Government Backdoors Letting in the Wrong People?Recently I wrote about the allegedly Chinese cyber attack on Google and how it highlighted a point that the ACLU and security experts have been making for years — that creating government backdoors into our communications network for the purpose of surveillance creates security problems. Security expert Bruce Schneier subsequently wrote about the same issue at greater length in this excellent CNN piece. And yesterday, security researchers reported more specifically on how government-required backdoors built into Cisco's routers have created security vulnerabilities. As Forbes.com reports, In a presentation at the Black Hat security conference Wednesday, IBM Internet Security Systems researcher Tom Cross unveiled research on how easily the "lawful intercept" function in Cisco's IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims' online behavior. Nor should that vulnerability be regarded as a freak thing — to the contrary, it is probably the tip of the iceberg: Cisco, in fact, is the only networking company that … makes its lawful intercept architecture public, exposing it to peer review and security scrutiny. The other companies keep theirs in the dark, and they likely suffer from the same security flaws or worse. "Cisco did the right thing by publishing this," says Cross. "Although I found some weaknesses, at least we know what they are and how to mitigate them." And now, in a potential Great Leap Forward for the "Surveillance-Industrial Complex,"Google is working on partnering with the NSA. Probably the two biggest collectors of personal communications data in the world teaming up? Details are scarce, but the very concept brings to mind the phrase "marriage made in hell." At a time when some are pushing to increase law enforcement access to Americans' communications, policymakers need to take a hard look at these systems. |
© ACLU, 125 Broad Street, 18th Floor New York, NY 10004 |
One important law in that regard is the prohibition on politically partisan activity. Given our nonprofit status, we may not endorse or oppose candidates for elective office. That means we cannot host comments on our site that show a preference for one candidate or party. Although we in no way wish to discourage you from that activity elsewhere, we ask that you not engage in that activity on our website (or include links to other websites that do so). Additionally, given that we are subject to very specific rules concerning the collection of personally identifying information through our website (names, email addresses, home address, financial information, etc.), we ask that you not use the comments portion of this blog to solicit this information from users of our website. We also ask that you not use the comments portion for advertising or requests for legal assistance, and do not add to your comment links to other websites, as we cannot be responsible for the content on other websites.
We are not able to respond to unsolicited inquiries, complaints or requests for assistance sent to this blog. Please direct your complaint or request for assistance to the ACLU affiliate in your state. Requests for legal assistance left in the blog comments will not receive a response or be published.
Finally, the ACLU cannot guarantee the accuracy, completeness or usefulness of any information in the comment section and expressly disclaims any liability for any information in this section.