Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
SANS, which is the industry thought leaders in cyber security had this to say about the newly proposed bill:
Quote:
TOP OF THE NEWS
--Administration Will Seek Changes in Wiretap Rules to Cover New Technologies (September 27, 2010) The Obama administration plans to submit a bill to legislators next year that would require all communications services to have technology in place so they will be able to comply with wiretap orders. Targets include services like BlackBerry, Facebook and Skype. The administration claims that the increasing use of online communications has lessened their abilities to intercept communications of criminal and terrorism suspects. The proposal is likely to require communications services offering encryption to have method decryption; to require foreign companies doing business within the US to establish offices in the country that can intercept the requested communications; and to require peer-to-peer software developers to redesign their products to allow interception. Officials maintain the proposal is not seeking an expansion of authority, but rather is clarifying how wiretaps apply to technologies that did not exist when the original rules were established. The proposal has met with criticism. Columbia University computer science professor Steven M. Bellovin noted that "if they start building in all these back doors, they will be exploited," and Center for Democracy and Technology vice president James X. Dempsey said "They basically want to turn back the clock and make Internet services function the way that the telephone system used to function." http://www.nytimes.com/2010/09/27/us...pagewanted=all [Editor's Note (Northcutt): Steven Bellovin is correct; there is ZERO chance of law enforcement being able to implement this and organized crime not being able to exploit it. This is a lose-lose proposal. (Pescatore): In 1994, we went through the same drill when phone lines went digital and thus the Community Assistance to Law Enforcement Act which forced telecoms vendors to build in back doors to enable legal surveillance. There always needs to be a balance between what technology can do and what society allows law enforcement to do.]
--RIM Exec Puts Forward Possible Compromise in Encrypted Communication Issue (September 27, 2010) Addressing what is becoming a hot-button issue, co-CEO of BlackBerry parent company Research in Motion (RIM) Jim Balsillie said that while his company does not have the capability to provide governments with encryption keys to unscramble communication s sent over its systems, the companies themselves could offer those keys to governments that request them. Balsillie observed that governments demanding the keys could scare companies away from doing business in that country.
In recent months, governments of several countries have expressed concern over their inability to access plaintext versions of communications over RIM networks. The current US administration plans to introduce legislation that would require services like Blackberry to be ready to comply with wiretap orders (see story above). http://www.msnbc.msn.com/id/39387290...ence-security/ [Editor's Note (Pescatore): This ground has been traveled before, as there is precedent for businesses having to give keys to locked cabinets, combinations to safes, etc. in response to legal search orders. The real issue is governments want the ability to do surveillance *without* the target knowing, see item 40.]
When you have the REAL cyber security professionals saying this is a lose-lose situation you know for a fact that this administration does not know what they are doing and their lacky cyber security team is just as horrendous.
SANS, which is the industry thought leaders in cyber security had this to say about the newly proposed bill:
When you have the REAL cyber security professionals saying this is a lose-lose situation you know for a fact that this administration does not know what they are doing and their lacky cyber security team is just as horrendous.
Thank you for the info, it's interesting.
But I'd go further and say it's not merely an indictment of this administration's cyber security or IT team, it's indicative of much of government at many levels, and across time.
You do remember the thousands of missing Bush emails?
I see questionable security directives and implementations quite often, and they didn't begin with Obama taking office.
SANS, which is the industry thought leaders in cyber security had this to say about the newly proposed bill:
When you have the REAL cyber security professionals saying this is a lose-lose situation you know for a fact that this administration does not know what they are doing and their lacky cyber security team is just as horrendous.
What they want to do is have the ability to randomly tap into someone's email/facebook/myspace account and read all their "stuff" and do it without having to contact the host/service provider.
But I'd go further and say it's not merely an indictment of this administration's cyber security or IT team, it's indicative of much of government at many levels, and across time.
You do remember the thousands of missing Bush emails?
I see questionable security directives and implementations quite often, and they didn't begin with Obama taking office.
Yes I understand it didn't start with him, but they need to get with the program.
What they want to do is have the ability to randomly tap into someone's email/facebook/myspace account and read all their "stuff" and do it without having to contact the host/service provider.
Exactly right. What SANS points out is a great point. If backdoors are put in they WILL be exploited.
On a side note, I wonder if Obama's Blackberry will fall under the bill?
I think the US govt saw how RIM complied with UAE, Saudi Arabia, and Kuwait when those countries said they would ban Blackberries unless. Dollar signs came first for RIM and they've reportedly put "hooks" into their systems so those governments can gain access (to communications from devices within those countries).
Considering that any web service worth its salt (pun not intended) that offers security and privacy will encrypt users' credentials and store them encrypted, this seems to require that a plaintext version be stored somewhere as well - and that is fraught with the potential for theft and misuse.
I think the US govt saw how RIM complied with UAE, Saudi Arabia, and Kuwait when those countries said they would ban Blackberries unless. Dollar signs came first for RIM and they've reportedly put "hooks" into their systems so those governments can gain access (to communications from devices within those countries).
Considering that any web service worth its salt (pun not intended) that offers security and privacy will encrypt users' credentials and store them encrypted, this seems to require that a plaintext version be stored somewhere as well - and that is fraught with the potential for theft and misuse.
That's right Bob. The potential for misuse and intrusion would be very high in that scenario.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.
Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
