The FBI has drafted sweeping legislation that would require Internet service providers to create wiretapping hubs for police surveillance and force makers of networking gear to build in backdoors for eavesdropping, CNET News.com has learned.
Emphasis is my own, as usual.
Any default "backdoor" has always been more of a security threat than a feature. More often than not, such devices are installed with the default configuration and passwords, making it trivial at best to disable such monitoring. Worst case scenario, it gives an attacker a place on your network to intercept as much data as possible.
FBI Agent Barry Smith distributed the proposal at a private meeting last Friday with industry representatives and indicated it would be introduced by Sen. Mike DeWine, an Ohio Republican, according to two sources familiar with the meeting.
The draft bill would place the FBI's Net-surveillance push on solid legal footing. At the moment, it's ensnared in a legal challenge from universities and some technology companies that claim the Federal Communications Commission's broadband surveillance directives exceed what Congress has authorized.
This is basically to make legal what the NSA and AT&T have been doing for several years. Yet another reason to start using public-key encryption wherever possible.
The 27-page proposed CALEA amendments seen by CNET News.com would:
• Require any manufacturer of "routing" and "addressing" hardware to offer upgrades or other "modifications" that are needed to support Internet wiretapping. Current law does require that of telephone switch manufacturers--but not makers of routers and network address translation hardware like Cisco Systems and 2Wire.
• Authorize the expansion of wiretapping requirements to "commercial" Internet services including instant messaging if the FCC deems it to be in the "public interest." That would likely sweep in services such as in-game chats offered by Microsoft's Xbox 360 gaming system as well.
• Force Internet service providers to sift through their customers' communications to identify, for instance, only VoIP calls. (The language requires companies to adhere to "processing or filtering methods or procedures applied by a law enforcement agency.") That means police could simply ask broadband providers like AT&T, Comcast or Verizon for wiretap info--instead of having to figure out what VoIP service was being used.
• Eliminate the current legal requirement saying the Justice Department must publish a public "notice of the actual number of communications interceptions" every year. That notice currently also must disclose the "maximum capacity" required to accommodate all of the legally authorized taps that government agencies will "conduct and use simultaneously."