Insecure by design

Insecure by design


CALEA (Computer Assistance Law Enforcement) is quietly in the background of current news again, because the FBI is pushing congress to mandate that all future routing equipment manufactured will include back doors for law enforcement. Like in CALEA mandates for telephone switching equipment, such back doors require no warrant to activate, and hence can be secretly enabled at will. Some vendors have already eagerly embraced CALEA inspired backdoors to internet routing equipment in anticipation of future intercept mandates, thereby already compromising the integrity and security their current and future customers. This approach of using backdoors on Internet connected systems, even more so than the original CALEA mandates for wiretapping backdoors in telephone switching centers, is a danger to both our infrastructure and our society.

CALEA has required that all telephone switching equipment manufactured since 1994 must include backdoors to enable wiretapping. While the need for lawful legal intercept is estimated to be in the range of 1000 or so wiretaps per year, and past practices have required not only warrants but also physical access to switching centers, these requirements were neither unduly burdensome, nor unduly expensive for the limited number of lawful investigations normally engaged in per year, whether back then or today. What these historic pre-CALEA limitations did assure is that the cost of mass privacy invasion would be far too expensive to ever effectively undertake.

By contrast, CALEA mandated backdoors allows one to activate wiretaps remotely on any scale desired, and to do so entirely in secret. Indeed, the NSA wiretapping scandal is an example of how CALEA can be misused. That the huge volume of information being collected, and the fact that most of the older telephone switching equipment does not normally support true network remote access, had forced the NSA to co-locate facilities in a number of switching centers to collect their data. Applying CALEA backdoors to distributed and even end-user deployed routing equipment that is already Internet connected of course eliminates the need to co-locate facilities, and hence would make it much harder to detect or determine the scope of any future illegal government activities, in regard to misusing Internet wiretapping.

While these mandates may be only originally intended for spying and use within North America, clearly, with proprietary telephone switching systems, such equipment was often also sold overseas. As the Greek prime minister discovered in 2004, when he and 100 other governmental officials were tapped for over a year by someone making use a CALEA mandated backdoor, “source secret by obscurity” backdoors often do not remain secret. Of course this is not the only incident where CALEA backdoors have been used for espionage purposes by others. Such systems are hence inherently insecure by design.

When one deliberately builds in government mandated backdoors that can be opened in secret and without notice, one is opening such systems to undetected access by anyone who can discover and operate them, including those who may be deemed even more undesirable than national governments spying on their own citizens. Even, as noted in the case of the Greek Government, the security of government facilities themselves may be compromised by outside parties. Such information may be used to blackmail individuals, to acquire identity information for theft, or to acquire passwords and information that could be used to compromise the underlying security of key infrastructures and safety systems, like for example power generation systems.

Personally I do not feel any “safer” in a state that requires the infrastructure for enabling or engages in mass surveillance of it's own citizens, or that practices guilt until proven innocent while claiming to do so in the name of my “protection” and safety. Indeed, I find that such a state is in fact a far greater danger to the safety of myself, my children, and the people as a whole, than the potential threats I am supposedly being protected against, whether real or imagined.

Category: 
Opinions
Tagging: 
privacy
calea
fbi
backdoors
wiretapping
routers

Comments

vach's picture
Submitted by vach on

CALEA does not provide free all-hands backstage passes for law enforcement. In the U.S. the same processes hold true--the LEA provides a hardcopy of a warrant (typically a fax) and the service provider executes the warrant. No differently than is done today. There is not a single point in this article that seems to have been researched effectively--rather, you're pointing to other people's blogs (read:opinions) on CALEA. Try going to the source and reading a bit, hell, you provided a link to http://www.askcalea.net/, how's about reading what's there.

Othello's picture
Submitted by Othello on

First of all he's not wrong, it does make it easier to wiretap, especially on a large scale. Second of all the main point seems to be the large gaping security holes that CAELA opens up. Remember kids, reading is FUNdamental!

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

The government's backdoor operates on UDP ports 1025-1031. The key to this backdoor is disguised as MS IM spam.

Anonymous visitor's picture
Submitted by Anonymous visitor (not verified) on

speaking as someone who has had to babysit a dms-250 CO switch for sprint
I did* get shown where the wiretap access was :) It was implemented as
a conference bridge with one set of wires cut (duh) they could dial in
and IF THEY HAD AUTHORIZATION could identify who was on and listion in.
actually anyone on the console can log in and find out where a cell phone is (ok, on what sector of what cell site) and even listion in on a conversation if they felt like it. You of course have to have a few passwords to do this but if your authorized to be at a console terminal, you generally have the passwords to do that.
also there was some hardware by that terminal to let me listion in/talk if
I felt like it.
morals to the story:
If big brother wanted to listion in, he would have to have a way to get the audio back to home base (ie the phone lines where they dialed in).
the ability to set up that conference bridge to monitor is behind a password or two, that means that they eather have to give it to big brother or they have to set it up.
I have no idea what the case is, personally I suspect big brother just has the password and they have a computer monitor whos on and pull what they are interisted in. just monitoring any and all conversations would
require a lot* of people listioning in and very little to show for it.
wait a minute, isnt that what echalon is for?
never mind...

caviets:
it was a number of years ago (ie more than 10) since I did this and i only have expierience on one model of CO switch.

adamparkar's picture
Submitted by adamparkar on

The key question becomes, does Microsoft really need Novell anymore, or is it ready to try its luck with Linux directly?
Anyways i have made some stationery logo design & website logo so i can better understand the main problems of this issue.

robertfalco's picture

The central question turns, causes Microsoft truly want Novell anymore, or is it quick to try its luck with Linux immediately?
Anyways I've attained a few stationery logo design & website logo so i could better empathise the important problems of this issue.

Author information

David Sugar's picture

Biography

David Sugar is an active maintainer for a number of packages that are part of the GNU project, including GNU Bayonne. He has served as the voluntary chairman of the FSF’s DotGNU steering committee, as a founder and CTO for Open Source Telecomm Corporation, and currently owns and operates Tycho Softworks.

Most forwarded

Interview with Dave Mohyla, of DTIDATA

Dave Mohyla is the president and founder of dtidata.com, a hard drive recovery facility based in Tampa, Florida.

TM: Where are you based? What does your company do?
DTI Data recovery is based in South Pasadena, Florida which is a suburb of Tampa. We have been here for over 10 years. We operate a bio-metrically secured class 100 clean room where we perform hard drive recovery on all types of hard disks, from laptop hard drives to multi drive RAID systems.

Anybody up to writing good directory software?

Since the very beginning, directories (of any kind) have had a very central role in the internet. (I have recently grown fond of Free Web Directory. Even Slashdot can be considered a directory: a collection of great news and invaluable user-generated comments. As far as software is concerned, doing a quick search on Google about software directories will return the free (as in freedom) software directories like Savannah, SourceForge, Freshmeat and so on, followed by shareware and freeware sites such as FileBuzz, PCWin Download Center and All Freeware (great if you're looking for shareware and freeware, but definitely less comprehensive than their free-as-in-freedom counterparts).

Interview with Mark Shuttleworth

Mark Shuttleworth is the founder of Thawte, the first Certification Authority to sell public SSL certificates. After selling Thawte to Verisign, Mark moved on to training as an astronaut in Russia and visiting space. Once he got back he founded Ubuntu, the leading GNU/Linux distribution. He agreed on releasing a quick interview to Free Software Magazine.

Is better education the key to finding better software?

I read David Jonathon's article Anybody Up To Writing Good Directory Software? the other day, which got me thinking about software directories in general. As David mentioned, many of the software directories one finds when doing a quick google search are free as in beer, not as in freedom. But what interests me is the software directories that already exist, providing a combination of both free as in beer software, and open source software. Sites such as Freeware Downloads and Shareware Download don't advertise themselves as providing free as in liberty software, but each of them have a good selection of open source software available... if you know where to look.

Most emailed

Free Open Document label templates

If you’ve ever spent hours at work doing mailings, cursed your printer for printing outside the lines on your labels, or moaned “There has got to be a better way to do this,” here’s the solution you’ve been looking for. Working smarter, not harder! Worldlabel.com, a manufacture of labels offers Open Office / Libre Office labels templates for downloading in ODF format which will save you time, effort, and (if you want) make really cool-looking labels

Creating a user-centric site in Drupal

A little while ago, while talking in the #drupal mailing list, I showed my latest creation to one of the core developers there. His reaction was "Wow, I am always surprised what people use Drupal for". His surprise is somehow justified: I did create a site for a bunch of entertainers in Perth, a company set to use Drupal to take over the world with Entertainers.Biz.

Update: since writing this article, I have updated the system so that the whole booking process happens online. I will update the article accordingly!

So, why, why do people and companies develop free software?

More and more people are discovering free software. Many people only do so after weeks, or even months, of using it. I wonder, for example, how many Firefox users actually know how free Firefox really is—many of them realise that you can get it for free, but find it hard to believe that anybody can modify it and even redistribute it legally.

When the discovery is made, the first instinct is to ask: why do they do it? Programming is hard work. Even though most (if not all) programmers are driven by their higher-than-normal IQs and their amazing passion for solving problems, it’s still hard to understand why so many of them would donate so much of their time to creating something that they can’t really show off to anybody but their colleagues or geek friends.

Sure, anybody can buy laptops, and just program. No need to get a full-on lab or spend thousands of dollars in equipment. But... is that the full story?

Fun articles

Santa Claus - the most successful open source project

It dawned on me the other day, as I was shopping for the dozens of gifts it seems I have to buy every December, that Santa Claus is the most successful open source project in history. (Bridget @ Illiterarty would agree with that). Santa Claus is essentially a marketing development that is embodied by everyone who stuffs a sock, gives a gift, hosts a dinner or wishes Merry Christmas over the holiday season.

Most emailed

Editorial

When I first started thinking about Free Software Magazine, I was feeling enthusiastic about the dream. I had Dave, Gianluca, and Alan willing to help me, I had established members of the free software community willing to help me out, I had writers volunteering their time and energy for free, and I had a generous offer from OpenHosting for servers, all before I'd proved myself. There was a sense of excitement in the air, and I thought maybe, just maybe, I could make this work.

Free Software Magazine uses Apollo project management software and CRM for its everyday activities!