1984 Here We Come

Randu2

I’ve always wondered whether or not federal law enforcement management ever think about what they say before saying it.   Currently, they want to put a backdoor in every piece of software so that if given a warrant, the government can go in and snoop on sensitive cyber-information.  And their reasoning is based on the fact that CALEA has worked with telecommunications so why can’t it be done elsewhere, predominantly software.

As a telecommunications professional of over a decade of experience and having been in the security industry for a major part of my life, I have to say that they fail to actually understand how CALEA is implemented.  While it is a government mandated security act that telecommunications and internet providers have had to deal with, it’s also got something that most software doesn’t.  A physical footprint.   To actually use a CALEA backdoor, you physically have to go to a 24/7 manned switch, that has hardware to jack into to basically “eavesdrop”.   It’s more complicated than that, but that’s pretty much how it works.

However, with software, if there is a backdoor and it’s known by hackers, then hackers will try everything in their power to break in through that area.  You know how in linux, they say never to use the root user?  That’s the same principle.   Don’t give it out, don’t acknowledge, because once people know that it exists, it becomes a security risk.

And if you’re in security, you should understand the risk assessment value and how ease of use is predominantly inversely proportional to security.  Always has been, and for the most part, always will be.  On top of all of this, there is another method that people will use to get around all of this.   Bouncers and darknets.   If this law is passed, they actually make their lives a lot more difficult as enforcement since most people don’t just think about using darknets or even understand how bouncers work.  If a wiretap is in place in all areas though, then it forces the underground to come up with new ways of communications without fear of someone looking over their shoulder.  And is that what law enforcement wants?  That doesn’t sound “easier” by any means of the imagination.

At least not to me.

Enhanced by Zemanta