The Washington PostDemocracy Dies in Darkness

How the FBI’s online wiretapping plan could get your computer hacked

The FBI is pushing for expanded power to eavesdrop on private Internet communications. The law enforcement agency wants to force online service providers to build wiretapping capabilities into their products. But a group of prominent computer security experts argues that mandating "back doors" in online communications products is likely to compromise the security of Americans' computers and could even pose a threat to national security.

The fundamental problem is that eavesdropping facilities are a double-edged sword. They make it easier for the U.S. government to spy on the bad guys. But they also make it easier for the bad guys to hack our computers and spy on us. And, the researchers say, the Internet's decentralized architecture makes it particularly hard to build effective and secure wiretapping capabilities online.

Since the 1994 Communications Assistance for Law Enforcement Act (CALEA), telephone companies have been legally obligated to build wiretapping capabilities into their telecommunications equipment. But CALEA didn't apply to Internet-based communications technologies. The result, the FBI says, is that its surveillance capabilities are "going dark," as criminal suspects increasingly shift to digital communications platforms that don't offer real-time interception capabilities.

In response, the government is reportedly seeking to impose CALEA-type requirements on Internet services. But rather than mandating the implementation of specific surveillance standards, as the original CALEA did, the government's proposal would fine online service providers who failed to comply with a wiretapping request from the government — leaving it to each individual firm to decide the best way to comply.

Crucially, according to reporting by The Washington Post, the FBI proposal would apply even to "Internet phone calls conducted between two computer users without going through a central company server." In a paper published Friday by the Center for Democracy and Technology, more than a dozen prominent computer security experts warn that such a requirement would be a disaster for the security of online communications.

If information isn't flowing through a central server, then the only way to intercept it is to add surveillance software to the user's PC. But popular software is constantly being probed by hackers seeking vulnerabilities they can exploit. The more complex a system, the more likely programmers are to make mistakes that could provide hackers with an opening. And surveillance features are particularly dangerous, the researchers argue.

"The cleverest and most dangerous cyber-attackers are those who are able to not only compromise a system but also to evade detection," they write. "That is also precisely the objective of a government surveillance solution."

Even worse, a huge number of companies could be forced to comply with the government's proposed regulations. Ed Felten, a computer scientist at Princeton and one of the paper's authors (and, full disclosure, my graduate adviser) points out that a growing number of companies are adding peer-to-peer communications capabilities to their products. For example, many multi-player video games include built-in facilities for players to communicate with each other in real time.

A wiretapping mandate could greatly increase the complexity of these products, raising development costs and increasing the likelihood of security vulnerabilities. Chris Soghoian, a computer security researcher and the principal technologist at the American Civil Liberties Union, notes that even the largest technology companies struggle to keep their products secure. "Google has hundreds of engineers doing nothing but security," he says. Yet Google is still routinely discovering new security problems in its most popular products.

Perhaps the most serious concern the researchers point to is the danger a wiretapping mandate could pose to national security. Many government agencies use the same communications software as do private firms. Which means that wiretapping mandates could make the software the government itself uses less secure.

"When vulnerabilities in the equipment such as back doors and malicious code can be exploited by another country it becomes a priority and a national security concern," said Rep. Mike Rogers (R-Mich.) at an October hearing. Rogers was referring to Huawei and ZTE, two Chinese telecommunications companies Rogers suspected of helping the Chinese government to spy on Americans. But Soghoian argues the same point applies to backdoors mandated by the U.S. government. They will make American communications technologies more vulnerable to online attacks. And no one has more resources to devote to looking for security vulnerabilities than foreign governments.

This is more than a hypothetical concern. In 2005, the Greek government discovered that an unknown party was intercepting the phone conversations of Prime Minister Kostas Karamanlis and dozens of other senior officials in the Greek government. They had been under surveillance for almost a year.

The attack was made possible because the Greeks were using off-the-shelf telecommunications equipment. Thanks to CALEA and similar laws in other countries, the gear came with built-in wiretapping capabilities. The wiretapping feature was only supposed to be activated with the approval of Greek authorities. But someone, likely a foreign government, figured out how to activate the wiretapping feature without the Greeks noticing.

According to the authors of the CDT paper, an Internet version of CALEA would be much worse. Right now, only large, sophisticated telecommunications firms are subject to CALEA requirements, and they have carefully-designed procedures to ensure that wiretapping capabilities are not abused. An Internet version of CALEA could apply to many more firms, including many small software firms that can't afford to hire dedicated personnel to design, administer, and audit their surveillance capabilities. So it's likely that some of those firms will make mistakes that will leave many users' computers vulnerable to attack.

Worst of all, the researchers say, the proposed mandate is unlikely to even be effective. People who want to evade surveillance will inevitably find ways to modify the software on their computers to deactivate the eavesdropping feature, just as many people today "jailbreak" their smartphones to activate forbidden features. Indeed, some popular communications software is open source, making it trivial to build a version of the software with the wiretapping feature removed. So an Internet wiretapping mandate will do little to help the government spy on the bad guys, while reducing security for everyone else.

According to Matt Blaze, a computer science professor at the University of Pennsylvania and another paper co-author, the current debate over online wiretapping echos the debate over cryptography in the 1990s. During the Clinton administration, the federal government sought to limit the use of cryptography out of fear that it would undermine the government's surveillance capabilities. They promoted a "key escrow" regime in which Americans who used encryption would be required to provide the encryption keys to the government for use in subsequent investigations.

By the mid-1990s, research by Blaze and others had demonstrated that the government's key escrow scheme was impractical. Meanwhile, the spread of full-strength cryptographic software proved unstoppable. So by the end of the decade, the Clinton administration — wisely, in Blaze's view — gave up and stopped trying to limit the use of cryptography. They concluded that it was more important for law-abiding Americans to have secure communications capabilities than to continue to wage a hopeless war against cryptography.

Blaze believes that policymakers today should draw the same lesson. "It's hard enough to build a system that tries to solve the relatively simple problem of people who want to communicate securely," he says. Adding a requirement that the government be able to intercept the communication makes the process "much more complex and therefore much harder to do securely."