Freedom Still Not Free (Wiretap Tax Edition)

|

Occasional Reason contributor Declan McCullagh reports:

Broadband providers and Internet phone companies will have to pick up the tab for the cost of building in mandatory wiretap access for police surveillance, federal regulators ruled Wednesday.

The Federal Communications Commission voted unanimously to levy what likely will amount to wiretapping taxes on companies, municipalities and universities, saying it would create an incentive for them to keep costs down and that it was necessary to fight the war on terror. Universities have estimated their cost to be about $7 billion.

A few months into working for a weekly newspaper in Myanmar, I learned that the dictatorship was forcing us to pay for our own government-appointed censorship body and our own set of spooks. It seemed ludicrous at the time.

NEXT: Iraq, Whose Model?

Editor's Note: We invite comments and request that they be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of Reason.com or Reason Foundation. We reserve the right to delete any comment for any reason at any time. Report abuses.

  1. Shameless plug: This kind of thing is why I wrote that FCC stands for Federal Communist Commission.

    4:20. Huh-huh.

  2. Well, it’s brutally obvious that the government does know something about how economics work, since they realise that making people pay their own way generally incentivises them to go the least expensive route possible.

    I cannot believe this shit is going down.

  3. During the Salem Witch Trials (and plenty of other times) accused and condemned witches were expected to pay rent for their incarceration and foot the bill for their own execution.

    It’s good to see we’ve come a long way since then.

  4. There is still a lawsuit pending in federal court…with luck this will go the way of the broadcast flag.

  5. As bad as this is, wiretapping is one of the least of my concerns at this point. Not because it’s not an invasion of privacy, but because as technology advances, it’s going to become an increasingly ineffectual invasion of privacy. How long will it be before a service like Vonage becomes available utilizing high-quality encryption? Pretty soon the only people the government will be able to spy on will be those with nothing to hide, and those criminals stupid and incompetent enough not to try to conceal their activities.

  6. AC:

    It’s technically possible for ISPs to “packet snoop” and, for example, drop all encrypted traffic, whether VOIP, e-mail, video, etc.

    So don’t think that encrypting your conversations will get you very far. Can you say “key escrow”?

  7. Prepare, folks. The revolution cometh.

  8. It’s technically possible for ISPs to “packet snoop” and, for example, drop all encrypted traffic, whether VOIP, e-mail, video, etc.

    No, it is not possible. Encrypted data is no different from any other binary data.

  9. A weekly in Myanmar!? Holy shit, I thought I was working in the hinterlands of journalism!

  10. ac, do you really think that Vonage will be able to offer such a solution in the US market without a gov’t requirement that they provide unencrypted wiretap capability? Let’s not be naive here…

    On the other hand, it seems to me that we ought to be able to build some form of STU-III-type of solution (utilizing more recent tech, natch) that one could plug in at either end.

    Or just send stuff RSA 2048 (or 4096, or what have you, depending upon your level of paranoia/requirement for operational security) encrypted via e-mail and call it good.

    The good news is that it’s one hell of a lot easier to secure data than it is to break its encryption. The bad news – if you’re trying to keep secrets – is that the NSA has some wicked fast computers, and some wicked smart folks running them… on the other hand, their capabilities are primarily (though, certainly, not exclusively) applied against terrorists and other true enemies.

  11. MP, AC:
    The traffic would have to be addressed to a specific port at some IP address wouldn’t it? If so you could just block all traffic with that addressing.

    Also if all the “bad guys” use encryption it would certainly make it easier to figure out which homes/computers/phones government would need to bug.
    Remember only criminals have anything to hide so only they would use encryption.

  12. saying it would create an incentive for them to keep costs down

    …because god knows businesses have no other reason than federal “incentives” to keep costs down…

  13. CH:
    Why bother using a fast computer to break the encryption when you can just do a sneek and peek and install a key logger on the their computer and get their password?

  14. And any of the people they pick up to interrogate will have to pay for the costs of their interrogation, no doubt.

    Everyone have your 24B/6 forms ready…

  15. This shouldn’t surprise anyone. Broadcasters had to foot the bill for the coerced transition to HDTV, with no say in the video standard or frequency allocation. Every broadcaster is now bleeding money out the ass. Thank you FCC.

  16. Would this be the same Declan McCullagh who sparked the great “annoying email law” panic of a few months ago?

  17. Well, zero, you make a good point… which is why physical security is also paramount in trying to keep secrets secret.

    As for encryption being the mark of a “bad guy,” I certainly know people who use at least some level of encryption routinely, just because they don’t like the idea of any snoop along the way being able to see their discussions.

    I can think of lots of good reasons for “good guys” to use encryption, and could probably even dream up some (tinfoil-free) scenarios in which it makes sense for “good guys” to use encryption that exceeds the NSA’s ability to break.

    A fair amount of Web traffic out there is already encrypted, albeit at pretty low key sizes. It’s not that easy to look at an encrypted datastream and figure out whether it’s Maw buying something on eBay or Ali discussing plans for tonight’s attack, without decrypting it first.

    That takes time, talent and CPU cycles, and is best directed at known targets. Bottom line: sigint at its best bolsters traditional intel methods, but does not replace them.

  18. Sounds like a reasonable user fee that all libertarians ought to support.

    The problem is not the fee (aka tax), but the reason for the fee. That is something libertarians ought to be up in arms about.

  19. Lots of businesses encrypt data that then passes through a VPN, the contents of which would be considered confidential data/trade secrets/IP.

    I doubt they’d like their connections being dropped.

    And some people work from their home office, so it’s really not feasible to drop encrypted data.

  20. Well, okay, you can see that one transaction is taking place on secure.paypal.com, and the other is happening on http://www.jihad.iq, but still…

  21. I can think of lots of good reasons for “good guys” to use encryption, and could probably even dream up some (tinfoil-free) scenarios in which it makes sense for “good guys” to use encryption that exceeds the NSA’s ability to break.

    Fucking feeling like it, for one. But I remember seeing a paper a couple of years ago about new ways to find prime factors quickly, which could be the end of public key encryption.

  22. There may have been a paper out on the topic, but progress on the RSA Challenge Numbers has been slow, so I guess I’m less worried about the end of public key encryption anytime real soon.

  23. I can’t wait to hear a federal judge explain how this isn’t a taking.

  24. No, it is not possible. Encrypted data is no different from any other binary data.

    Yes, it is (this is coming from a graduate student in computer science). Good encryption looks like noise.

    Unless you’re talking steganography, it’s fairly easy (statistically speaking) to spot an encrypted stream.

  25. notJoe,

    But, speaking totally as a layman, wouldn’t it be possible to modify the encrypted stream so as to make it look like signal? Sort of like how, in those kiddie detective stories, people write plausible-sounding messages that really are filled with codes?

  26. Unless you’re talking steganography, it’s fairly easy (statistically speaking) to spot an encrypted stream.

    You’re claiming that a JPG packet stream is distiguishable from a PGP packet stream simply based on the randomness of the bytes? I have a hard time believing that.

  27. Freedom Still Not Free

    Freedom costs a buck o’ five.

  28. I’d like to see the affected companies slap the words, “Federal Wiretapping Charge” or something to that effect in bold font on the front of the bill. I bet that would get some attention.

  29. crimethink:

    Yes, it is possible. It’s called steganography. I dunno how you’d hide an entire conversation that way, though.

    MP:

    JPEG and PGP formats have definite structure (headers, dictionaries, etc.). Given a chunk of bytes it’s trivial to say “these form a JPEG file” and “these form a PGP file”.

  30. It’s technically possible for ISPs to “packet snoop” and, for example, drop all encrypted traffic, whether VOIP, e-mail, video, etc.

    No, it is not possible. Encrypted data is no different from any other binary data.

    This raises an interesting discussion. In a vacuum, yes, data is data (much to Microsoft’s chagrin). There’s no difference between this bunch of zero’s and one’s and that bunch of zero’s and one’s. However…

    As VoIP proliferates and becomes mainstream, IP ports will be designated and standardized for certain types of packets. I.E., port 443 is the standard port for the HTTPS (secure browsing) protocol. I think the point of the O.P. should not be brushed off- what if all ISP’s were forced to drop all port 443 traffic?

    If two people do a point to point communication on a customizable platform, no, there’s nothing the government can do about it. But if we– to coin a phrase– order our lives around certain STANDARDS of digital communication, then the government could simply mandate that any use of said STANDARD must conform to their rules. Sure, I can hand carry all of my mail correspondence if I really wanted to, but I don’t– because it’s simply too inconvenient.

    Now, technology is limitless. So plenty of standardized traffic through known ports could be encryption encapsulated at the two endpoints. Yes, it’s a game of cat and mouse. But governments have all kinds of clever, workaholic types who stay up nights thinking of ways to beat technology- through sheer fiat.

    It never ceases to amaze me how, when big government begins to lose the battle of technology, simply mandates a zillion-pound hammer approach that circumvents the complexities of the market as a whole. And how quickly we accept it.

  31. “Yes, it is (this is coming from a graduate student in computer science). Good encryption looks like noise.”

    Wouldn’t it be possible to then zip the encrypted text, give an name like “family pics” and password protect it? Then attach it to an email with a message saying “Here’s the photos from the family reunion picnic last week”?

  32. Yes, it is (this is coming from a graduate student in computer science). Good encryption looks like noise.

    Unless you’re talking steganography, it’s fairly easy (statistically speaking) to spot an encrypted stream.

    notJoe:

    This is also technically true, in laboratory conditions. But this requires that one know what stream to look at. When faced with having to look at all the streams all the time, and the literally infinite types of data streams, both encrypted and unencrypted, then not to mention the fact that once identified, the encryption must be broken, the job of the government gets very, very difficult.

    There is, in fact, security in obscurity. A good mix of stealth (hiding), encryption (hardening) and obscurity (not drawing attention to oneself) is as excellent a model as one can maintain. See my post above. I’m beginning to lose *some* faith in the ability to have technology ‘beat’ the government. Again, because whenever technology gets away from government- like when switching networks get too complex- they just mandate a fricking secret wiretap room cross-linked to the core switch. Never underestimate the governments ability to simply mandate its way around your technology.

  33. Wouldn’t it be possible to then zip the encrypted text, give an name like “family pics” and password protect it? Then attach it to an email with a message saying “Here’s the photos from the family reunion picnic last week”?

    Mediageek: Absolutely, which is why the government probably won’t be able to ‘find’ the encryption. There are limitless ways of encrypting data. One can even send data ‘hidden’ inside other, non-encrypted data, blowing away the theory that encrypted streams ‘look like noise’.

    Example: create bitmap image. Change the least significant bits in each byte to represent an encoded text character. The image will still look just like an image, with minute color changes. But inside the image, are bits which represent a textual message. This is the ultimate type of security through obscurity which is nearly impossible to detect unless one knows or suspects that it is the method of transport.

    All of these improvised forms of encryption are fairly solid, hard or impossible to see, and nigh undetectable. But they’re not mainstream, and not convenient for the masses. The masses will always gravitate towards standardized, prepackaged methods of communication, and as such, can come under the purvue of the government.

  34. Man, remind me to have some of you guys on my side when I launch my Secret Plot to do Something Secret.

  35. Man, remind me to have some of you guys on my side when I launch my Secret Plot to do Something Secret.

    Sure, but let’s keep this just between you and me, ok?

  36. Paul,

    So, in other words, the people who are willing to go to whatever lengths to avoid detection by the govt (eg, terrorists) will be under the radar, but the typical harmless citizen will be subject to govt agents intercepting all his communication. As with gun control, the dangerous people won’t be affected at all, but the state’s control of the bulk of the citizenry will tighten.

  37. Funny how that works, eh?

  38. This reminds me of the not so distant past when the NSA types were trying to keep the likes of PGP out of the hands of, well, ordinary people and the, um, solution was to package encryption software we proles could use which, of course, NSA would retain the equivalent of a master key for so they could go after all the bad guys. So, I thought at the time, this is great. Previously, unencrypted data was fairly easy to recognize by the bit stream patterns, so those few of us who bothered to encrypt would indeed send out data that sounded like noise and by that very fact we would become suspicious. But if everyone sent out encrypted data routinely, then those of us who had previously encrypted (using PGP or whatever) would be less recognizable and more secure.

    Well, at the time I was told that was all nonsense because [insert technogibberish here] and my plan wouldn’t work. Anyone here able to explain to me in, um, English why it would or wouldn’t?

  39. Or, in case the government is reading this:

    Isthay emindsray emay ofyay ethay otnay osay istantday astpay enwhay ethay ANSAY ypestay ereway yingtray otay eepkay ethay ikeslay ofyay pGPay outyay ofyay ethay andshay ofyay, ellway, ordinaryyay eoplepay andyay ethay, umyay, olutionsay asway otay ackagepay encryptionyay oftwaresay eway olespray ouldcay useyay ichwhay, ofyay oursecay, ANSAY ouldway etainray ethay equivalentyay ofyay ayay astermay eykay orfay osay eythay ouldcay ogay afteryay allyay ethay adbay uysgay. Osay, Iyay oughtthay atyay ethay imetay, isthay isyay eatgray. Eviouslypray, unencryptedyay ataday asway airlyfay easyyay otay ecognizeray ybay ethay itbay eamstray atternspay, osay osethay ewfay ofyay usyay owhay otheredbay otay encryptyay ouldway indeedyay endsay outyay ataday atthay oundedsay ikelay oisenay andyay ybay atthay eryvay actfay eway ouldway ecomebay uspicioussay. Utbay ifyay everyoneyay entsay outyay encryptedyay ataday outinelyray, enthay osethay ofyay usyay owhay adhay eviouslypray encryptedyay (usingyay pGPay oryay ateverwhay) ouldway ebay esslay ecognizableray andyay oremay ecuresay.

    Ellway, atyay ethay imetay Iyay asway oldtay atthay asway allyay onsensenay ecausebay [insertyay echnogibberishtay erehay] andyay ymay anplay ouldn’tway orkway. Anyoneyay erehay ableyay otay explainyay otay emay inyay, umyay, Englishyay ywhay ityay ouldway oryay ouldn’tway?

  40. JPEG and PGP formats have definite structure (headers, dictionaries, etc.). Given a chunk of bytes it’s trivial to say “these form a JPEG file” and “these form a PGP file”.

    Your original claim was that the analysis was a function of randomness. Now you are talking about analysis based on pre-defined and well known byte layouts. Those are two wholly separate forms of analysis.

    I agree with Paul. Real world network traffic is far too difficult to broadly “sniff”. You need to be looking for specific types of data. And there is no general way to simply drop an encrypted packet, because individually, it is not pratical to identify a packet as being encrypted with any real certainty.

    I think the point of the O.P. should not be brushed off- what if all ISP’s were forced to drop all port 443 traffic?

    That will never, ever happen. The Internet would cease to exist as a medium of transacting business if strong encryption protocols were ever disallowed.

  41. So, in other words, the people who are willing to go to whatever lengths to avoid detection by the govt (eg, terrorists) will be under the radar, but the typical harmless citizen will be subject to govt agents […]

    Crimethink:

    I’m not sure how you gleaned this from my comments. I’m doing two things: describing encryption technology (limits and possibilities) and iterating my belief that the government has a hamfisted way of getting around mainstream efforts to obscure, hide or encrypt their communication. I will always go to whatever lengths to encrypt, obscure and hide what I need, have or want to say, from the government. I’m merely making an observation that mainstream methods of communication will always be subject to some level of government scrutiny, often by legislative fiat.

    Really, I’m writing a lament.

  42. But if everyone sent out encrypted data routinely, then those of us who had previously encrypted (using PGP or whatever) would be less recognizable and more secure.

    Well, at the time I was told that was all nonsense because [insert technogibberish here] and my plan wouldn’t work.

    D.A:

    It would work. Refer to my post on security through obscurity. Your argument is spot on: let everyone communicate in such a way, and by sheer anonymity you’ll be safe(er) from prying eyes. But getting this to happen is a social problem, not a technological one.

    I’ve tried (and seemingly failed) to make a point about mainstream communication methods. About how the masses don’t manually hack/tweak/alter their normal communiations to be encrypted, they rely on standardized, prepackaged options, if they desire to encrypt at all. The problem with a standard, is it can fall under govt purvue.

    Let me draw up a quick scenario.

    For some kind of encryption… say VoIP encryption to become used by…everyone, some kind of standard is probably going to be introduced. If I subscribe to Vonage, and you subscribe to AT&T, and the kid down the street uses Skype, and we all wanna chit chat via encrypted VoIP, we’re gonna have to agree on an encryption method. Plus, preset TCP ports will have to be used etc. etc. (techo gibberish- details not important). If the government steps in and says “We don’t want to be locked out of encryption standards” they don’t hassle you, or me, the user. They hassle the people with LARGE amounts of money, and market share at stake: Vonage, and AT&T. Vonage, and AT&T, wanting to 1. Stay in business and 2. not lose market share finally concede to some kind of standard which allows easy access by the feds. Skype may not play ball, sure, so the three Linux propeller heads are safe and sound, but they can’t talk to Vonage or AT&T users and be encrypted. But most non Linux Propeller heads, like, oh, my mom, or my Father in law, subscribe to the major ‘off the shelf’ players.

    Plus, aside from all this, you get into the issue– not of one on one communications– but mass communications between interrelated parties. H&R for instance, is a public forum. What encryption is going to save us from ‘the man’? Mass communications, which are arguably the centerpoints of social movements are… PUBLIC and usually open. So if H&R is found to be a hotbed of seditious activity by the feds, encryption isn’t the issue. Anonymity becomes the issue.

    So the problem of ‘privacy’ becomes rather sticky and complex. Simply ‘beating’ the government through encryption is only a tiny part of the problem we face.

    I could post another four paragraphs on this, but I’m already way long winded, and at this point, no one’s reading anymore.

  43. I think the point of the O.P. should not be brushed off- what if all ISP’s were forced to drop all port 443 traffic?

    Tat will never, ever happen. The Internet would cease to exist as a medium of transacting business if strong encryption protocols were ever disallowed.

    MP: You taketh me literally. I was making a point about the government forcing ISP’s to drop encrypted traffic based on a recognized standard. No, they’ll never drop 443 traffic. That wasn’t my point at all.

    Since we’re using VOIP as our baseline example, VOIP traffic goes across a specific port(s). If a standard of encryption is invented and the feds find it too hard (or impossible) to tap into, they may pass a law saying that all ISP’s must drop or not pass packets on port ‘XXX’ until the major VoiP providers agree to a masterkey based encryption standard.

  44. My goodness, what a bunch of gibberish. The first thing to remember is that you can’t trust the government, period.

    Second thing, when plotting, do the unusual. In todays electronc world, I continue to write letters using snail mail. FED EX, UPS, or USPS will deliver my secret plots, to my cell members. Not that this method is fool proof but their attention is focused on you all. Thanks.

  45. My goodness, what a bunch of gibberish. The first thing to remember is that you can’t trust the government, period.

    Second thing, when plotting, do the unusual. In todays electronc world, I continue to write letters using snail mail. FED EX, UPS, or USPS will deliver my secret plots, to my cell members. Not that this method is fool proof but their attention is focused on you all. Thanks.

  46. V2hlcmVhcywgb24gdGhlIHR3ZW50eS1zZWNvbmQgZGF5IG9mIFNlcHRlbWJlciwgaW4gdGhlIHllYXIgb2Ygb3VyIExvcmQgb25lIHRob3VzYW5kIGVpZ2h0IGh1bmRyZWQgYW5kIHNpeHR5LXR3bywgYSBwcm9jbGFtYXRpb24gd2FzIGlzc3VlZCBieSB0aGUgUHJlc2lkZW50IG9mIHRoZSBVbml0ZWQgU3RhdGVzLCBjb250YWluaW5nLCBhbW9uZyBvdGhlciB0aGluZ3MsIHRoZSBmb2xsb3dpbmcsIHRvIHdpdDoNCg0KDQoiVGhhdCBvbiB0aGUgZmlyc3QgZGF5IG9mIEphbnVhcnksIGluIHRoZSB5ZWFyIG9mIG91ciBMb3JkIG9uZSB0aG91c2FuZCBlaWdodCBodW5kcmVkIGFuZCBzaXh0eS10aHJlZSwgYWxsIHBlcnNvbnMgaGVsZCBhcyBzbGF2ZXMgd2l0aGluIGFueSBTdGF0ZSBvciBkZXNpZ25hdGVkIHBhcnQgb2YgYSBTdGF0ZSwgdGhlIHBlb3BsZSB3aGVyZW9mIHNoYWxsIHRoZW4gYmUgaW4gcmViZWxsaW9uIGFnYWluc3QgdGhlIFVuaXRlZCBTdGF0ZXMsIHNoYWxsIGJlIHRoZW4sIHRoZW5jZWZvcndhcmQsIGFuZCBmb3JldmVyIGZyZWU7IGFuZCB0aGUgRXhlY3V0aXZlIEdvdmVybm1lbnQgb2YgdGhlIFVuaXRlZCBTdGF0ZXMsIGluY2x1ZGluZyB0aGUgbWlsaXRhcnkgYW5kIG5hdmFsIGF1dGhvcml0eSB0aGVyZW9mLCB3aWxsIHJlY29nbml6ZSBhbmQgbWFpbnRhaW4gdGhlIGZyZWVkb20gb2Ygc3VjaCBwZXJzb25zLCBhbmQgd2lsbCBkbyBubyBhY3Qgb3IgYWN0cyB0byByZXByZXNzIHN1Y2ggcGVyc29ucywgb3IgYW55IG9mIHRoZW0sIGluIGFueSBlZmZvcnRzIHRoZXkgbWF5IG1ha2UgZm9yIHRoZWlyIGFjdHVhbCBmcmVlZG9tLg==

Please to post comments

Comments are closed.