Columbia's Bellovin says the flaws are appalling and show that the FBI fails to appreciate the risk from insiders.
"The underlying problem isn't so much the weaknesses here, as the FBI attitude towards security," he says. The FBI assumes "the threat is from the outside, not the inside," he adds, and it believes that "to the extent that inside threats exist, they can be controlled by process rather than technology."
Bellovin says any wiretap system faces a slew of risks, such as surveillance targets discovering a tap, or an outsider or corrupt insider setting up unauthorized taps. Moreover, the architectural changes to accommodate easy surveillance on phone switches and the internet can introduce new security and privacy holes.
"Any time something is tappable there is a risk," Bellovin says. "I'm not saying, 'Don't do wiretaps,' but when you start designing a system to be wiretappable, you start to create a new vulnerability. A wiretap is, by definition, a vulnerability from the point of the third party. The question is, can you control it?"
Well it's a good thing that we can completely trust the FBI to understand the scope of its responsibilities and the limits of its power because it has never abused the privileges entrusted to it in the past. Oh, wait.
No comments:
Post a Comment