WebProNews

Tag: Wiretap

  • Yes, Your Google Hangouts Can Be Wiretapped

    Google encrypts your Hangouts conversations, but it doesn’t use end-to-end encryption. This means that Google can wiretap your Hangouts at the government’s request.

    That’s one big revelation from a recent reddit AMA with Richard Salgado, Google’s director for law enforcement and information security, and David Lieber, Google’s senior privacy policy counsel.

    The American Civil Liberties Union’s chief technologist Christopher Soghoian asked the Google reps why they’ve made a habit of dodging questions about Hangouts’ encryption, saying,

    “Hi. Google has repeatedly refused to acknowledge whether or not it is capable of wiretapping Hangouts for government agencies. In contrast, Apple’s FaceTime product uses end-to-end encryption and the company says it is not able to wiretap this service. Why has Google refused to be transparent about its ability to provide wiretaps for Hangouts? Given Google’s rather impressive track record regarding surveillance transparency, the total secrecy regarding the company’s surveillance capabilities for this product is quite unusual.”

    Google’s response (bolding ours)?

    “There are legal authorities that allow the government to wiretap communications. Google was the first company to disclose the number of wiretap orders it receives issued in criminal investigations. (There were a total of 7 wiretap orders in the first half of 2014, covering 9 accounts, for example). We also report requests made under national security authorities to the extent we are allowed by law. We want to be able to be much more granular about the number and nature of these demands, and think that’s important for people who use Google, policymakers and the public. Hangouts are encrypted in transit, and we’re continuing to extend and strengthen encryption across more services.”

    As reddit user reddit_poly put it, “this means that Hangouts are only encrypted on their way between your computer and Google’s servers. Once they arrive at Google’s end, Google has full access. In short, this is confirmation Google can wiretap Hangouts.”

    Google confirmed all of this to Vice:

    We asked Google to clarify, or elaborate, on Monday, and a spokesperson confirmed that Hangouts doesn’t use end-to-end encryption. That makes it technically possible for Google to wiretap conversations at the request of law enforcement agents, even when you turn on the “off the record” feature, which actually only prevents the chat conversations from appearing in your history—it doesn’t provide extra encryption or security.

    According to Google’s latest Transparency Report, the company received 25 wiretap requests from January 2013 to June 2014. Whether or not those had to do specifically with hangouts was not disclosed.

  • FBI Is Hoping To Wiretap Internet Services – Should It Be Allowed?

    FBI Is Hoping To Wiretap Internet Services – Should It Be Allowed?

    As technologies have advanced, they have dramatically changed the way that we live and interact. We, as consumers, have become accustomed to the convenience, capabilities, and even the entertainment that they provide. But, should these same advantages be applied to other areas such as law enforcement?

    This topic has recently come up for debate after the FBI indicated that it is contemplating legislation that would require Internet firms to build backdoors into their services for government surveillance. The bureau is hoping to amend the 1994 Communications Assistance for Law Enforcement Act (CALEA) in order to require companies such as Google, Microsoft, Apple, and Facebook to comply with federal wiretapping orders if the need arises.

    CALEA, in its current form, applies to telecommunications companies. It was amended in 2004 to also include broadband networks, but if the FBI’s effort works, it could also force Web companies to alter their code to ensure surveillance capabilities.

    Michael Donahue, Partner at Marashlian & Donahue, LLC “Basically, the FBI wants to amend CALEA to keep up with the changes in technology that have taken place over the last 18 years since CALEA became law,” Michael Donahue, partner at Marashlian & Donahue, LLC, tells WebProNews.

    In the past, the FBI has worked to develop independent solutions for these types of companies, explained Donahue. However, due to budget cuts, the funding for them no longer exists.

    These recent developments are part of the bureau’s mission to resolve, what it calls, its “Going Dark” problem. According to information released by the FBI, “Going Dark” refers to “law enforcement’s limited capability to comprehensively and lawfully collect data and information, conduct electronic surveillance and analyze the raw data due to the rapid evolution of telecommunications and data collection technology and services.”

    Research shows that the “Going Dark” problem dates back several years. Under this initiative, Donahue told us that the FBI is trying to achieve the following actions:

    1. To commit the FCC to regulate technical standards for solutions
    2. To require the FCC to approve a standard in order for it to be considered a safe harbor
    3. To eliminate or modify the current exemption in CALEA for private networks (i.e., Universities, Colleges, etc.)
    4. To eliminate or modify the current exemption for information services
    5. To provide stronger enforcement of existing requirements that providers that enable encryption are also able to decrypt the information for law enforcement
    6. To require providers to certify their CALEA compliance annually

    “While this was a small problem a number of years ago,” pointed out Donahue, “it’s becoming an increasingly larger problem as more services are moving to different technologies and more innovative technologies that are not currently covered by CALEA, or they fall into a gray area where CALEA may or may not apply.”

    The FBI has said that, with this move, it has no intention of gaining more authority. It believes the amendment would be a natural evolution of its current tools and that it would help their agents do their jobs more effectively.

    “What it’s [FBI] seeking is the ability to go to a provider and obtain the kind of information that it’s authorized to get under the law in a cooperative manner,” said Donahue.

    He went on to say that law enforcement currently runs into the problem of, after obtaining the court order, finding the company doesn’t have a solution in place for letting it get the information it needs. Another issue that law enforcement is facing is dealing with a company that has a solution but finding that it hasn’t been maintained, thus making it unusable.

    Since these problems have persisted for several years without a solution, the FBI has reported the non-compliant parties to the FCC. Based on current processes, the commission, in turn, investigates the companies to see if they are in compliance with CALEA and its own rules. The FCC then has the authority to fine or require the companies to comply. Although the commission has not issued any notices of liability yet, Donahue told us that he wouldn’t be surprised if it does in the near future.

    The current form of CALEA is careful to include protections for the privacy and security of users, but there are concerns being raised over these areas in light of a potential amendment the FBI is pushing. The FBI has yet to release an official proposal, but tech companies, privacy advocates, and consumer groups are not likely going to be supportive of such a measure.

    The monitoring of users’ online activities has become increasingly controversial in recent years, and it has sparked the introduction of numerous bills in Congress. However, given the reactions to SOPA and CISPA, it is not likely that the FBI’s amendment proposal will pass without a fight.

    “There are valid arguments on both sides, and I think what’s important is that both sides recognize there are privacy issues, there are issues with network security and cybersecurity and the ability of third parties to obtain access to systems,” said Donahue.

    “The key is to have a framework in place that addresses those issues to balance those with law enforcement’s concerns,” he added.

    Robert Mueller, FBI Director This week FBI Director Robert Mueller criticized the press regarding its informal proposition saying that the media had presented a “distortion of what our needs are.”

    “What we are seeking is the ability to enforce that order, and be able to obtain those communications,” Mueller said. “And what we’re looking at is some form of legislation that will assure that when we get the appropriate court order, those individual companies that are served with that order do have the capability and the capacity to respond to that order.”

    
Since it is an election year, Donahue told us that it was unlikely that we would see any type of proposal from the FBI this year.