We live in an age of surveillance. Right now, more information about us is available to more entities faster and easier than ever before.
By KELLY LUCK
Special to The Star
The FBI has been floating a plan to require all client-side communications software be it voice, video, or text to include mandatory backdoors that can be activated by law enforcement bodies to silently eavesdrop on any traffic coming in or out of that program.
This will allow authorities to circumvent message-level encryption, which has stymied their current efforts. Unfortunately, such a move from a security standpoint would be a disaster.
In 1994, the Communications Assistance For Law Enforcement Act was passed, mandating that all communications equipment used by phone companies and ISPs have a built-in interception interface that could be used to tap in to the new electronic switching systems and pull targeted message traffic as it traveled through the providers network. Since that time, the interface has been used extensively on all sorts of targets, criminal and otherwise.
Lately, however, encryption has become increasingly popular. More and more message traffic is encrypted before being sent through the net to its destination. Not just text traffic, either: Voice Over IP (VOIP) telephone systems routinely employ encryption as a safeguard against eavesdropping.
This makes interception at the network level useless because generally there is no way to get the key or otherwise decrypt the message in a timely manner. Hence the new proposal: intercept from your machine, via the programs you use every day.
This idea is a bad one for several reasons. First, of course, is the privacy concern and the chilling effect it would have on communication.
One of the most profound effects the Internet has had is the ability to allow anyone to speak freely. An Internet where all communication can be monitored at any time is one that suddenly becomes a lot less useful, particularly (for example) for people under totalitarian regimes, where dissent is closely monitored and communication regulated.
Secondly, there is the security issue. It is an open secret that several of the original servers have been compromised, sometimes for years, allowing hackers to intercept communications for their own ends or for their employers, be they criminal organizations or worse.
As a young computer systems administrator in the Air Force, I was taught that if a resource could be accessed legitimately, it could also be accessed illegitimately. A key doesnt care who uses it.
And the criminals targeted by the FBIs plan? Most likely they will simply switch to underground software without the backdoors, thus rendering them more secure than everyone else.
Encryption is a tool; it is only as good or bad as the hand that wields it.
Technology is moving faster than before, and laws must move equally fast if they are to keep up with ever-changing reality. But this is not the way to do it. Leaving your emails, IMs, etc. deliberately available at all times for law enforcement (or others) is an overreaction, a move of desperation.
And a system with a backdoor in it, regardless of who put it there or why, is a compromised system, period.
Kelly Luck works in information technology. She lives in Kansas City. To reach her, send email to email@example.com or write to Midwest Voices, c/o Editorial Page, The Kansas City Star, 1729 Grand Blvd., Kansas City, MO 64108.