“Be careful what you wish for, for you may get it,” cautions an old proverb that may apply to the FBI's desire to snoop on virtually all communications on the Internet, according to a report released May 17 by security experts at the Center for Democracy & Technology, a non-profit group that advocates freedom on the world wide web.

Taking note of the government's recent statements that law enforcers want to be able to monitor Internet communications in real-time or near-real-time, the study authors emphasize that the vagueness of these assertions and the absence of any publicly available proposal makes evaluation difficult.  Nonetheless, the authors believe the FBI at least wants “mandated wiretap modifications to endpoint software and services that allow direct, peer-to-peer communication,” i.e., a federal law forcing makers of software, and web services using such software, to modify their systems so the government can quickly and easily listen in on real-time communications, as it is already able to do with telephones, for example.

Although that might sound great to those who think solely in terms of enforcing whatever criminal laws happen to be on the books, the study argues that such a law would cause more problems than it solves:

“This report explains how mandating wiretap capabilities in endpoints poses serious security risks. Requiring software vendors to build intercept functionality into their products is unwise and will be ineffective, with the result being serious consequences for the economic well-being and national security of the United States.”

Unlike traditional analog and modern digital telephone systems, much Internet peer-to-peer communication does not go through a central switchboard, making it much harder for the government to snoop as it has in the past by tapping the central switch. Tapping “endpoints” instead, i.e., the devices used by the persons communicating, is the government's proposed solution.

The study points out that Internet security, in addition to being important to individual privacy and freedom, is also critical to the functioning of the entire modern economy. Making peer-to-peer communication software “wiretap ready,” however, would seriously jeopardize Internet security for everyone, because any modifications would be targeted by hackers and Internet fraudsters, who could use the technology for a variety of nefarious purposes, including against the government itself:

 A wiretap design mandate on communications tools is, plainly put, an opportunity for increased exploitation [by hackers]. As we explain below, extending CALEA [Communications Assistance for Law Enforcement Act] to endpoint software and devices will make communications systems, products and services even more vulnerable.

-Matt Bewig

To Learn More:

CALEA II: Risks of Wiretap Modifications to Endpoints (by Ben Adida, Collin Anderson, et al.

FBI Wants More Authority to Spy Live on Gmail, Skype, Dropbox and Cloud (by Matt Bewig, AllGov)