Obama’s Internet-Wiretap Bid: Secret Government Backdoor to Your Mailbox
We have a right to talk in private and that includes email and other online communication. I've written and spoken at BlogHer before about our right as women to speak and act freely in public. But we also need to keep in mind our rights to speak in private.
When I lock my house, I don't give a copy of the key to the U.S government -- nor am I required to build them a special door so they can spy on me. That's basically what's being proposed by the Obama administration for the places we live online.
The New York Times reported today that the FBI is preparing to propose legislation to the Obama Administration that would require Internet service providers (including software makers like Skype) to build in "backdoors" so that any communication between people can be monitored by the government. Xeni Jardin on BoingBoing has a good link roundup to articles on the proposed "wiretapping."
Currently, we can send encrypted messages and can -- with effort -- communicate in private. If everything that exists on the net and hosted or available in the U.S. were required to build in tools to block encryption, this would destroy the possibility of private communication. It would put a huge burden on Internet and software providers to build those extra doors into their communication services. It would also mean that those back doors could be exploited by hackers who want to steal people's data. It's like requiring that nothing can be locked up in a secure way, and everything online has to be built with a weakness.
Here are the likely elements of the legislation as reported by PC Mag's Security Watch:
• Communications services that encrypt messages must have a way to unscramble them.
• Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
• Developers of software that enable peer-to-peer communication must redesign their service to allow interception.
In the 1990s activists fought to allow the public to use encryption. The public won that battle on many levels. Privacy and secure communications were no longer something only the military could have. Thanks to the public winning the Crypto Wars, we have worldwide online banking, we can buy stuff online with a fair amount of security, and we can have conversations in private.
I don't have anything in particular to hide, but as a basic professional business practice I use ssh and https to connect to my servers for work and for blogging. Something millions of people worldwide do every day. Would that be forbidden under this law? It sounds like it would -- and if it wasn't, why wouldn't criminals and terrorists just use these secure systems to communicate?
So while you might think this legislation has nothing to do with you, because you're not talking about anything the government would be interested in, please take your right to privacy and private communications seriously. It's a political right we have to fight to defend. Once it begins to erode, we could end up having our emails filtered daily "as a matter of national security." It's as if they want to make our Facebook messages go through a TSA airport security line! That third point above, that says peer to peer communication must allow interception, means that I can't build a device that talks to another device without specially building in a way for anything anyone ever says over it to be eavesdropped on by the U.S. government. (And anyone else smarter than them.)
This proposed legislation is an incredibly bad idea. It would hurt the software and web industry in the U.S. It is also impossible to implement and enforce. As part of the Crypto Wars, the U.S. tried to block free speech in forbidding the distribution (and export) of encryption algorithms -- ways to encode and decode material. This was famously mocked in a 3-line computer program. The page documenting this is worth a look, with its cartoons and photos of people who had the 3 line program tattooed on their bodies to protest the limitations on their freedom of speech. I think that as bloggers, we BlogHeristas need to know something about this crucial part of Internet history. It's what has made possible all the free communication we enjoy and maybe take for granted!
Law enforcement already has other options, as Declan McCullough outlines on CNET:
If Congress does not enact a law, law enforcement still has options. Police can obtain a special warrant allowing them to sneak into someone's house or office, install keystroke-logging software, and record passphrases. The Drug Enforcement Agency adopted this technique in a case where suspects used PGP and the encrypted Web e-mail service Hushmail.com. And the FBI did the same thing in an investigation of an alleged PGP-using mobster named Nicodemo Scarfo.
I have to make one more analogy here -- this idea is like trying to say that because a bunch of cops don't understand your language, you're not allowed to speak it.
If the U.S. needs to destroy the entire concept of personal privacy in order to "keep us safe," then we are in the most danger from the government itself. Frankly, I think the U.S. government must need to step up its spycraft if it's so pathetically bad at what it does that it has to pass laws to force a bunch of software developers to make their lives easy.
Meanwhile, our Internet access in the U.S. is threatened by censorship legislation -- read about it here: Stop the US Internet Blacklist.
Public key cryptography illustration by David Göthberg.