In yesterday’s New York Times article U.S. Pushes to Ease Technical Obstacles to Wiretapping, Charlie Savage relates current efforts by the Obama administration (Justice and Commerce departments and the FBI) to enhance their ability to tap your communications. Apparently, the misbegotten Communications Assistance to Law Enforcement Act isn’t doing the job that the Clinton administration hoped for. It seems law enforcement is surprised that panning for nuggets in the torrents of communications pulsing through the nations arteries isn’t trivial.
It’s a battle they can’t win. Although criminal undertakings are facilitated by secure communications, the same can be said of many personal and commercial communication. If they press too hard, and the same goes for India and the Arab nations that have been leaning on Research In Motion over the secure Blackberry messaging system, they’re going to see the whole process end up out of reach. How might this come to pass? Simple: open source software solutions. The heart of secure communication is encryption, and governments have never been all that good at it. In recent years, the most secure encryption methodologies have all come from the OSS community and, in reaction to the Clinton-era attempts to block secure encryption in the US, this is almost all done outside the US. One of the few OSS projects that American programmers can’t work on is OpenBSD, developed primarily in Canada, because the lead developers fear that anything developed in the US might be compromised by government action. Security for most online transactions come from the OpenSSL Project, none of the core participants are from the US.
What would an OSS approach look like? It would look just like a standard e-mail client, only it would offer end-to-end encryption. In order to tap it, the FBI would have to have a warrant to monitor the sender or the receiver, a process about as obvious as thrusting a microphone in the faces of two people talking quietly in a dark corner of a bar. In other words, they couldn’t do it until their investigation was over. Further, the program could be made such that without the owners active cooperation, there was no readable information on the computer. Would using such a program identify a person as a terrorist? Not at in a world where business and technology secrets are sought after by those who don’t have the talent or patience to develop their own technology.
When this nation was founded, the police could get a warrant to search your premises or to arrest your person, in either case you knew of the warrant when it was invoked and it was issued by a judge as a matter of public record. The FBI feels put upon to be spending $20 million a year to “help” communication vendors comply with CALEA. They shouldn’t, they’re getting information that they have no business hearing or seeing.
If I Were King, communication would not be a matter for law enforcement, only criminal acts in the physical world would be.