Skip to main content

Security experts warn FBI wiretap bill would make apps less secure

Security experts warn FBI wiretap bill would make apps less secure

/

Bruce Schneier and 19 other researchers say the FBI's plan is a bad idea

Share this story

FBI4
FBI4

A group of cybersecurity experts has come out in opposition to a White House-backed proposal that would dramatically expand the FBI's wiretapping capabilities for internet communication services.

In a new research paper, the group argues against new regulations under what's being called CALEA II, an extension to the 1994 Communications Assistance for Law Enforcement Act, which mandated law enforcement backdoor access for telephone networks. The new regulation would do something similar for internet communications, threatening heavy fines on companies that do not comply with wiretapping orders. That means that all apps would need to be built or rebuilt to be wiretap-ready, just in case they need to accomodate a law enforcement investigation.

"serious consequences for the economic well-being and national security of the United States."

The paper's authors warn that forcing companies to build intercept functionality into their end-user software would make it far easier for malicious actors to get access to systems, saying the proposal "is unwise and will be ineffective, with the result being serious consequences for the economic well-being and national security of the United States." Those authors include Bruce Schneier, security writer and co-creator of the Twofish encryption cipher, and Phil Zimmermann, creator of Silent Circle and the PGP encryption scheme.

Last week, sources told the New York Times that the White House was close to completing a deal that would put a wiretapping plan into action. The FBI is backing the proposal as a solution to what they call "going dark," the concern that the strong security schemes protecting web services like Skype, Google, and Facebook "hamstring" investigations. However, data from Congressional reports has shown that in 109 investigations between 2000 and 2011, encryption did not prevent law enforcement from accessing the contents of communications even once.