The New York Times reported today that the Obama administration plans to submit a bill next year that would require all online communication services to be “technically capable of complying” if served with a wiretap order. According to the Times, this includes “encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct ‘peer to peer’ messaging like Skype.” The mandate “would include being able to intercept and unscramble encrypted messages.”
Photo by jeffschuler.
The Times highlighted three requirements:
- Communication services that encrypt messages must have a way to unscramble them.
- Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
- Developers of software that enables peer-to-peer communication must redesign their service to allow interception.
Putting aside the political issues involved with such legislation, I see two big issues on the technology side of things:
- This could be really onerous for tech startups, who will have one more concern to worry about when creating software;
- This is only going to help the government catch stupid criminals. Tech savvy criminals will turn to other services that aren’t monitored. Couldn’t the bad guys just drop encrypted text files into a service like DropBox?
What do you think? Is the U.S. government going too far? Is all of this just wasted effort?
U.S. Tries to Make It Easier to Wiretap the Internet [New York Times]
Kosmo @ The Soap Boxers says:
I don’t have a huge problem with this. Why make it easier from the criminals to share information. (Note: I’m not in favor of being able to wiretap without cause, but if there is a court order, I’m OK with it).
You say it will only catch the stupid criminals … but there are a lot of stupid criminals out there. The Blago tapes, for example (if I’m not mistaken, he actually commented about the likelihood of lines being tapped and still said stupid stuff).
Tough on startups? Perhaps. And maybe there should be exemptions until something is X years old or has Y number of users. Or maybe the companies could figure out what the hackers are using to spy on their users :)
September 28, 2010 — 10:33 am
Evan Kline says:
My problem with this isn’t that they would wiretap with a court order. My beef is that they’re going to require companies to spend money to make their (the government’s) job easier. If I were a developer, I’d be saying, “wait a second, so now I’ve got to build in functionality YOU want, on my own dime, instead of spending time developing feature X?”
The other concern is how backdoors like this have been used by hackers in the past to compromise security. If I’m a developer, I don’t want to say “we have an absolutely secure platform that nobody can get into . . . except for this backdoor that the government made us build into the platform.”
September 28, 2010 — 10:52 am