Pierluigi Paganini May 08, 2012

Social Networks represent a rich mine of information of great interest for researchers, cybercriminals and government agencies. Analyzing the networks is possible to track detailed profile of any users, his relationships and his habits, the possibility to exercise the control of social networks is an actual form of power, the power of knowledge.

We have read different news regarding the effort spent by law enforcement and government agencies on the development of new tools and applications for the monitoring of the networks. FBI was one of the most active agency in this sense, in the last months it has publicly requested the design of a real time monitor for social network that have to be able to identify suspect behaviors that could be interpreted as indicator of presence for an ongoing crime.

According to CNET FBI is working to obtain a sort of backdoor in main social networks like Facebook and also in most used communication platforms such as Skype and Instant Messaging. The Federal Bureau of Investigation is interested to a backdoor for government surveillance, for this reason it is collaborating  with companies like Microsoft, Google and Yahoo.

The FBI has been lobbying top internet companies like Yahoo and Google to support a proposal that would force them to provide backdoors for government surveillance, according to CNET. The purpose of the collaboration between FBI and major IT companies and Internet services providers is tied to the will of the agency to arrive at the definition of legislation that allows law enforcement to have the controversial backdoor.

FBI desires the collaboration of the major player of the IT sector to implement specific backdoor stubs inside their products with intent to make them wiretap-friendly, the request is related to all those communication platforms, social network, email providers, chats and instant messaging.

In more than one occasion government agencies have highlighted the difficulties related to the monitoring new communication channels based on internet. Let’s remind that CALEA (Communications Assistance for Law Enforcement Act) passed in 1994every communication providers must make their system  wiretap-friendly, in 2004 the concept has been extended also to ISP by the Federal Communications Commission despite a non-application de facto of the major web companies.

Starting on the CALEA Act the FBI is interested to extend the regulation to any kind of communication made using internet has channel, this means that there will be a direct impact on VoIP communication used by famous platforms Skype and Xbox Live. Regarding the Xbox let me remind you that US Government has already committed a project to spy on the communication made through gaming platforms confirming the great interest of the administration to monitor any kind of networks and any kind of information circulating on it.

In February 2011, CNET reported that then-FBI general counsel Valerie Caproni was planning to warn Congress of what the bureau calls its “Going Dark” problem, illustrating how the wiretapping capabilities were being reduced with the progress of technology.

Caproni singled out “Web-based e-mail, social-networking sites, and peer-to-peer communications” as problems that have left the FBI “increasingly unable” to conduct the same kind of wiretapping it could in the past.

“Going Dark” is the FBI’s codename for its project to extend its ability to real time wiretap communications, it is born inside the bureau, employing 107 full-time expert starting from 2009.

Which are law enforcement today’s capabilities?

According the declaration of Electronic Frontier Foundation attorney Kevin Bankston FBI already can intercept messages on social-networking sites and Web-based e-mail services, the system used is known as Carnivore, later renamed DCS1000. The interception is possible because Facebook messages and Gmail messages travel in plain text over those same broadband wires for which the FBI demanded wiretapping capability.

The main problem is related to rapid technological evolution that make obsolescent surveillance systems in short time, due this reason the request of FBI to include a backdoor in any product that could be involved in communication, like social networking and also online games consoles.

Security and compromises

Of course the presence of a backdoor in the main product available on the market used for communication purpose could give a great advantage to law enforcement in the fight to cybercrime bet we cannot forget two fundamental aspects:

• Who and how will manage the acquired data. The line between monitoring and censorship is thin and we have observed in several countries questionable behavior approaching this kind of information.
• The presence of a backdoor proposes a great question under the security perspective. What would happen if a hostile government or group of cyber criminals could exploit the? It would be an unprecedented disaster. The problem therefore lies in the ability to manage such a critical feature, this issue is extremely complex.

Are we ready to address these issues? I’m afraid not, unfortunately

Pierluigi Paganini