Thursday, October 21, 2010

On the Government's request for more wiretapping regulation

The news that the federal law enforcement wants new regulations in order to make wiretapping easier is about a month old now and there are a number of pieces explaining why it's a bad idea, e.g. EFF, Steve Bellovin.

With my engineer's hat on and having designed secure systems, this regulation would be a nightmare. Effectively to add the ability to wiretap a secure system adds so much complexity that it would have a huge negative impact on the security of the system.

Every secure system can be used for good and bad. Yes, there will always be bad guys using them, but there will always be lots more good guys using them for good purposes, and if we weaken the systems we hurt the good guys more than the bad. Usually much more, because good guys obey the law, while bad guys don't.

Installing a backdoor in a system reminds me of the online poker scandal a couple years ago, where a backdoor was built into the online poker games for development was used for cheating. I grant that while the technical details in that case are largely unknown and its likely there could have been better security, but it's an example of how such backdoors get used: if there is something of value to be gained and the backdoor is there, bad guys will figure out how to use it.