Why the Feds Don’t Need a New Social Media Wiretap Law

Are web 2.0 services like GMail, Facebook, and bit-torrent really making it harder for the FBI to wiretap people doing illegal things? Do they need congress to pass a set of laws to aid them in capturing someone who uses Facebook? As someone who works computer forensics with law enforcement agencies, I’d say no. Its not enough for them to get your data after a wiretap, they want it now!

Sure, if data lies on Facebook’s servers and not your local hard drive, the feds will have to get a separate warrant/subpoena for those locations. The government already can wiretap your e-mail using the Communications Assistance for Law Enforcement Act (CALEA).

CALEA requires telcos and ISPs to turn over real-time monitoring to the feds if they are presented with a wiretap order. If the FBI had it their way, when those providers get the wiretap order authorities would not only have access to your real-time data, but also everything stored remotely.

So you might not be updating your pics on Facebook, but since you logged in anyway, they’d have access. Its a scary thought that everything online would be this accessible. Compound that with the risk of warrantless wiretaps and it’s enough for normal people to be concerned about their privacy online.

The feds know how much they can push, though. They’ve decided that the best way for them to address real-time wiretaps is through a shady program known as “Going Dark.” It’s shady enough that the Electronic Frontier Foundation had to file a freedom of information act request to find out any info on it.

This program aims to offer “incentives” to software developers to join their program. What incentives they’re offering, they don’t say. This week a software security company was hacked and it was revealed that the government was paying them to write backdoors into software for them. Microsoft has long been accused of having a backdoor in all of their products for the NSA.

I’m guessing that the FBI is asking, politely, for similar things. I don’t know what incentives the feds could offer a company, but since the “Going Dark” program is multi-agency and spans defense, law enforcement, and the Department of Justice, they could offer all kinds of under-the-table deals that we’d never hear about.

One of the problems we’re going to face in the future is that the government has no real standards in terms of computing. One agency will run one piece of software, another will run a completely different piece, on a different platform. The government also gets bilked by IT companies. I’ve seen broke school districts paying $2,000 for a Dell workstation because that’s what their contract says they’ll do.

I’m sure the different federal agencies work in a similar fashion. I’ve given presentations at law enforcement seminars where the previous speakers were standing up and teaching computer crime units on how to use Google. (As in, “put what you want to search for in the text box, click “search!”) And while I’ve given presentations where people actually know what they’re doing, the majority however have no clue. The people who are dreaming up these projects are trying to win support from people who have absolutely no clue when it comes to technology.

Privacy might not be a major concern for you now, but if programs like “Going Dark” get slipped under the radar its going to be too late for any of us to have privacy online ever again.