Tous les blogs | Alerter le modérateur| Envoyer à un ami | Créer un Blog


Un nouveau pas vers "1984" ?

lu sur :

U.S. Is Working to Ease Wiretaps on the Internet

WASHINGTON — Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone.

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

The bill, which the Obama administration plans to submit to lawmakers next year, raises fresh questions about how to balance security needs with protecting privacy and fostering innovation. And because security services around the world face the same problem, it could set an example that is copied globally.

James X. Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had “huge implications” and challenged “fundamental elements of the Internet revolution” — including its decentralized design.

“They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet,” he said. “They basically want to turn back the clock and make Internet services function the way that the telephone system used to function.”

But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers.

“We’re talking about lawfully authorized intercepts,” said Valerie E. Caproni, general counsel for the Federal Bureau of Investigation. “We’re not talking expanding authority. We’re talking about preserving our ability to execute our existing authority in order to protect the public safety and national security.”

Investigators have been concerned for years that changing communications technology could damage their ability to conduct surveillance. In recent months, officials from the F.B.I., the Justice Department, the National Security Agency, the White House and other agencies have been meeting to develop a proposed solution.

There is not yet agreement on important elements, like how to word statutory language defining who counts as a communications service provider, according to several officials familiar with the deliberations.

But they want it to apply broadly, including to companies that operate from servers abroad, like Research in Motion, the Canadian maker of BlackBerry devices. In recent months, that company has come into conflict with the governments of Dubai and India over their inability to conduct surveillance of messages sent via its encrypted service.

In the United States, phone and broadband networks are already required to have interception capabilities, under a 1994 law called the Communications Assistance to Law Enforcement Act. It aimed to ensure that government surveillance abilities would remain intact during the evolution from a copper-wire phone system to digital networks and cellphones.

Often, investigators can intercept communications at a switch operated by the network company. But sometimes — like when the target uses a service that encrypts messages between his computer and its servers — they must instead serve the order on a service provider to get unscrambled versions.

Like phone companies, communication service providers are subject to wiretap orders. But the 1994 law does not apply to them. While some maintain interception capacities, others wait until they are served with orders to try to develop them.

The F.B.I.’s operational technologies division spent $9.75 million last year helping communication companies — including some subject to the 1994 law that had difficulties — do so. And its 2010 budget included $9 million for a “Going Dark Program” to bolster its electronic surveillance capabilities.

Beyond such costs, Ms. Caproni said, F.B.I. efforts to help retrofit services have a major shortcoming: the process can delay their ability to wiretap a suspect for months.

Moreover, some services encrypt messages between users, so that even the provider cannot unscramble them.

There is no public data about how often court-approved surveillance is frustrated because of a service’s technical design.

But as an example, one official said, an investigation into a drug cartel earlier this year was stymied because smugglers used peer-to-peer software, which is difficult to intercept because it is not routed through a central hub. Agents eventually installed surveillance equipment in a suspect’s office, but that tactic was “risky,” the official said, and the delay “prevented the interception of pertinent communications.”

Moreover, according to several other officials, after the failed Times Square bombing in May, investigators discovered that the suspect, Faisal Shahzad, had been communicating with a service that lacked prebuilt interception capacity. If he had aroused suspicion beforehand, there would have been a delay before he could have been wiretapped.

To counter such problems, officials are coalescing around several of the proposal’s likely requirements:

¶ Communications services that encrypt messages must have a way to unscramble them.

¶ Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.

¶ Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

Providers that failed to comply would face fines or some other penalty. But the proposal is likely to direct companies to come up with their own way to meet the mandates. Writing any statute in “technologically neutral” terms would also help prevent it from becoming obsolete, officials said.

Even with such a law, some gaps could remain. It is not clear how it could compel compliance by overseas services that do no domestic business, or from a “freeware” application developed by volunteers.

In their battle with Research in Motion, countries like Dubai have sought leverage by threatening to block BlackBerry data from their networks. But Ms. Caproni said the F.B.I. did not support filtering the Internet in the United States.

Still, even a proposal that consists only of a legal mandate is likely to be controversial, said Michael A. Sussmann, a former Justice Department lawyer who advises communications providers.

“It would be an enormous change for newly covered companies,” he said. “Implementation would be a huge technology and security headache, and the investigative burden and costs will shift to providers.”

Several privacy and technology advocates argued that requiring interception capabilities would create holes that would inevitably be exploited by hackers.

Steven M. Bellovin, a Columbia University computer science professor, pointed to an episode in Greece: In 2005, it was discovered that hackers had taken advantage of a legally mandated wiretap function to spy on top officials’ phones, including the prime minister’s.

“I think it’s a disaster waiting to happen,” he said. “If they start building in all these back doors, they will be exploited.”

Susan Landau, a Radcliffe Institute of Advanced Study fellow and former Sun Microsystems engineer, argued that the proposal would raise costly impediments to innovation by small startups.

“Every engineer who is developing the wiretap system is an engineer who is not building in greater security, more features, or getting the product out faster,” she said.

Moreover, providers of services featuring user-to-user encryption are likely to object to watering it down. Similarly, in the late 1990s, encryption makers fought off a proposal to require them to include a back door enabling wiretapping, arguing it would cripple their products in the global market.

But law enforcement officials rejected such arguments. They said including an interception capability from the start was less likely to inadvertently create security holes than retrofitting it after receiving a wiretap order.

They also noted that critics predicted that the 1994 law would impede cellphone innovation, but that technology continued to improve. And their envisioned decryption mandate is modest, they contended, because service providers — not the government — would hold the key.

“No one should be promising their customers that they will thumb their nose at a U.S. court order,” Ms. Caproni said. “They can promise strong encryption. They just need to figure out how they can provide us plain text.”




The New York Times

  • Reprints
  • This copy is for your personal, noncommercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers here or use the "Reprints" tool that appears next to any article. Visit www.nytreprints.com for samples and additional information.


1984 aujourd'hui

(1984 est un roman d'anticipation de George Orwell paru en 1949.)


lu sur :


Publié le 06/08/2010 à 10:16 Le Point.fr



Les usagers des télécoms tenus à l'oeil par les États

Par Guerric Poncet


Le fabricant des smartphones Blackberry, le canadien Research in Motion, a récemment subi des pressions de la part de plusieurs gouvernements souhaitant l'accès à des données cryptées. Objectif avoué : surveiller les utilisateurs pour assurer la sécurité de l'État. L'Arabie saoudite, les Émirats arabes unis et l'Inde ont ainsi exigé de RIM qu'il trahisse la confidentialité des échanges de ses clients, au nom de la sécurité nationale. Les gouvernements ne cachent donc plus leurs intentions d'espionner les télécommunications, quitte à empiéter sur la vie privée de leurs administrés. Même les États-Unis et les États membres de l'Union européenne.

Si ces pays démocratiques font pression sur leurs entreprises afin qu'elles n'exportent pas de telles technologies vers des régimes autoritaires, ils assument aussi une culture sécuritaire impliquant une surveillance minutieuse des télécommunications. "Depuis 2001, au nom de la lutte légitime contre le terrorisme, on accepte de nouvelles pratiques de surveillance", explique au Point.fr Jean-François Julliard, secrétaire général de Reporters sans frontières (RSF). Le "Patriot Act" de l'administration Bush prévoit l'interception de toutes les télécommunications, sur le territoire américain comme ailleurs, alors qu'en France les deux Loppsi et la LCEN donnent de nouveaux pouvoirs de surveillance aux autorités.

Un gros pactole pour les plus mauvais élèves

Au bout de la chaîne, les grands gagnants sont les entreprises qui, dès le début, avaient misé sur la surveillance des réseaux, au risque d'écorcher leur image. Pointé du doigt dans les années 2000 pour sa collaboration avec la Chine et sa "Cyber Grande Muraille", le géant américain Cisco Systems a acquis une grande expertise dans le filtrage et l'interception de données. En 2009, c'est au tour de l'européen Nokia Siemens Networks d'essuyer la critique : la coentreprise a fourni à l'Iran des technologies permettant le filtrage et l'inspection des réseaux. Dernier exemple en date : Alcaltel-Lucent, accusé par RSF de fournir du matériel à la junte birmane. Coincées, les entreprises occidentales expliquent alors qu'elles ne contribuent pas directement à la censure et à l'espionnage au sein des régimes totalitaires : elles ne font que fournir des matériels standard, qui incluent des fonctionnalités de surveillance (monitoring). Une posture toutefois difficile à défendre.

L'arrivée des nouveaux vecteurs de télécommunications (téléphonie mobile, internet) a profondément changé les habitudes des gouvernements. La lettre postale nécessite un dispositif lourd pour la trouver et l'ouvrir : difficile d'agir discrètement, et le destinataire peut s'en rendre compte. "Heureusement", l'arrivée du téléphone permet l'écoute discrète, sans que les interlocuteurs ne soient alertés. Le mobile, lui, ouvre une nouvelle porte puisqu'il peut être surveillé et écouté de n'importe où, et donne la position approximative, voire exacte (GPS), de la cible. Internet termine le travail en rabotant toutes les échardes qui pouvaient encore déranger les États trop curieux. Aujourd'hui, de nombreux États disposent techniquement de tous les outils pour espionner l'ensemble des télécommunications de leurs citoyens. Le temps du courrier à cheval est bien révolu, celui du sceau en cire garantissant la confidentialité aussi.