Risk
10/14/2010
04:10 PM
John Foley
John Foley
Commentary
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%
Repost This

The Case For Wiretapping The Internet

The directors of National Intelligence and the FBI say tech-savvy extremists pose a growing threat, setting the stage for a national debate over the need for Internet eavesdropping.

Despite that growing threat, Mueller noted the challenge of meeting court-ordered communications "intercepts" during FBI investigations. In some cases, communications providers are unable to provide the electronic communications sought in a court order, in part because they're not required to build or maintain the capabilities to do so.

"Critical laws covering this area have not been updated since 1994, when we moved from a copper-wire phone system to digital networks and cell phones, but of course, technology has expanded exponentially in the past 16 years," Mueller said. "We want to ensure that our ability to intercept communications is not eroded by advances in technology—technology we all rely on to communicate." You can read Mueller's speech here.

We're fast approaching a point that will determine how, and how effectively, U.S. intelligence agencies will be able to tap into the din of terrorist chatter that travels over 21st century networks. According to the New York Times, new wiretapping legislation, described as "sweeping" in scope, will be submitted to lawmakers for action next year.

The challenge is to enable the mission of the U.S. Intelligence Community without compromising the privacy and civil liberties of Americans. Clapper and Mueller both voice a strong commitment to meeting that requirement. Says Mueller, "If we safeguard our civil liberties, but leave our country vulnerable to a terrorist attack, we have lost. If we protect America from terrorism, but sacrifice civil liberties, we have also lost. We must work to strike that balance, every day, in every case."

Seeking balance in the form of legislation will get contentious. Security expert Bruce Schneier, the chief security technology officer for BT, has already denounced the White House plan, and many of his readers are similarly critical and skeptical.

The status quo carries its own risks. Clapper says the number and pace of terrorist attempts in the U.S. by al-Qaida and its affiliates were at an all-time high during the past year. Among all the tough choices, inaction may be the worst.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-3946
Published: 2014-04-24
Cisco IOS before 15.3(2)S allows remote attackers to bypass interface ACL restrictions in opportunistic circumstances by sending IPv6 packets in an unspecified scenario in which expected packet drops do not occur for "a small percentage" of the packets, aka Bug ID CSCty73682.

CVE-2012-5723
Published: 2014-04-24
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP packets with fragmentation, aka Bug ID CSCub55948.

CVE-2013-6738
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an invalid query parameter in a response from an OAuth authorization endpoint.

CVE-2014-0188
Published: 2014-04-24
The openshift-origin-broker in Red Hat OpenShift Enterprise 2.0.5, 1.2.7, and earlier does not properly handle authentication requests from the remote-user auth plugin, which allows remote attackers to bypass authentication and impersonate arbitrary users via the X-Remote-User header in a request to...

CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

Best of the Web