In an urgent, important blog post, computer scientist and security expert Ed Felten lays out the case against rules requiring manufacturers to put wiretapping backdoors in their communications tools. Since the early 1990s, manufacturers of telephone switching equipment have had to follow a US law called CALEA that says that phone switches have to have a deliberate back-door that cops can use to secretly listen in on phone calls without having to physically attach anything to them. This has already been a huge security problem -- through much of the 1990s, AT&T's CALEA controls went through a Solaris machine that was thoroughly compromised by hackers, meaning that criminals could listen in on any call; during the 2005/6 Olympic bid, spies used the CALEA backdoors on the Greek phone company's switches to listen in on the highest levels of government.

But now, thanks to the widespread adoption of cryptographically secured messaging services, law enforcement is finding that its CALEA backdoors are of declining utility -- it doesn't matter if you can intercept someone else's phone calls or network traffic if the data you're captured is unbreakably scrambled. In response, the FBI has floated the idea of "CALEA II": a mandate to put wiretapping capabilities in computers, phones, and software.

As Felten points out, this is a terrible idea. If your phone is designed to secretly record you or stream video, location data, and messages to an adverse party, and to stop you from discovering that it's doing this, it puts you at huge risk when that facility is hijacked by criminals. It doesn't matter if you trust the government not to abuse this power (though, for the record, I don't -- especially since anything mandated by the US government would also be present in devices used in China, Belarus and Iran) -- deliberately weakening device security makes you vulnerable to everyone, including the worst criminals:

Our report argues that mandating a virtual wiretap port in endpoint systems is harmful. The port makes it easier for attackers to capture the very same data that law enforcement wants. Intruders want to capture everything that happens on a compromised computer. They will be happy to see a built-in tool for capturing and extracting large amounts of audio, video, and text traffic. Better yet (for the intruder), the capability will be stealthy by design, making it difficult for the user to tell that anything is amiss.

Beyond this, the mandate would make it harder for users to understand, monitor, and fix their own systems—which is bad for security. If a system’s design is too simple or its operation too transparent or too easy to monitor, then wiretaps will be evident. So a wiretappability mandate will push providers toward complex, obfuscated designs that are harder to secure and raise the total cost of building and operating the system.

Finally, our report argues that it will not be possible to block non-compliant implementations. Many of today’s communication tools are open source, and there is no way to hide a capability within an open source code base, nor to prevent people from simply removing or disabling an undesired feature. Even closed source systems are routinely modified by users—as with jailbreaking of phones—and users will find ways to disable features they don’t want. Criminals will want to disable these features. Ordinary users will also want to disable them, to mitigate their security risks.

Felten's remarks summarize a report [PDF] signed by 20 distinguished computer scientists criticizing the FBI's proposal. It's an important read -- maybe the most important thing you'll read all month. If you can't trust your devices, you face enormous danger.

CALEA II: Risks of wiretap modifications to endpoints

Wired's Kim Zetter rounds up some of the highlights from Untangling the Web: A Guide to Internet Research [PDF], an NSA guide to finding unintentionally published confidential material on the Web produced by the NSA and released in response to a Muckrock Freedom of Information Act request. As Zetter notes, the tactics discussed as described as legal, but are the kind of thing that weev is doing 3.5 years in a Federal pen for:

Want to find spreadsheets full of passwords in Russia? Type “filetype:xls site:ru login.” Even on websites written in non-English languages the terms “login,” “userid,” and “password” are generally written in English, the authors helpfully point out.

Misconfigured web servers “that list the contents of directories not intended to be on the web often offer a rich load of information to Google hackers,” the authors write, then offer a command to exploit these vulnerabilities — intitle: “index of” site:kr password.

“Nothing I am going to describe to you is illegal, nor does it in any way involve accessing unauthorized data,” the authors assert in their book. Instead it “involves using publicly available search engines to access publicly available information that almost certainly was not intended for public distribution.” You know, sort of like the “hacking” for which Andrew “weev” Aurenheimer was recently sentenced to 3.5 years in prison for obtaining publicly accessible information from AT&T’s website.

Use These Secret NSA Google Search Tips to Become Your Own Spy Agency

Glenn Greenwald notes the alarming revelation from a CNN Out Front interview between host Erin Burnett and Tim Clemente, "a former FBI counterterrorism agent," where Clemente claimed that the FBI had access to recordings of every phone call made in America:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: "So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."

Are all telephone calls recorded and accessible to the US government? (via /.)

DroneShield is an indieGOGO project from a DC aerospace engineer that aims to build a tiny, net-connected drone-detector/identifier. Based on a Raspberry Pi gumstick computer, it uses a mic to detect the audio signature of nearby drones, and then communicates about its findings over the Internet. The project promises free/open hardware and software specs on its main site. Ars Technica's Cyrus Farivar spoke to Chris Kyriakakis, a USC electrical engineering prof, who suggests the project is feasible, but believes it will need an array of mics for accurate identification. But John Franklin, who's running the effort, says the device will produce useful -- if imperfect -- output even with one mic.

The fully assembled drone detector costs at least $69 as a pre-order (as with all crowdfunded project, it's important to remember that you may never get your device). The project goal is to get them down to $20. For my part, I wonder how this would perform against active countermeasures: it's one thing to detect drones that aren't making any effort to remain hidden or fool detectors about which drone they are, but what about a drone that uses some technology (from playing a recording of a different drone to full-on modifications of its engines and blades) to sound different?

In any event, I expect that this is an intermediate step on the way to this thing disappearing into our phones and becoming an app that would make use of its open database of drone acoustic signatures. I can easily imagine a Drone Foursquare made by volunteers who upload drone "sightings" to realtime maps as they move around the world.

Meet Drone Shield, an ambitious idea for a $70 drone detection system (via /.)

I've got a guest column in the new edition of The Bookseller, the trade magazine for the UK publishing industry. It's called "Tangible Assets," and it points out that of all the fights that publishing has had with the ebook sector -- DRM, pricing, promotion -- the one they've missed is access to data. Whatever else is going on with publishers and Amazon, Google, Apple, et al, the fact that publishing knows almost nothing about its ebook customers and has no realtime view into its ebook sales; and that the ebook channel knows almost everything, instantaneously, is untenable and unsustainable.

I just came off a US tour for my YA novel Homeland, which Tor Teen published in the US in February, and which Titan will publish this coming September in the UK. I went to 23 cities in 25 days, a kind of bleary and awesome whirlwind where I got to see friends from across the USA—Internet People to a one—for about 8.5 minutes each, in a caffeinated, exhausted rush.

Inevitably, I had this conversation: "How's the book doing?" and I got to say: "Oh, awesome! It's a New York Times and Indienet bestseller!" (It stayed on the NYT list for four weeks, so I got to say this a lot). And then, always: "So, how many copies does that come out to?" And my answer was always, "No one knows."

This is where the Internet People began to boggle. "No one knows?"

"Oh, there's some Nielsen reporting from the tills of participating booksellers—you can get that if you spend a fortune. But there's no realtime e-book numbers given to the publishers. We'll all find out exactly how the book performed in a couple of months."

And that's where they lost their minds. The irate squawks that emerged from their throats were audible for miles. "You mean Amazon, Apple and Google knows exactly who comes to their stores, how they find their way to your books, where they're coming in from, how many devices they use and when, and they don't tell the publishers?"

Tangible assets

After months of activist agitation and a crushing disappointment from the cowards in the House of Representatives, the US senate has effectively killed CISPA, a sweeping Internet surveillance proposal. This is astoundingly great news! But CISPA died once before, and came back from the dead, and it will not likely stay dead this time around either. The price of liberty is eternal vigilance, etc etc etc:

Sen. Jay Rockefeller (D-WV), the chairman of the U.S. Senate Committee on Commerce, Science and Transportation, said in a statement on April 18 that CISPA's privacy protections are "insufficient."

A committee aide told ZDNet on Thursday that Rockefeller believes the Senate will not take up CISPA. The White House has also said the President won't sign the House bill.

Staff and senators are understood to be "drafting separate bills" that will maintain the cybersecurity information sharing while preserving civil liberties and privacy rights.

Rockefeller's comments are significant as he takes up the lead on the Commerce Committee, which will be the first branch of the Senate that will debate its own cybersecurity legislation.

Michelle Richardson, legislative council with the American Civil Liberties Union, told the publication she thinks CISPA is "dead for now," and said the Senate will "probably pick up where it left off last year."

CISPA 'dead' in Senate, privacy concerns cited [Zack Whittaker/ZDNet]