Sunday, October 23, 2005

The Losing Battle Waged by Law Enforcement

The FCC has recently issued an order requiring ISPs as well as universities, libraries and airport wi-fi providers to ensure, paying out of their own pocket, that their networks can be tapped by the federal government to monitor subjects' e-mail and web access (New York Times story here). The thought process behind the order is pretty clear -- the CALEA act of 1994 effectively enforced the same requirement on telephone service providers and the government figures that what applies to phones should apply equally to VoIP and e-mail. According to the US government, expanding the scope of this act to include the internet is designed to help catch terrorists.

One small problem, though. The terrorists have to be stupid enough to use unencrypted e-mail. Moreover, the implementation of such a tapping system would definitely have the consequence of making encrypted e-mail and VoIP sessions much more pervasive than they are today, especially when it comes to nefarious activities. I wonder if anyone has considered the possibility that the government is better off with today's system, where people don't feel the need to encrypt everything, and the government can still get at many people's e-mail by subpoena-ing ISPs to look at the content in their mail servers.

The root of the problem lies in the fundamental differences between telephone and internet-based systems. Telephone systems were designed for an end-to-end application terminated by humans on both ends -- carrying voice traffic across a wire. The only way to obfuscate communication was for the humans to speak in an invented foreign language that no one else understood, and this was very difficult. (You could also do some basic scrambling with automated devices that could be screwed on to the phone, but they were pretty complicated as well.) On the other hand, the internet is designed for applications terminated by programmable computers at both ends. Individuals can easily protect their communication by the simple expedient of using custom software that runs on both ends to encrypt and decrypt what goes out the wire. There isn't much use in tapping the communication channel if the channels are terminated by modifiable software!


Post a Comment

<< Home