Risk
5/1/2013
12:37 PM
50%
50%

FBI Seeks Real-Time Facebook, Google Wiretaps

Government proposal would expand wiretap laws to cover not just service providers, but also the likes of Facebook and Google, backed by escalating fines for noncompliance.

Anonymous: 10 Things We Have Learned In 2013
Anonymous: 10 Things We Have Learned In 2013
(click image for larger view and for slideshow)
Should Facebook, Google and similar sites be forced to adapt their infrastructure so that the FBI and other law enforcement agencies can easily tap suspects' communications in real time?

That's the impetus behind new wiretap guidelines being drawn up by a government panel, according to the Washington Post.

The draft guidelines, championed by the FBI, would allow courts to impose escalating fines on any business that didn't immediately comply with a court-ordered request for real-time communications interception, regardless of whether the Web service provider said such interception was technically feasible. Any business that fails to comply with the wiretap request could face fines that start at tens of thousands of dollars, then double daily after 90 days of noncompliance. The White House reportedly hasn't yet signed off on the proposals.

[ Questions about employee surveillance? Read Watching Workers: Where's The Line? ]

"Today, if you're a tech company that's created a new and popular way to communicate, it's only a matter of time before the FBI shows up with a court order to read or hear some conversation," Perkins Coie attorney Michael Sussmann, a former federal prosecutor, told the Post. "If the data can help solve crimes, the government will be interested."

In 2005, in an expansion of the Communications Assistance for Law Enforcement Act (CALEA), the Federal Communications Commission ruled that service providers, as well as VoIP providers, had to overhaul their networks to allow real-time interception. But that doesn't apply to businesses such as Facebook and Google. Accordingly, the FBI now tends to back off when those companies or their peers say they can't easily comply with an intercept request for technical reasons, rather than attempting to initiate contempt proceedings, reported the Post.

But the bureau would like that to change. "The importance to us is pretty clear," the FBI's general counsel, Andrew Weissmann, last month said in a speech to the American Bar Association's Standing Committee on Law and National Security. "We don't have the ability to go to court and say, 'We need a court order to effectuate the intercept.' Other countries have that. Most people assume that's what you're getting when you go to a court."

The bureau's push for expanded wiretapping powers is far from unexpected. Indeed, reports surfaced last year that the FBI was meeting with Facebook, Google, Microsoft and Yahoo, among other companies, to query how the bureau could best conduct surveillance of their services while causing minimal disruption.

In 2011, meanwhile, longtime FBI director Robert S. Mueller III urged Congress to give the bureau greater wiretapping capabilities, warning that to do otherwise meant there would be "a very real risk of the government 'going dark,' resulting in an increased risk to national security and public safety."

But civil rights groups have warned that the proposal to fine businesses that don't proactively aid FBI surveillance of their communications services risks wiretap capabilities being abused by attackers. "At the very time when the nation is concerned about cybersecurity, the FBI proposal has the potential to make our communications less secure," said Joe Hall, a senior staff technologist for the Center for Democracy and Technology, in a statement. "Once you build a wiretap capability into products and services, the bad guys will find a way to use it."

Another unanswered question is how new intercept capabilities would be tested or vetted. Would changes to popular services -- such as Facebook or Gmail -- first require a corresponding sign-off from IT staff at the FBI before they could be put into production?

"What the FBI is proposing sounds benign, but it comes with such onerous penalties that it would force developers to seek pre-approval from the FBI," said CDT president Leslie Harris in a statement. "No one is going to want to face fines that double every day, so they will go to the FBI and work it out in advance, diverting resources, slowing innovation, and resulting in less secure products."

In the wake of a zero-day vulnerability being exploited by multiple active attacks, IT teams wait for Oracle to respond. Again. Here's how to keep your systems safe. Get our Insecurity With Java report today. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
5/4/2013 | 1:26:02 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Did you read the Washington Post article? If you did, you would find this quote - "The Obama administration has not yet signed off on the proposal. Justice Department, FBI and White House officials declined to comment."
Like I alluded too, and rather than blaming Obama, the Bush admin kicked off the steady erosion of our civil liberties to ostensibly asuage our "fears". What a legacy...
NJ Mike
50%
50%
NJ Mike,
User Rank: Apprentice
5/3/2013 | 12:19:41 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Obama has been in office 4+ years, the "blame Bush" stategy is wearing thin.
"That's the impetus behind new wiretap guidelines being drawn up by a government panel, according to the Washington Post. " - "being drawn up" is present tense.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
5/2/2013 | 10:33:31 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Right. Anyone paying attention will concur that our civil liberties began to disappear quickly back when your hero started two wars (one on questionable intel), created Home Land Invasion, err uhh, Security, and passed the Patriot Act. The current FBI push has what to do with Obama... I ask?
iNtHEmACHINE
50%
50%
iNtHEmACHINE,
User Rank: Apprentice
5/2/2013 | 9:58:29 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Sweet! Now everything on the web will be as secure as java and flash. Hai, we gets all your stuffz losers.
NJ Mike
50%
50%
NJ Mike,
User Rank: Apprentice
5/2/2013 | 5:37:20 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
If the owners of a company supported President Obama in either of the last elections, they should follow these proposed guidelines without question.
ANON1234369798209
50%
50%
ANON1234369798209,
User Rank: Apprentice
5/2/2013 | 3:17:28 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
With so few citizens educated in the basic fundamentals of grammar, there is a good posibility our democracy will quickly devolve into communism after a brief dip in the warmer waters of socialism...
Guy Anderson
50%
50%
Guy Anderson,
User Rank: Apprentice
5/2/2013 | 12:13:00 AM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
So are we the knew China?
dufas_duck
50%
50%
dufas_duck,
User Rank: Apprentice
5/2/2013 | 12:03:32 AM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
Just think, the FBI, Police, HLS, etc, etc, etc, will have access passwords and user names for banks, businesses, all sorts of things. Credit card numbers, pin numbers, bank withdrawal numbers, checking accounts,...... Why not just have everyone do all their business through some government agency?? Last year, one of the British MPs tried to float a law that everyone's pay be diverted through a government office so that the government can take it's cut directly and then forward what the government thinks the working person deserved from what is left. I see a future somewhat similar to East Berlin ahead for us if these idiots keep forging ahead with their agendas..... Check points every few blocks...Let's see your papers,...What reason have you for being in this area????

I'm from the government and am just here to 'help' you...coming to an area near you.....
Guest
50%
50%
Guest,
User Rank: Apprentice
5/1/2013 | 9:27:47 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
I don't know why Facebook has a problem with privacy issues. Maybe this time they're not getting paid for it?
John Doe
50%
50%
John Doe,
User Rank: Apprentice
5/1/2013 | 6:44:49 PM
re: FBI Seeks Real-Time Facebook, Google Wiretaps
I am a lead developer in our group, let me approve the code coming from FBI. I promise I will not use it for my personal gain. Xross my heart!
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-1793
Published: 2014-12-25
rendering/svg/RenderSVGResourceFilter.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted SVG document that leads to a "stale pointer."

CVE-2011-1794
Published: 2014-12-25
Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified ...

CVE-2011-1795
Published: 2014-12-25
Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document con...

CVE-2011-1796
Published: 2014-12-25
Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaS...

CVE-2011-1798
Published: 2014-12-25
rendering/svg/RenderSVGText.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 does not properly perform a cast of an unspecified variable during an attempt to handle a block child, which allows remote attackers to cause a denial of service (application crash) or possibly have unknown othe...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.