Your government is worried. The world is “going dark.” Once upon a time, telephones were the only way to talk to someone far away, and the authorities could wiretap any phone they wanted. Nowadays, though, suspects might be communicating via Facebook, Google Hangouts, WhatsApp, Snapchat, Skype, Viber. And so, inevitably: “Today, if you’re a tech company that’s created a new and popular way to communicate, it’s only a matter of time before the FBI shows up with a court order to read or hear some conversation.”
But some of those providers have no interest in spying on their users. The FBI is not amused. “A government task force is preparing legislation that would pressure companies such as Facebook and Google to enable law enforcement officials to intercept online communications as they occur,” according to the Washington Post, by fining them increasing sums until they build government-accessible back doors into their systems.
Which invites the titular question of this post.
The FBI may be looking back with dewy-eyed nostalgia on the phone wiretaps of yore, but I think we can all agree that those would have been ridiculously ineffective if anyone with anything to hide had been able to easily acquire and attach tiny devices that made wiretapping impossible. That’s exactly the case today: anyone even remotely au fait with technology can securely encrypt their digital communications themselves, via eg RedPhone.
So the FBI would only be able to wiretap suspects who are either too dumb to use encryption — in which case they ought to be easy enough to catch without wiretaps — or who think they have nothing to hide. Meanwhile, they’d be setting a terrible precedent for other, more draconian governments. Critics say “We’ll look a lot more like China than America after this” … but the Obama administration, which not coincidentally appears to hate whistleblowers above all else, still seems poised to support this initiative.
But wait, it gets worse. In order to claim this empty chalice, the powers that be will require a surveillance system that could be abused by the very kind of people it’s supposed to be used against. Could, and almost certainly would: if you build a tool that can be used malevolently, then inevitably it one day will be. Consider how Google was hacked in 2010 by adversaries who used the intercept facilities built into GMail – at the government’s insistence – to access the private email of Chinese dissidents, and:
Google had a database with “years” worth of FISA surveillance orders it received.The Chinese hacked it. washingtonpost.com/world/national…
— Christopher Soghoian (@csoghoian) May 20, 2013
Put another way:
Basically, FBI is proposing massive fines for companies that design their systems to be secure. Insanely bad idea. j.mp/Y9hiL3
— Julian Sanchez (@normative) April 29, 2013
Is the FBI actually too stupid to realize that this is a terrible, horrible, very bad, no good idea? Or — get your tinfoil hats on — is the pretext of hunting criminals and terrorists merely a smokescreen for requiring what in effect will be a gargantuan cross-platform surveillance system that will let them spy on anyone’s conversation at any time for their own ulterior motives?
Probably not. (At least, he said paranoiacally, not yet.) But that is exactly what’s happening in other countries. Witness this post by legendary security guru Moxie Marlinspike, the creator of RedPhone among other tools, who was approached by the Saudi Arabian government to help monitor and block tools like Twitter, Viber, Line and WhatsApp. When he declined, they suggested:
If you are not interested than maybe you are on indirectly helping those who curb the freedom with their brutal activities.
That’s right, folks: if you’re not helping the government of Saudi Arabia secretly spy on all of its residents, then you’re on the side of the terrorists! Good to know. I vastly prefer Moxie’s take:
While this email is obviously absurd, it’s the same general logic that we will be confronted with over and over again: choose your team. Which would you prefer? Bombs or exploits. Terrorism or security. Us or them. As transparent as this logic might be, sometimes it doesn’t take much when confirming to oneself that the profitable choice is also the right choice.
If I absolutely have to frame my choices as an either-or, I’ll choose power vs. people.
Similarly, a recent Citizen Lab report indicates that the FinFisher surveillance software is now being used in 36 countries, including those well-known pillars of enlightened human rights Bahrain, Ethiopia, and Turkmenistan, and the Syrian government has an entire electronic army targeting dissidents (who, unfortunately, continue to use Skype even though it’s not secure and Microsoft can and does tap into Skype chats.)
So we’re left with the last option: the FBI is simply technically incompetent. Unable to come to terms with the new world of technology, and take advantage of the many ways in which new technology can aid their investigations in new ways without turning America into a panopticon, they’re instead still thinking inside the box of 20th-century wiretapping, and insisting that tech companies implement a counterproductive, expensive, and ultimately pointless toolkit…purely to satisfy their own blinkered lack of imagination.
It’s sad, depressing, and dangerous. Let’s hope clearer heads and more farsighted visions prevail before this pathetically bad and dumb idea is actually implemented — but alas, I see no reason to believe that we can expect anything but more of the same high-level cluelessness for the foreseeable future.