Risk
5/1/2013
12:37 PM
50%
50%

FBI Seeks Real-Time Facebook, Google Wiretaps

Government proposal would expand wiretap laws to cover not just service providers, but also the likes of Facebook and Google, backed by escalating fines for noncompliance.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Should Facebook, Google and similar sites be forced to adapt their infrastructure so that the FBI and other law enforcement agencies can easily tap suspects' communications in real time?

That's the impetus behind new wiretap guidelines being drawn up by a government panel, according to the Washington Post.

The draft guidelines, championed by the FBI, would allow courts to impose escalating fines on any business that didn't immediately comply with a court-ordered request for real-time communications interception, regardless of whether the Web service provider said such interception was technically feasible. Any business that fails to comply with the wiretap request could face fines that start at tens of thousands of dollars, then double daily after 90 days of noncompliance. The White House reportedly hasn't yet signed off on the proposals.

[ Questions about employee surveillance? Read Watching Workers: Where's The Line? ]

"Today, if you're a tech company that's created a new and popular way to communicate, it's only a matter of time before the FBI shows up with a court order to read or hear some conversation," Perkins Coie attorney Michael Sussmann, a former federal prosecutor, told the Post. "If the data can help solve crimes, the government will be interested."

In 2005, in an expansion of the Communications Assistance for Law Enforcement Act (CALEA), the Federal Communications Commission ruled that service providers, as well as VoIP providers, had to overhaul their networks to allow real-time interception. But that doesn't apply to businesses such as Facebook and Google. Accordingly, the FBI now tends to back off when those companies or their peers say they can't easily comply with an intercept request for technical reasons, rather than attempting to initiate contempt proceedings, reported the Post.

But the bureau would like that to change. "The importance to us is pretty clear," the FBI's general counsel, Andrew Weissmann, last month said in a speech to the American Bar Association's Standing Committee on Law and National Security. "We don't have the ability to go to court and say, 'We need a court order to effectuate the intercept.' Other countries have that. Most people assume that's what you're getting when you go to a court."

The bureau's push for expanded wiretapping powers is far from unexpected. Indeed, reports surfaced last year that the FBI was meeting with Facebook, Google, Microsoft and Yahoo, among other companies, to query how the bureau could best conduct surveillance of their services while causing minimal disruption.

In 2011, meanwhile, longtime FBI director Robert S. Mueller III urged Congress to give the bureau greater wiretapping capabilities, warning that to do otherwise meant there would be "a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."

But civil rights groups have warned that the proposal to fine businesses that don't proactively aid FBI surveillance of their communications services risks wiretap capabilities being abused by attackers. "At the very time when the nation is concerned about cybersecurity, the FBI proposal has the potential to make our communications less secure," said Joe Hall, a senior staff technologist for the Center for Democracy and Technology, in a statement. "Once you build a wiretap capability into products and services, the bad guys will find a way to use it."

Another unanswered question is how new intercept capabilities would be tested or vetted. Would changes to popular services -- such as Facebook or Gmail -- first require a corresponding sign-off from IT staff at the FBI before they could be put into production?

"What the FBI is proposing sounds benign, but it comes with such onerous penalties that it would force developers to seek pre-approval from the FBI," said CDT president Leslie Harris in a statement. "No one is going to want to face fines that double every day, so they will go to the FBI and work it out in advance, diverting resources, slowing innovation, and resulting in less secure products."

In the wake of a zero-day vulnerability being exploited by multiple active attacks, IT teams wait for Oracle to respond. Again. Here's how to keep your systems safe. Get our Insecurity With Java report today. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
5/4/2013 | 1:26:02 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Did you read the Washington Post article? If you did, you would find this quote - "The Obama administration has not yet signed off on the proposal. Justice Department, FBI and White House officials declined to comment."
Like I alluded too, and rather than blaming Obama, the Bush admin kicked off the steady erosion of our civil liberties to ostensibly asuage our "fears". What a legacy...
NJ Mike
50%
50%
NJ Mike,
User Rank: Apprentice
5/3/2013 | 12:19:41 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Obama has been in office 4+ years, the "blame Bush" stategy is wearing thin.
"That's the impetus behind new wiretap guidelines being drawn up by a government panel, according to the Washington Post. " - "being drawn up" is present tense.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
5/2/2013 | 10:33:31 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Right. Anyone paying attention will concur that our civil liberties began to disappear quickly back when your hero started two wars (one on questionable intel), created Home Land Invasion, err uhh, Security, and passed the Patriot Act. The current FBI push has what to do with Obama... I ask?
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
5/2/2013 | 9:58:29 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Sweet! Now everything on the web will be as secure as java and flash. Hai, we gets all your stuffz losers.
NJ Mike
50%
50%
NJ Mike,
User Rank: Apprentice
5/2/2013 | 5:37:20 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
If the owners of a company supported President Obama in either of the last elections, they should follow these proposed guidelines without question.
ANON1234369798209
50%
50%
ANON1234369798209,
User Rank: Apprentice
5/2/2013 | 3:17:28 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
With so few citizens educated in the basic fundamentals of grammar, there is a good posibility our democracy will quickly devolve into communism after a brief dip in the warmer waters of socialism...
Guy Anderson
50%
50%
Guy Anderson,
User Rank: Apprentice
5/2/2013 | 12:13:00 AM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
So are we the knew China?
dufas_duck
50%
50%
dufas_duck,
User Rank: Apprentice
5/2/2013 | 12:03:32 AM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Just think, the FBI, Police, HLS, etc, etc, etc, will have access passwords and user names for banks, businesses, all sorts of things. Credit card numbers, pin numbers, bank withdrawal numbers, checking accounts,...... Why not just have everyone do all their business through some government agency?? Last year, one of the British MPs tried to float a law that everyone's pay be diverted through a government office so that the government can take it's cut directly and then forward what the government thinks the working person deserved from what is left. I see a future somewhat similar to East Berlin ahead for us if these idiots keep forging ahead with their agendas..... Check points every few blocks...Let's see your papers,...What reason have you for being in this area????

I'm from the government and am just here to 'help' you...coming to an area near you.....
Guest
50%
50%
Guest,
User Rank: Apprentice
5/1/2013 | 9:27:47 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
I don't know why Facebook has a problem with privacy issues. Maybe this time they're not getting paid for it?
John Doe
50%
50%
John Doe,
User Rank: Apprentice
5/1/2013 | 6:44:49 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
I am a lead developer in our group, let me approve the code coming from FBI. I promise I will not use it for my personal gain. Xross my heart!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-5084
Published: 2015-08-02
The Siemens SIMATIC WinCC Sm@rtClient and Sm@rtClient Lite applications before 01.00.01.00 for Android do not properly store passwords, which allows physically approximate attackers to obtain sensitive information via unspecified vectors.

CVE-2015-5352
Published: 2015-08-02
The x11_open_helper function in channels.c in ssh in OpenSSH before 6.9, when ForwardX11Trusted mode is not used, lacks a check of the refusal deadline for X connections, which makes it easier for remote attackers to bypass intended access restrictions via a connection outside of the permitted time ...

CVE-2015-5537
Published: 2015-08-02
The SSL layer of the HTTPS service in Siemens RuggedCom ROS before 4.2.0 and ROX II does not properly implement CBC padding, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a different vulnerability than CVE-2014-3566.

CVE-2015-5600
Published: 2015-08-02
The kbdint_next_device function in auth2-chall.c in sshd in OpenSSH through 6.9 does not properly restrict the processing of keyboard-interactive devices within a single connection, which makes it easier for remote attackers to conduct brute-force attacks or cause a denial of service (CPU consumptio...

CVE-2015-1009
Published: 2015-07-31
Schneider Electric InduSoft Web Studio before 7.1.3.5 Patch 5 and Wonderware InTouch Machine Edition through 7.1 SP3 Patch 4 use cleartext for project-window password storage, which allows local users to obtain sensitive information by reading a file.

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!