Stories
Slash Boxes
Comments
Search

News for nerds, stuff that matters

Slashdot Log In

Log In

Create Account  |  Retrieve Password

Security Threat In the New Wiretapping Law

Journal written by Jeremiah Cornelius (137) and posted by kdawson on Tue Aug 14, 2007 02:17 AM
from the gateway-for-hackers dept.
Security United States
The NSA wants automatic surveillance capabilities in telephone switches. But once such capabilities are built in, others could use them to intercept communications. Within 10 years this could render the US vulnerable to attacks from terrorist groups across the globe, as well as from the military establishments of other nations. "Such threats are not theoretical: In April 2004, phones belonging to members of the Greek government, including the prime minister, were spied on with wiretapping software that was misused."
+ -
story

Related Stories

Journal: The Information Security Threat in the New Wiretapping Law by Jeremiah Cornelius (137)
This discussion has been archived. No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Security Threat In the New Wiretapping Law 50 Comments More /

 Full
 Abbreviated
 Hidden
More
Loading... please wait.

  • This is really creepy (Score:5, Insightful)

    by Billly Gates (198444) on Tuesday August 14 2007, @02:22AM (#20222039) Homepage Journal
    Only Communist China and North Korea have such interests in implementing technology like this. Hell Bejing already is monitored 24x7.

    I remember a quote from Reagan: "Freedom is never more than one generation away from extinction. We didn't pass it to our children in the bloodstream. It must be fought for, protected, and handed on for them to do the same, or one day we will spend our sunset years telling our children and our children's children what it was once like in the United States where men were free."

    My oh my has that come true. Sadly from the leader of his own party. Something needs to be done?

    • Re:This is really creepy (Score:5, Informative)

      by WindBourne (631190) on Tuesday August 14 2007, @02:52AM (#20222173) Journal
      Only Communist China and North Korea have such interests in implementing technology like this. Hell Bejing already is monitored 24x7.

      Sadly, that is false. Nearly all nations are involved in this. In fact, the bulk of EU monitors everything now. Canada, Australia, etc are all moving to monitoring of their aliens (and citizens). US and Greece are NOT unusual in all this. They have simply got caught. Don't believe it? Ever wonder exactly why Britain, Poland, France, Italy and Germany have given us all sorts of interesting info about possible attacks? Where exactly do you think that they got it from?

      The funny thing, is that reagan has more to do with this than most leaders. He was a true believer in "war is peace", just like W.

      • Re:This is really creepy (Score:4, Insightful)

        by PhilHibbs (4537) <snarks@gmail.com> on Tuesday August 14 2007, @05:13AM (#20222679) Homepage Journal

        he funny thing, is that reagan has more to do with this than most leaders. He was a true believer in "war is peace", just like W.

        I was once taken in by a "closing down sale" where some guys at the front of a crowd fleeced people by selling them rubbish at inflated prices. They started out by effectively demonstrating their scam to the audience, where they get you to give money up front in return for an empty box, and war you not to fall for that trick. Then they pull exactly that trick and everyone fell for it. I bought the world's crappiest camera for £50, and this was over 10 years ago, that would be more like £100 now.

        Politics is similar, they warn you about loss of freedom, and then take away your freedom to protect you.
        • hahaha... I can actually say I've never fallen for any scam.
          My wife says I'm just paranoid and pessimistic, but when she's not sure about something she always gets me to make the decision for her. Funny how that works. Point being, I think maybe you're just not familiar with how easy it is to take advantage of people.

          I recommend this book [amazon.com]. The whole book is basically about how to not be taken advantage of, and has plenty of examples similar to your story.

          • Re:This is really creepy (Score:5, Funny)

            by kir (583) on Tuesday August 14 2007, @08:55AM (#20224131) Homepage

            Sir,

            I hate to break this to you, but...

            "hahaha... I can actually say I've never fallen for any scam."

            and then

            "My wife says. . ."

            Your wife? You, sir, have fallen for the biggest scam of all time. Trust me, I know. Suh-weet Jesus and Mohammad do I know.

      • Don't believe it? Ever wonder exactly why Britain, Poland, France, Italy and Germany have given us all sorts of interesting info about possible attacks? Where exactly do you think that they got it from?
        Hmm, that's pretty weak reasoning imho. There are definitely more targeted ways of infiltrating terrorist groups than listening in on everyone's phone calls.

      • Re:This is really creepy (Score:4, Informative)

        by TubeSteak (669689) on Tuesday August 14 2007, @06:36AM (#20223043) Journal

        Ever wonder exactly why Britain, Poland, France, Italy and Germany have given us all sorts of interesting info about possible attacks? Where exactly do you think that they got it from?
        An argument from personal incredulity, [wikipedia.org] also known as argument from personal belief or argument from personal conviction, is no argument at all.

        There are two ways to deal with terrorism:
        A) The military model (Guantanamo Bay, extraordinary rendition, warrantless wiretaps)
        B) The law enforcement model

        Almost all the cases of terrorism that we do hear about, have been discovered and dealt with through good old fashioned police work. Seriously, the police deal with terrorism in Britain [google.com], France, Italy and Germany (I have no clue about Poland). As a favor, I linked the first Google search for you.

        Because the USA is new to the "zomg terrorists!111" game, they've gone with the military model. It puts us in fairly poor company when you look at the international scene and has handicapped US efforts at generating human intel sources.

      • US and Greece are NOT unusual in all this.

        IF you knew what you were talking about, you would know that Greece deliberately chose not to purchase the "centralized wiretaping" option for their telecom switches. It was only because of software "modularity" that the software was still in the switch, it was just disabled without the proper licensing codes. The eavesdroppers in the Greece case were able to hack the switches and enable the centralized wiretapping functions for their own purposes.

        If Greece really were doing the centralized wiretapping t

    • Our current administration is NOTHING like Reagan's, outside the label.

    • Re: (Score:2, Insightful)

      by Anonymous Coward
      This cartoon [chicagotribune.com] on this page [chicagotribune.com] of today's Chicago Tribune says it all. Too bad you have to use bugmenot to see it.

      Half a million Americans dead from the tobacco companies each year, another half million from McDonald's trans fats each year, fewer than three thousand dead on American soil from muslim extremists this entire century. Bin Laden should buy stock in RJ Reynolds and Burger King if he wants to kill us, the piker! I'm far more scared of the corporate terrorists than that idiot. BTW, 40,000 Americans die
  • ...if you have nothing to hide, what are you afraid of?

    • Re:Just keep telling yourself... (Score:5, Insightful)

      by Opportunist (166417) on Tuesday August 14 2007, @03:27AM (#20222301)
      I'm afraid of laws turning from legal to illegal what used to be normal pastime and normal behaviour. Germany just recently outlawed "hacking tools", most of which are perfectly fine tools to monitor and audit the security of your own box. Copyright laws becoming more and more intrusive, to the point where copyright holders want to control the tools you use to play their content.

      I'm not breaking the law. But I'm quite afraid of me not changing my behaviour and yet still being a criminal over night, without even noticing. Even under different circumstances, the chance that a law gets passed that outlaws what used to be normal practice is nonzero. Under these circumstances, it's even likely.

      So that's what I'm afraid of when I'm giving up privacy. That for some reason what I do might be considered illegal in the forseeable future. And, well, ya know, when he's been doing it while it was legal, will he continue when it's illegal? Even if I cease to do it, I'll be watched with suspicion and should I be tried, whether justified or innocent, my past actions (back when they were legal) will be used against me, with the allegation that I might have continued to do so when it was outlawed. It's also a convenient pretense when a warrant is necessary against me.

      Yes, I do not trust the government of my country. Why the hell should I? They don't trust me neither.

    • Re:Just keep telling yourself... (Score:5, Insightful)

      by rtb61 (674572) on Tuesday August 14 2007, @04:28AM (#20222509) Homepage
      If they have nothing to hide, why is it secret wire tapping and secret warrants.

      If they have nothing to hide, why isn't every communication between lobbyists and politicians recorded and publicly declared.

      If they have nothing to hide, why is not the activity of every law enforcement officer recorded whilst they are on duty, rather than a taser to torture why not a video camera to record.

      If they have nothing to hide, why secret no fly lists.

      Let's all of us give up our secrets and privacy at the same time or maybe lets start with the people who are in such a hurry to take our privacy whilst keeping their own dirty secrets, which will be the most interesting, our little white lies, or the massive whoppers of the corrupt corporate executives, the typical lying politician, the abusive power freak law enforcement officer, and of course the biggest liars of all lobbyists.

      • I love that the same people who are the first to give the "If you haven't done anything, you shouldn't be worried about people spying on you" line are also the first to raise Hell when Congress subpoenas Harriet Miers, Karl Rover, etc. to ask them questions. I mean, if they haven't done anything wrong, what are they afraid of?

    • ...if you have nothing to hide, what are you afraid of?
      Yep. As long as those in charge the whole thing are benign and competent, there's nothing to worry about. And we all know that our present and all future administrations are sure to be benign and competent, don't we?
      • Actually, someone else read the unwritten tags.

        It's really hard to imagine anyone saying that you should tell yourself something in order to convince yourself of anything. "There is no spoon, there is no spoon..."

  • Wrong front, soldier (Score:5, Insightful)

    by BadAnalogyGuy (945258) <BadAnalogyGuy@gmail.com> on Tuesday August 14 2007, @02:26AM (#20222063)
    If you're arguing that mandatory wiretapping ports are a bad idea because they make the system vulnerable to attack, are you then saying that you would not be opposed to such ports if there were no security threat posed by them?

    When you muddy the waters to fight only the battle right in front of you, you risk losing sight of the bigger goals and make yourself vulnerable to counterattacks.

    • you would not be opposed to such ports if there were no security threat posed by them?

      This falls in the larger category of granting power to others. Given someone you can absolutely trust, both in their intent and the quality of their execution, we might grant them absolute power. This tempts us most when we believe they'll use the power for our good.

      There are three lines of argument against this:

      1. Our trust in intent may be misplaced: While this may be true, it's often not an effective argument in a democra
      • Let me figure out what concerns are being voiced here. Here's the summary:

        The NSA wants automatic surveillance capabilities in telephone switches. But once such capabilities are built in, others could use them to intercept communications. Within 10 years this could render the US vulnerable to attacks from terrorist groups across the globe, as well as from the military establishments of other nations. "Such threats are not theoretical: In April 2004, phones belonging to members of the Greek government, inclu
        • Considering that the NSA doesn't even allow the internet onto their own campus, I doubt they want some remote capability for accessing this stuff. I wouldn't be surprised if the actual data is physically moved, that is, never touches the network.

          The problem with FISA is that it is an old law that was inadequate to begin with. It wasn't designed for cell phones, voip, email, etc. It was designed for hard wired telephones that could be ascribed to a subscriber with pretty good accuracy. Today, you can
  • Revolution.

  • Think of the children! (Score:3, Insightful)

    by th3rmite (938737) on Tuesday August 14 2007, @02:29AM (#20222083)
    We need this in order to protect our children from online predators! Once they track your children down they almost always attempt to call them first. We NEED safeguards for our children. To think otherwise must mean that you support child predators.

    • Re:Think of the children! (Score:5, Interesting)

      by Opportunist (166417) on Tuesday August 14 2007, @03:31AM (#20222317)
      From a logical point of view, it's more reasonable to support child predators whan total surveillance. The former only threatens a part of society, the latter the whole.

    • To think otherwise must mean that you support child predators.

      Now I am all for protecting the innocent but to say that everyone else of with a different point of view to yours supports child predators is just ridiculous.

      How is installing monitoring software in all telephone switches going to stop child predators? Is there an army of people who are going to sit there and listen to all the phone calls going on? Is there a super computer that can understand all human speach patterns and languages that

  • If those implementing this type of thing know what they're doing, there is really no reason it can't be done securely. Simply require all "intercept-this-communication" messages should be digitally signed, etc, and keep the private key under lock and key, both physically and electronically. If it's leaked, have an update-key command on the switches to replace the old key with a new one, and replace any switches that attackers get to first. I absolutely agree that this is a serious invasion of privacy and

    • Re: (Score:3, Insightful)

      by timmarhy (659436)
      huh, what kind of simplistic world do you live in? "update key command" on several million routers, you must be fucking with us, because surely must see how that would never ever work.

      "But arguing against it because it has been poorly implemented and misused in the past is counterproductive."

      No, it shows a clear demonstration of how impossibly hopless it is to do this in a secure manner.

    • Re: (Score:3, Interesting)

      by farkus888 (1103903) *
      I have heard this argument before and am surprised its gone so long with no one debunking it. First of all no one I know has dropped the "privacy" side of this argument, the security risk is simply in addition to the privacy reasons. You also need to consider that the people who are making the decision have already proven on more than one occasion that they are indifferent to privacy implications of legislation like this. If we can convince them to preserve some facet of our ever dwindling privacy out of fe
    • And since you immediately know when the key is leaked, this is safe...

      The key problem of the security game is limited knowledge. It doesn't only matter that you know what your enemy knows. You also have to know what he knows that you know. Ya know? :)
        • Now, now, there's no need to be rude. I've been called names before, but nobody ever called me a Rumsfeld! That's just plain rude.

  • As seen on Bruce Schneier's blog 9-Aug-07 (Score:3, Informative)

    by Mathinker (909784) on Tuesday August 14 2007, @02:52AM (#20222175) Journal
    As seen on Bruce Schneier's blog [schneier.com].

  • Surveillence (Score:4, Insightful)

    by El-Wrongo (1105293) on Tuesday August 14 2007, @03:09AM (#20222239)
    This is not good. What happens when people know that other people can listen to their conversations is that they watch what they say, which makes democracy (if that is your thing) loose its value. Democracy can only exist as long as there is free speech. When free speech disappears, so does democracy. In addition I believe that this will have negative consequences for gays, political activists, people with illnesses etc. No one but you and the people you tell something, have any right to know what that something is. There will be leaks, you can not prevent that without taking extreme measures.
  • The U.S. government should not be concerned if they have nothing to hide... Right?
  • Within 10 years this could render the US vulnerable to attacks -- Doesn't anyone else think that this is actually the intention?

    Considering the US telephone 'system', it's like building your house out of wood and then giving bottles of petrol and packs of matches to all the local kids.

    Daftest idea I've read today, but it's still early.

  • Also... (Score:5, Insightful)

    by SamP2 (1097897) on Tuesday August 14 2007, @04:21AM (#20222469)
    Didn't Hollywood teach you about the consequences of speaking about secret things over the phone?

    Sure, with the electronic surveillance systems phone spying may be easier to accomplish en masse, bringing us one step closer to Old Bro (which requires not only monitoring to be -possible-, but to be efficient enough to be performed, analyzed, and acted upon on a regular basis...

    But the truth still remains that phone networks were never, ever, EVER secure to begin with, and it would be naive to think that we were living in a safe and secure communications era until today.

    It has been a long standing tenet in communications security, from CIA-level to your local small business, that there is no such thing as a secure (physical) comms. line, and the only way to ensure security is to use encryption (at which case your security is as good as it's weakest link, be it the key strength, random gen. quality, social factor, or w/e). Well newsflash: that doesn't work in the analog phone system, and never has.

    If you need things kept secure, send them digitally encrypted. If you need things even more secure, don't transmit them at all. The public phone system has never been secure, nor will it ever be, whether against government interceptors or a teen phreaker. Live with it.

    • If you need things kept secure, send them digitally encrypted. If you need things even more secure, don't transmit them at all. The public phone system has never been secure, nor will it ever be, whether against government interceptors or a teen phreaker. Live with it.

      The question is, how long until Uncle Sam decides that anyone relying on encrypted communications must be a terrorist/pedophile/whatever? The government has *already* tried to tell us that we have no right to communications that they can't tap (remember the Clipper Chip?), and that was before Bush and Co. started *aggresively* attacking our civil rights...

  • The NSA already installed such a system in their "does not exist" fibre patching room inside the AT&T fibre facility.
  • ...as they snoop onto us.
  • Its always been about controlling the masses, sure they want you to think about all the wiretapping going on, but even in a perfect world, to have wiretaps on everybody 24/7 ...after a week, you would break the datawarehouse piggy bank. What this does, is dissuade any would be terrorist from getting any ideas going into fruition, and leaves the really bad ones in that category. By controlling the masses by fear (yet again amercia) we avoid the masses from sheeping too many bad ideas. Any idea which is diffe

  • So easy, even a child can explain it (Score:5, Insightful)

    by bhmit1 (2270) on Tuesday August 14 2007, @08:31AM (#20223903) Homepage
    When your weapons are used against you, you have to wonder if you really needed that weapon in the first place. And people should question why we let you have that weapon. Of course this all assumes that people have an influence on the government, which seems like we haven't for quite a long time, if ever. But I digress, this can all be summed up by a child in a cartoon:
    Calvin and Hobbes [ucomics.com]

  • Let's Be Reasonable About This (Score:4, Insightful)

    by MarkPNeyer (729607) on Tuesday August 14 2007, @08:49AM (#20224059)

    Clearly, this isn't a partisan issue. The bill that just passed did so with the approval of the democratic controlled congress. People are playing partisan games over this because, unfortunately, it makes political sense to do so. Politics don't help anyone make rational decisions, though, so let's get them out of the way.

    Clearly, there is a security case to be made for listening to phone calls without warrants. If a known member of al-Qaeda makes a call into the united states, there isn't time to ask a judge to approve a wiretap. Even more clearly, the power to tap phones could very easily be abused. This is slashdot; we're all paranoid here. Having phones with built in mechanisms for wiretapping is just asking for all kinds of trouble.

    I think the most rational response to this is to recognize the usefulness of such a program, and then attempt to design one that is as impervious to manipulation as possible. General rules that have proven useful for this sort of thing in the past:

    • Distribution of Power - You don't want one guy making all the decisions. The problem with spreading power out too much here is that you'll completely ruin the effectiveness of the program. You can't wait for three committees and a judge to hear the case. Balance is needed.
    • Transparency - There needs to be a list made of all calls that have been recorded, along with the name of someone who approved this recording. This is risky because it exposes the people who made the decisions to liability, but i think that's a necessary risk in order to safeguard privacy. Especially when coupled with some sort of protection mechanism.
    • Protection - One of the reasons the bush administration likes secrecy so much is that people are more likely to make decisions when they know they're not going to be held accountable for them. It definitely sounds shady, but how many decisions would you make if you knew you'd be held liable (potentially criminally) for everything you did, by a group of people notorious for getting pissed off? Oftentimes decisions that made perfect sense at the time sound absurd in hindsight, and you're always going to be safer by ignoring potential problems than trying to act on them. The people making these decisions need to be guaranteed protection from harassment by groups like CAIR who'll undoubtedly continue their past behavior of attempting to use the legal system to bully anyone who tries to do anything to a moslem.

    Ultimately, though, it's not our laws that keep us safe. It's not the Constitution that protects our liberties. We are free because we have a culture that values freedom above almost all else. Personally, I think it's a culture worth aggressively defending. Will we sacrifice some freedom in the defense of freedom? Of course. From a historical perspective, all American wars have resulted in the citizenry being less free. Lincoln and Wilson both threw detractors in jail. Nobody is proposing that here. The loss of freedom is extremely mild from an historical perspective. When the struggle is over, the freedoms will return like they always have in the past, as long as we demand them, which we will. If you think the struggle is never going to be over; you're absolutely right. Until we get everybody in the country as committed to destroying al-qaeda as they are to protecting moslems from being offended and suspected terrorist's phone calls from being interpreted, nothing is going to get accomplished.

  • This whole thing is crazy...

    The ??? (Insert 3 letter agency here) wants to be able to sit in their "cushy" cubicle and monitor phone calls at the push of a button. I can understand that they don't want to have to travel to the ends of the country to sit in a cramped switching station to monitor phone calls. (oh yeah, add internet connections to the list too) But I can see a few problems:

    1) Any sort of remote access tool is vulnerable. Period. This is a simple mathematical fact. All authentication schemes ca

    • Re: (Score:3, Insightful)

      by farkus888 (1103903) *
      You are exactly right.

      In many fields it appears people think in simple problem - implement solution form. Those of us who have training and experience coding or other complex technology have been retrained to think in a problem - evaluate repercussions of potential solution - implement solution form. Usually with quite a few loops over the evaluate repercussions phase because the initial solution was unsatisfactory.

      Maybe the solution to the short comings in our government is to force them to take and pass
      • Maybe the solution to the short comings in our government is to force them to take and pass advanced programming classes before being allowed to take office.

        Good demonstration of an unsatisfactory initial solution.

      • Maybe the solution to the short comings in our government is to force them to take and pass advanced programming classes before being allowed to take office.

        They do not even read the bills they pass. This is wishful thinking at best.

        Automatic sunset laws (with a super-majority vote required to extend -- if it's a good law, why isn't 2/3 or 3/4 or 4/5 majority a reasonable idea) and a requirement that lawmakers actually prove they read the bills before they are allowed to vote YEA on them would work for me. Of course, this would slow down the amount of new things government would be allowed to do, that is, in my opinion, a _good_ thing.

        Sigh, I admit to living

    • No, not quite. A firewall with a backdoor pretends to care about your privacy.
    • As long as they don't use speech to text engines to document the calls otherwise I would no longer call my mom....
    • The answer is obvious : demand that the telco's create two physically seperated phone networks : one for all those politicans and other citizens of unspoken behaviour (that won't be tapped in any way), and the other one for all those possible terrorists ...

      It might make more sense to put the politicans with the "possible terrorists" though :)

All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the Poster. The Rest © 1997-2009 Geeknet, Inc.