The FBI claims it is going dark. Encryption technologies have finally been deployed by software companies, and critically, enabled by default, such that emails are flowing over HTTPS, and disk encryption is now frequently used. Friendly telcos, who were once a one-stop-shop for surveillance can no longer meet the needs of our government. What can the FBI and other agencies do to preserve their spying capabilities?
Part of the answer is backdoors: The FBI is rallying political support in Washington, DC for legislation that will give it the ability to fine Internet companies unwilling to build surveillance backdoors into their products. Even though interception systems prove to be irresistible targets for nation states, the FBI and its allies want to make our networks less secure, not more.
The other solution embraced by the FBI is hacking, by the government, against its citizens. A team of FBI agents and contractors, based in Quantico, Virginia have developed (and acquired) the capabilities to hack into systems, deliver malware capable of surreptitiously enabling a computer's webcam, collecting real-time location data, as well as exfiltrating emails, web browsing records and other documents.
While politicians are clearly scared about hacks from China, our own law enforcement agencies are clearly in the hacking business. What does this mean for the current, heated debate about cybersecurity and our ability to communicate security?
Christopher Soghoian (@csoghoian) s a privacy researcher and activist, working at the intersection of technology, law and policy. He is the Principal Technologist with the Speech, Privacy and Technology Project at the American Civil Liberties Union. Soghoian completed his Ph.D. at Indiana University in 2012, which focused on the role that third party service providers play in facilitating law enforcement surveillance of their customers. In order to gather data, he has made extensive use of the Freedom of Information Act, sued the Department of Justice and used several other investigative research methods. His research has appeared in publications including the Berkeley Technology Law Journal and been cited by several federal courts, including the 9th Circuit Court of Appeals. Between 2009 and 2010, he was the first ever in-house technologist at the Federal Trade Commission (FTC)'s Division of Privacy and Identity Protection, where he worked on investigations of Facebook, Twitter, MySpace and Netflix.