(Translated from the original Italian)
Social Networks represent a rich mine of information that is of great interest for researchers, cyber criminals and government agencies.
By analyzing the networks is possible to create a detailed profile of users, their relationships and his habits, and the possibility to exercise this control over social networks is an actual form of power - the power of knowledge.
We have all read news regarding the efforts by law enforcement and government agencies in the development of new tools and applications for the monitoring of social networks.
The FBI is one of the most active in this sense, and in the last months has publicly requested the design of a system for real time monitoring of social networks that would have to be ability to identify suspect behaviors that could be interpreted as an indicator for an ongoing crime.
According to CNET, the FBI is working to obtain a sort of backdoor for major social networks like Facebook, and also for some of the most used communications platforms such as Skype and Instant Messaging. The agency is interested in maintaining a backdoor for government surveillance, and for this reason it is collaborating with companies like Microsoft, Google and Yahoo.
The FBI has been lobbying these top Internet companies to support a proposal that would force them to provide these backdoors for government surveillance, according to CNET. The purpose of the collaboration between the FBI and major IT companies and Internet Services Providers (ISPs) is tied to the desire of the agency to have legislation passed that allows law enforcement to have this kind of access.
The FBI desires the collaboration of the major players in the IT sector to implement specific backdoor stubs inside their products with intent to make them wiretap-friendly, and the request is targeted at all communications platforms, social networks, email providers, chats and instant messaging.
On more than one occasion, government agencies have highlighted the difficulties related to the monitoring new communications channels based on the Internet.
Let's remember that CALEA (Communications Assistance for Law Enforcement Act), passed in 1994, requires every communication provider to make their system wiretap-friendly, and in 2004 the concept was extended also to ISPs by the Federal Communications Commission despite a non-application de facto of the major web companies.
Starting with the CALEA Act, the FBI is interested to extending the regulation to any kind of communications made using Internet channels, and this means that there will be a direct impact on VoIP communications used by famous platforms like Skype and Xbox Live.
Regarding Xbox, let me remind you that US Government has already committed to a project to spy on the communication made through gaming platforms, confirming the great interest of the current administration to monitor any kind of networks and any kind of information circulating on them.
In February 2011, CNET reported that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its "Going Dark" problem, illustrating how the wiretapping capabilities were being reduced with the progress of privacy technology.
"Caproni singled out "Web-based e-mail, social-networking sites, and peer-to-peer communications" as problems that have left the FBI "increasingly unable" to conduct the same kind of wiretapping it could in the past."
“Going Dark” is the FBI’s code name for its project to extend its ability to real time wiretap communications, it is born inside the bureau, now employing 107 full-time expert starting in 2009.
What are law enforcement's capabilities?
According to the declaration by Electronic Frontier Foundation attorney Kevin Bankston, the FBI already can intercept messages on social-networking sites and Web-based e-mail services with a system used is known as Carnivore, later renamed DCS1000.
The interception is possible because Facebook messages and Gmail messages travel in plain text over those same broadband wires for which the FBI demanded wiretapping capability.
The main problem is related to rapid technological evolution that makes surveillance systems obsolescent in a short amount of time, and this is the reason for the request by the FBI to include a backdoor in any product that could be involved in communications, like social networks and online game consoles.
Security and compromises
Of course, the presence of a backdoor in the products available on the market used for communications purposes could give a great advantage to law enforcement in the fight against cyber crime, but we cannot forget two fundamental aspects:
- Who and how will they manage the acquired data. The line between monitoring and censorship is thin, and we have observed in several countries questionable behavior with regards to this kind of information.
- The presence of a backdoor proposes a vulnerability from a security perspective. What would happen if a hostile government or group of cyber criminals could exploit it? It would be an unprecedented disaster.
The problem therefore lies in the ability to manage such a critical feature, and this issue is extremely complex. Are we ready to address these issues? I'm afraid not, unfortunately...
Cross-posted from Security Affairs