Computer scientists to FBI: don't require all our devices to have backdoors for spies

In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.

Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.

Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints


    1. You jest, but I can easily see other countries banning devices manufactured for and in the US as threats to their own national security. Of course the authoritarian fuckers would implement their own, but the end result would still be the balkanization of the technology industry, which will soon encompass all industry. One of the many causes of the USSR’s collapse was its insular trade policies.

      I’m not a rebellious person. I think the vast majority of would-be revolutionaries never seriously think past the defenestration of the existing establishment, and most of the few that do are unrealistic. But there is only so far you can push people before they’ve had enough. I don’t exaggerate when I say that mandating built-in government wiretaps of personal electronics would be a definite step in that direction.

      It’s no secret that the US Congress has little respect for the Constitution of the United States of America from which they derive their authority. But if down the road the People realize that the Bill of Rights has become nothing but a dead piece of parchment, they may well decide that the Union has already been destroyed from the top. The Fourth Amendment is not a suggestion, and I can only hope that the SCOTUS still retains a shred of integrity when the Congress steamrolls it.

  1. Terrorists (I’m assuming that’s who they’re after. At least until the Dominionists take over. They’ll be after everybody.) see wiretapping as damage and route around it. They’ll switch to shortwave.

    This will have no effect on the bad guys, but will compromise everyone’s credit card numbers.

    1. Yeah, someone tell me the last time the FBI listened to people who wanted to limit their powers? This only tells them they’re going in the right direction.

  2. When the British broke the Enigma cypher, they had to avoid acting on the intelligence they gained. If they had just shot down the first ten bombers they would have saved lives; but the Germans would have immediately realized their security was compromised.

    Similarly, if the FBI used their back doors to nail every tax cheat and music downloader, it would take Americans just a few days to realize something most Boingers already do – that nothing is private on the internet, except maybe strong crypto. Even that won’t help if you’ve got a keylogger.

    So that puts LEA in an awkward position. They have to pretend they can’t read your mail, until it’s time to take down a really Big Bad. And even then, different agencies might get to squabbling.

    1.  Correct. LEA are to civillians as Brits are to Germans: enemies. Dagger to throat enemies. Rulers vs subjects.

  3. Vulnerable back doors in telephone switching equipment is an abstract threat for most people.  But back doors built into personal computers – or the cameras in the game consoles in their living rooms – THAT is something that hackers will be able to demonstrate in YouTube videos.
    The resulting uproar would quickly lead to laws being passed in other countries.
    For those outside the US it’s hard not to notice how American news stories express outrage not over the killing of potential terrorists and those around them, but over the idea that those potential terrorists might include Americans.  Or the outrage not over jailing people without trial for a decade, and torturing them, but the thought that it might be done to Americans.  And of course the outrage not over spying on private citizens, but specifically over spying on American citizens.
    The well-earned assumption will be that American agencies will use these back doors against governments, companies and citizens in other countries with no hesitation or legal protections whatsoever.
    There won’t just be bans on American-made equipment.  You’ll probably see legal protections for those who expose, publish and create locks for those back doors.  (Similar to how Canada and other passed legal protections versus America’s Helms-Burton Act which targeted foreign companies and citizens.)
    This might sink some DMCA-like laws against cracking copy protection that the US has been “encouraging” in other countries.

  4. Based upon current form, I would think that legislation would be passed to mandate the backdoors, make their existence a secret and make their avoidance a crime. Then these laws would be used selectively against the population, with the rich and powerful not subject to scrutiny, but others, particularly those who challenge the status quo being the focus of the efforts of law enforcement.

    1.  They rule over us.
      They rule us.
      We are subjects, they are the rulers.
      We do not have freedom and never will.
      We don’t even have revenge.


    We are subjects.

    They register our children.

    Say what we can and cannot own.

    Say what age of girls we can marry.

    Say that we must obey the woman.
    The state and their global religion is our enemy.

    But we can do nothing about it.

  6. We can cry all we want. They will not listen. They RULE us.
    They will put hardware backdoors in we cannot circumvent with software.
    They are our enemies (those of us who are males).
    This is a woman and police’s world.
    Not a males world.
    Only fit for women who are fine with govt rulership, alpha males (the few), and police (the same).

    Free males, this is not our world.
    There is no such thing.

    They proclaim, and it is done.
    I hate them. So should you.
    All the good it will do.

  7. And since they will likely be incompetently designed, these “limited” backdoors will probably turn out to be wildly exploitable by anyone smart enough to download a root kit

    On top of probably being burned into the system in such a way as to preclude changing or eliminating them since someone would have a workaround about a week after introducing.

    And the smart bad guys will just go back to codes:  “John has a long moustache” won’t help anyone, no matter what back doors are installed, to understand that means the attack is on for tomorrow.

Comments are closed.