

You will find it very easy to get out of the United States. That alone should be sufficient to prove your worries baseless--although you'll have to be out of the U.S. already for this to be proven for certain. :)
 
Uiler said:
On Slashdot today, a new article pointed to a new development.

http://www.eff.org/news/archives/2005_08.php#003876



Basically, all networking equipment and networks in America now must have inbuilt backdoors for the Feds. The first consequence is the obvious decrease in privacy, etc. There are two other major consequences:

1. Say goodbye to the US export industry for networking equipment for sensitive applications overseas. Non-US governments have always been a bit paranoid about the US government putting in backdoors, well, now it's not just paranoia, it's documented US law. US banks and other financial institutions may be forced to use these by law but I think that non-US banks and other sensitive industries would avoid them if they can.
2. I shudder to think what would happen if these backdoors got leaked to hackers who at best would use them for monetary gain to hack into banks etc. At worse would unleash a worm which would be unstoppable. I mean how can you patch a vulnerability which is hardwired into the device and required by Federal Law??? All it would take is one rogue Fed agent or since it would have to be implemented by companies, one rogue company employee to leak the vulnerability and everything goes to hell.

Serious criminals would use encryption and build networks out of machines illegally imported from China which is designed for the non-US market. Actually I see a major black market for privacy freaks for illegally imported network equipment in general. I wonder if eventually it will be illegal to use encryption or if it will be a felony to own network equipment (in your home or business) which does not have this inbuilt vulnerability.
Click to expand...


I almost garauntee that companies will still be permitted to produce their products without the backdoor for those customers outside of the U.S.
 
John, you just conjured into my mind an image of the security people at LAX searching my bags for wireless routers..... :)

"Excuse me, sir, but this looks like an illegal router."

"Illegal??--"

"Where'd you obtain this equipment?"

"I bought it at a CompUSA outlet in Singapore."

"Does it have the required modifications according to U.S. law?"

"I don't know--"

"ARREST HIM!!"

<WHACK> <SLAP> <POKE> <OOF!!>

"Sarah--you're not allowed to arrest people with headlocks, you should know that--"

"He's cute. Can I search him? He might have his phone number in his wallet...."

:crazyeye:
 
Why don't they just make us download a program that traces where we go on the internet and records what we type?

And also allows hacker easier access to our computer.
 
Am I suppose to be upset that the FBI knows I spent 3 hours downloading Red vs Blue movies?
 
Tank_Guy#3 said:
I suppose this would help stop people stupid enough to put their thoughts and records of their actions on their computers.
Click to expand...

Probably not. People will probably still store their passwords somewhere on their computer, or forget/not know they have a ton of cookies in their temporary internet directory (if it has a password that's "remembered", someone could take it, and have their password). All they need is that cookie and go to whatever site uses it.
 
You must log in or register to reply here.

Similar threads

Dhoomstriker
Congress, Stop Supporting Censorship! KOSA Threatens Free Speech in the US
2
Replies
23
Views
2K
Dhoomstriker
Dhoomstriker
Dhoomstriker
STOP RISAA, the FISA Mass Surveillance Expansion
Replies
11
Views
1K
TheMeInTeam
TheMeInTeam
Klaus Hergersheimer
Drugs and the US market
4 5 6
Replies
112
Views
4K
Hygro
Hygro
M
Switch Upgrade to Founders Edition only available in the US?
Replies
14
Views
884
Ordnael
Ordnael
mycophobia
Changes in Warlords/BTS to building Wealth and their impact on the value of buildings
Replies
2
Views
438
Core Imposter
C
Back
Top Bottom