FBI欲监听Gmail和Skype等网络语音通信

[GRAND KING]

中国日报网 http://www.chinadaily.com.cn/hqzx/2013-05/21/content_16516850.htm

据《纽约时报》网站5月17日消息，美国联邦调查局（FBI）总顾问安德鲁•韦斯曼不久前表示，经由法院批准政府才能进行监控的做法已经“过时”，FBI今年工作的一项“重中之重”便是获得自由监听各种形式的互联网对话和监视云存储设备内容的权力。

在此之前，FBI已经获得了无需法院批准便可监视电子邮件内容以及要求相关机构提供个人银行信息和通话记录的权力。很显然，他们已经不满足于这些权力，他们还希望能够合法地监听网民在Gmail和Skype等社交网络上的实时通话内容。

具体而言，美国执法部门希望国会能够修改1994年颁布的《通信协助法》(CALEA)。该法律允许执法部门强迫互联网服务提供商和电话公司使用相关设备，监控它们的网络，但是该法律的适用范围没有包括电子邮件、云服务设备以及像Skype这样的在线通话服务提供商。当然，FBI也可以根据《窃听法案》授予的权力强迫上述服务提供商进行监视，但他们更希望可以在不事先经过法官批准的情况下行驶这些权利。

3月20日，在出席美国律师协会法律和国家安全常务委员会组织的午宴时，韦斯曼承认，FBI希望获得实时监听所有在线通话的权力，包括关于网络游戏的内容。他解释说，这是因为犯罪分子已经开始利用这些技术手段进行交流。

美国媒体评论认为，按照韦斯曼的逻辑，执法部门应该有权监听所有电话通话，并查阅所有邮件，因为毫无疑问犯罪分子也会利用这些方式进行“犯罪交流”。
根据Skype的拥有者美国微软公司提供的消息，该公司2012年总共收到美国执法部门4713项调查请求，涉及逾1.5万个Skype账户。不过，微软表示公司只透露了“一些非内容性的数据，比如Skype账号、姓名、邮件账号、计费信息及通话详细记录”，这些用户都曾使用Skype账号拨打电话。

（来源：中国日报网 柳洪杰 编辑：信莲）

 

[GRAND KING]

http://www.nytimes.com/2013/05/17/b...s-effort-to-allow-internet-wiretaps.html?_r=1&

Concerns Arise on U.S. Effort to Allow Internet ‘Wiretaps’
By SOMINI SENGUPTA

Surveillance can be a tricky affair in the Internet age.

A federal law called the Communications Assistance for Law Enforcement Act allows law enforcement officials to tap a traditional phone, as long as they get approval from a judge. But if communication is through voice over Internet Protocol technology — Skype, for instance — it’s not as simple.
That conversation doesn’t pass through a central hub controlled by the service provider. It is encrypted — to varying degrees of protection — as it travels through the Internet, from the caller’s end to the recipient’s.

The Federal Bureau of Investigation has made it clear it wants to intercept Internet audio and video chats. And that, according to a new report being released Friday by a group of technologists, could pose “serious security risks” to ordinary Internet users, giving thieves and even foreign agents a way to listen in on Americans’ conversations, undetected.

The 20 computer experts and cryptographers who drafted the report say the only way that companies can meet wiretap orders is to re-engineer the way their systems are built at the endpoints, either in the software or in users’ devices, in effect creating a valuable listening station for repressive governments as well as for ordinary thieves and blackmailers.

“It’s a single point in the system through which all of the content can be collected if they can manage to activate it,” said Edward W. Felten, a computer science professor at Princeton and one of the authors of the report, released by the Center for Democracy and Technology, an advocacy group in Washington.

“That’s a security vulnerability waiting to happen, as if we needed more,” he said.

The report comes as federal officials say they are close to reaching consensus on the F.B.I.’s longstanding demand to be able to intercept Internet communications. Companies that say they were unable to modify their operations to comply with the new wiretap orders would be subject to a fine, according to the plan. The White House has yet to review it.

Neither the F.B.I. nor White House officials have provided technical details of how the Web service providers would comply.

Law enforcement officials regularly seek information from Web companies about the communications of their users, from e-mail messages to social network posts and chats.

Microsoft, which owns Skype, reported receiving 4,713 requests in 2012 from law enforcement, which covered just over 15,000 Skype accounts; the company said it released only “noncontent data, such as a Skype ID, name, e-mail account, billing information and call detail records” if an account is connected to a telephone number.

Skype is a Luxembourg company, even after its acquisition by Microsoft, of Redmond, Wash. United States wiretap law does not apply to the company.

Along with Mr. Felten, who served as a technologist with the Federal Trade Commission until recently, the report’s authors include the cryptographer Bruce Schneier and Phil Zimmermann, who created what has become the most widely used software to keep e-mails private.

This article has been revised to reflect the following correction:

Correction: May 18, 2013

An article on Friday about a report criticizing the F.B.I.’s proposal to intercept Internet chats described the report’s authors incorrectly and misspelled the surname of one of them. The authors included 20 computer experts and cryptographers, not a dozen lawyers and cryptographers, and one of the authors is Phil Zimmermann, not Zimmerman. The article also erroneously included one person among the authors. Peter Swire, a former White House privacy lawyer, did not participate in the writing of the report.

 

[GRAND KING]

纽约时报中文网 http://cn.nytimes.com/business/20130520/c20intercept/

Concerns Arise on U.S. Effort to Allow Internet ‘Wiretaps’
翻译：许欣

在网络时代，监控会是件棘手的事情。

一部名为《通信协助法律执行法》(Communications Assistance for Law Enforcement Act)的联邦法律允许执法官员在获得法官批准的前提下对传统电话进行窃听。但如果交流是通过互联网协议语音技术——比如Skype——进行的，就没那么简单了。

此类对话不会传输到受服务提供者控制的中央枢纽。对话通过网络从呼叫终端传向接受终端时，会被加密，受到不同程度的保护。

美国联邦调查局（Federal Bureau of Investigation，简称FBI）曾明确表示，他们想要对网络音频和视频聊天内容进行窃听。根据一组技术专家在周五发布的新报告，上述举措会对普通网络用户造成“严重的安全威胁”，促使窃贼、甚至是外国情报机构在不被察觉的情况下窃听美国人的对话。

20位电脑专家和密码学家起草了上述报告，他们表示，要想达到新窃听法规的要求，公司唯有在软件或用户设备层面上对终端系统的构建方式进行重新设计，这实际上为压制性政府及普通盗贼和敲诈者创建了一个有价值的监听站。

华盛顿倡导组织民主与科技中心(Center for Democracy and Technology)发布了上述报告，报告作者之一、普林斯顿大学(Princeton University)计算机科学教授爱德华·W·费尔滕(Edward W. Felten)表示，“他们通过系统中的一个点就可以获取所有内容，前提是他们能够激活它。”

他说，“这是即将出现的安全漏洞，还嫌已有的漏洞不够多似的。”

报告发布时，联邦官员表示他们快要与FBI就其长期以来的要求——能够监听网络通信——达成共识。根据计划，无法修改操作系统，无法遵守新的窃听法规的公司将会被罚款。白宫还没有对该计划进行审查。

FBI和白宫官员都没有提供有关网络服务提供者如何遵守法规的细节。

执法官员经常通过网络公司了解网络用户的通信信息——电子邮件信息、社交媒体发帖情况，及聊天内容。

拥有Skype的微软(Microsoft)公司称，该公司2012年收到执法部门4713项请求，涉及逾1.5万Skype账户。微软表示公司只透露了“一些非内容性的数据，比如Skype账号、姓名、邮件账号、计费信息及通话详细记录”，前提是用户使用Skype账号拨打电话。

Skype是一家卢森堡公司，即便被总部位于华盛顿州雷德蒙德的微软公司收购后也还是如此。美国的窃听法对它并不适用。

除了近日刚刚离职的前联邦贸易委员会(Federal Trade Commission)技术专家费尔滕，报告作者还包括密码学家布鲁斯·施奈尔(Bruce Schneier)和菲尔·齐默尔曼(Phil Zimmermann)，后者开发了一种应用极为广泛的电子邮件隐私保护软件。

 

[GRAND KING]

http://www.nytimes.com/2011/02/18/u...l=1&adxnnlx=1369256936-idHYGUvkvVFLCiSdrGNYrw

As Online Communications Stymie Wiretaps, Lawmakers Debate Solutions
By CHARLIE SAVAGE

WASHINGTON — Leading Democrats on the House Judiciary Committee on Thursday reacted skeptically to the idea of overhauling surveillance laws to make it easier to wiretap people who communicate online rather than by telephone, a major priority for the Federal Bureau of Investigation.

The lawmakers expressed their concerns at a House hearing devoted to a problem that law enforcement officials call “going dark” — investigators’ inability to carry out court-approved wiretap orders when the people who are the targets communicate using services that lack a surveillance capability.

The F.B.I. has been quietly laying the groundwork for years for a push to require Internet-based communications services — like Gmail, Facebook, Twitter, BlackBerry and Skype — to design their systems with a built-in way to comply with wiretap orders. On Thursday, the bureau made its first full airing of the “going dark” problem.

“Due to the revolutionary expansion of communications technology in recent years, the government finds that it is rapidly losing ground in its ability to execute court orders with respect to Internet-based communications,” said the F.B.I.’s general counsel, Valerie Caproni.

A 1994 law requires phone companies to build their networks with the capability of immediately starting to intercept a user’s communications when the company is presented with a wiretap order. But that law does not cover Internet-based communication providers.

As a result, while they, too, are subject to court wiretap orders, they are often unable to comply, for technical reasons, when presented with one.

Ms. Caproni stopped short of making any specific legislative proposal, saying that the Obama administration was still debating the issue internally. Last fall, The New York Times reported that law enforcement officials were developing a bill that would impose new regulations on Internet communications companies and phone and broadband carriers, making them easier to wiretap.

“We don’t have a specific request yet,” Ms. Caproni said. “The administration does not yet have a proposal. It is something that is actively being discussed within the administration, and I am optimistic that we will have a proposal in the near future.”

Still, Representative John Conyers Jr. of Michigan, the ranking Democrat on the Judiciary Committee, was one of several lawmakers who said he was likely to greet such a proposal with skepticism. Forcing Internet communications services to build in “back doors” for law enforcement surveillance, he said, would hamper innovation and create vulnerabilities for hackers and foreign governments to exploit.

“Requiring back doors in all communications systems by law runs counter to how the Internet works and may make it impossible for some companies to offer their services,” Mr. Conyers said.

Several lawmakers of both parties raised concerns about how such a mandate would affect the competitiveness of Internet companies that operate in the United States. Still, several Republicans suggested sympathy with law enforcement officials’ fear that changing technology could hamper their ability to investigate criminals and terrorists.

Ms. Caproni emphasized that the F.B.I. was not seeking new surveillance powers, but rather a way to keep its existing powers from eroding. She also said the F.B.I. was not seeking a decryption key that would allow the government to directly intercept and unscramble secure communications.

Rather, she said, the bureau hoped to require communication service providers to deploy, within their own systems, a wiretapping capability. The provider would have to be able to isolate, intercept and deliver to the government a particular user’s communications in response to a wiretap order.

Susan Landau, a Radcliffe Institute for Advanced Study fellow and former Sun Microsystems engineer, argued against building interception systems within a service, citing high-profile cases in which hackers exploited such mechanisms in Greece and Italy to illegally spy on politicians and other prominent people.

Ms. Caproni spoke with caution about several aspects of the F.B.I.’s broad goals that have attracted controversy. For example, law enforcement officials have said in the past that all companies that facilitate communications should be able to provide a plain-text version of messages in response to a wiretap order.

Such a mandate could require major changes for companies like Research in Motion, whose BlackBerry Enterprise Server system relays encrypted messages that the company says it cannot unscramble. Last year, Research in Motion came into conflict with several governments, including in India and the United Arab Emirates, over their inability to conduct surveillance of messages sent via its encrypted service.

Asked about encryption, Ms. Caproni said that if a provider encrypted communications but had the ability to decrypt them, then it should be required to give law enforcement unscrambled versions. And she said that if an individual encrypted his own communications, investigators would have to find some other way to monitor that person.

But crucially, she did not directly address whether a service provider should be allowed to encrypt a user’s communications in such a way that the provider is unable to unscramble them — even if a court orders it to do so.

The hearing came a day after the release of several hundred pages of internal F.B.I. documents showing that the bureau has been working with great urgency to push to change legislation for years. The documents were obtained under the Freedom of Information Act by the Electronic Frontier Foundation, an Internet freedom advocacy group.

The documents shed new light on how the F.B.I.’s interest in the “going dark” problem predates the Obama administration. The bureau commissioned a study from the RAND Corporation and Booz Allen Hamilton several years ago, and it conducted surveys of law enforcement officials seeking examples of encountering obstacles to carrying out wiretap orders.

One such document redacted a legislative proposal for the “going dark” surveillance issue. But beneath it, a related proposal was left uncensored: electronic communications service providers, it said, should be required “to retain for two years records showing the origination and termination of communications.”

Currently, law enforcement agencies are able to obtain such records only if the provider has chosen to preserve them for its own purposes, like billing.