The FBI Wiretap Plan: Upsetting the Security Equation

10/25/2010 03:17 pm ET | Updated May 25, 2011
  • Susan Landau Author, "Surveillance or Security? The Risks Posed by New Wiretapping Technologies"

Some time ago I was on an American Bar Association panel with an FBI Associate Deputy Director when he asked the audience if they knew that Skype puts "other people's data on your machine." He looked appalled. I responded, "Yes, that's what peer-to-peer applications do." Skype encrypts conversations from the moment they leave the sender's machine til they arrive at the recipients, which means that no information about these conversations is revealed. Nor do they impact any of the machines they travel through. The FBI didn't seem to understand that.

This is not the only thing that the FBI doesn't understand. The bureau fought a battle against cryptography in the 1990s, arguing that the use of encryption would impede its ability to wiretap. It lost that fight in 2000 when the NSA -- the nation's premier communications surveillance agency -- and the US government decided that the nation was better off with encrypting private communications even if that would make law enforcement's job harder.

The decade-long fight on encryption delayed securing communications, and we're only routinely beginning to do so now. The result of the delay: easier ways for the bad guys to break into U.S. computers.

Now the FBI has a new plan: the bureau wants to pre-approve new communications technologies before they can be deployed. Think of it -- before instant messaging or Facebook goes public, the engineers must work with the FBI and architect their systems according to law-enforcement specifications.

If granted, the FBI's efforts will push innovation overseas. That's bad for the US economy -- and for US national security. Right now the NSA often gets an early view into new communications technologies -- but only if they are developed here. The agency won't have the same privileges if the technologies are designed in Estonia or India.

Allowing encryption into US products means that US private communications are better protected. Spam, viruses, denial-of-service attacks get the newspaper headlines, but the real threats to national security comes from the cyberthefts from US corporations and military sites. Whether Google search algorithms or flight-planning software used by the Army and Air Force -- those are the items we need to secure. And building back doors into communications for the FBI is the worst thing we can do. It's the fastest way to ensure that we're building in back doors for the Chinese, the Russians, the French (who openly admit to government spying on US industry) -- and anyone else. It is a really dumb idea.

Because the FBI has been finding it difficult to wiretap in some cases, the bureau is also considering making the carriers pay for eavesdropping when the tapping gets complicated. And this is really the issue. The FBI desire to rewrite wiretapping law isn't about wiretapping being too hard for its agents. It's about who foots the bill. With more advanced communications technologies making wiretapping more complicated, the FBI doesn't want pay for doing so; it wants the communications companies to instead. In other words, if companies develop innovative communications technologies that complicate law-enforcement wiretapping, they should pay for the increased costs for wiretapping communications using these technologies. The dangers in the FBI proposal are thus three-fold: higher costs for communications, a decrease in US innovation (and loss of innovation to overseas), and a likely massive increase in wiretapping -- because cost would no longer be an issue for law enforcement.

Some new forms of communications are harder to wiretap than the old Public Switched Telephone Network. At the same time new communications technologies have made so much data readily available that law enforcement's job has simplified in a large number of ways. The Department of Homeland Security has instructions on how to use social-networking sites (MySpace, Facebook) to conduct investigations, while cell phone location tracking has cut investigation time in many cases. This is data undreamed of even a decade ago, and the FBI is awash in it. One hand takes away, but the other hand gives.

The FBI is trying to makes its job easier and cheaper. But its current proposed rewrite of wiretap law creates serious security risks. Though on its surface the bureau's wiretapping proposals may seem reasonable, in fact, the dangers they create mean they should not be implemented.