Susan Landau on how FISA is a “gateway for hackers”

by on August 9, 2007 · 12 comments

Susan Landau, an engineer at Sun Microsystems and the author of Privacy on the Line: The Politics of Wiretapping and Encryption, has an op-ed in today’s Washington Post that builds on the FISA issues we discussed in our Tech Policy Weekly podcast yesterday. Her editorial is entitled, “A Gateway for Hackers: The Security Threat in the New Wiretapping Law.” In it she argues that:

Grant the NSA what it wants, and within 10 years the United States will be vulnerable to attacks from hackers across the globe, as well as the militaries of China, Russia and other nations.

Such threats are not theoretical. For almost a year beginning in April 2004, more than 100 phones belonging to members of the Greek government, including the prime minister and ministers of defense, foreign affairs, justice and public order, were spied on with wiretapping software that was misused. Exactly who placed the software and who did the listening remain unknown. But they were able to use software that was supposed to be used only with legal permission.

The United States itself has been attacked. … [and] U.S. communications technology is fragile and easily penetrated. While advanced, it is not decades ahead of that of our friends or our rivals. Compounding the issue is a key facet of modern systems design: Intercept capabilities are likely to be managed remotely, and vulnerabilities are as likely to be global as local. In simplifying wiretapping for U.S. intelligence, we provide a target for foreign intelligence agencies and possibly rogue hackers. Break into one service, and you get broad access to U.S. communications.

I have no idea if she is right, but this is scary stuff. I’d be interested in hearing what others think.

  • http://www.cato.org/people/harper.html Jim Harper

    This would be a good example of (ahem) Harper’s Law.

  • Perry E. Metzger

    I’m a security professional. My opinion is that she’s right.

    [Writing from a talk at the Usenix Security conference.]

  • Dale B

    The article The Athens Affair in the July IEEE Spectrum magazine has a pretty good description of the Greek cell phone tap scheme. Someone hacked into CO switch and modified the wire tap system software . It was much more complicated that this, read the article for details.

    I suppose a similar attack could succeed here, but it would be tough. Still, if there is a back door and someone is determined and skilled enough, they will figure out a way use it.

    BTW, Several weeks ago I complained about the lousy audio quality of the podcasts. Since the break you took a couple weeks ago, there has been a huge improvement in the audio quality. Thanks.

  • http://www.cato.org/people/harper.html Jim Harper

    This would be a good example of (ahem) Harper’s Law.

  • Perry E. Metzger

    I’m a security professional. My opinion is that she’s right.

    [Writing from a talk at the Usenix Security conference.]

  • Dale B

    The article The Athens Affair in the July IEEE Spectrum magazine has a pretty good description of the Greek cell phone tap scheme. Someone hacked into CO switch and modified the wire tap system software . It was much more complicated that this, read the article for details.

    I suppose a similar attack could succeed here, but it would be tough. Still, if there is a back door and someone is determined and skilled enough, they will figure out a way use it.

    BTW, Several weeks ago I complained about the lousy audio quality of the podcasts. Since the break you took a couple weeks ago, there has been a huge improvement in the audio quality. Thanks.

  • http://www.techliberation.com/ Tim Lee

    Dale: I’m glad you’ve been finding the audio quality more to your liking. I’ve been trying to watch the levels on the audio more closely, and I guess it’s been helping. Please do speak up if you have any further suggestions for improving the audio quality. And thanks for listening!

  • http://www.techliberation.com/ Tim Lee

    Dale: I’m glad you’ve been finding the audio quality more to your liking. I’ve been trying to watch the levels on the audio more closely, and I guess it’s been helping. Please do speak up if you have any further suggestions for improving the audio quality. And thanks for listening!

  • http://lippard.blogspot.com/ Jim Lippard

    I agree. Attackers are way ahead of defenders in many ways (see Richard Bejtlich’s two-part report on the most recent Black Hat Briefings).

  • http://lippard.blogspot.com/ Jim Lippard

    I agree. Attackers are way ahead of defenders in many ways (see Richard Bejtlich’s two-part report on the most recent Black Hat Briefings).

  • http://90percenttrue.com Cody

    Um, Jim, I’m not quite sure what my visit to Down House has to do with Richard Bejtlich’s two-part report on the recent Black Hat Briefings, but thanks the for the plug!

  • http://90percenttrue.com Cody

    Um, Jim, I’m not quite sure what my visit to Down House has to do with Richard Bejtlich’s two-part report on the recent Black Hat Briefings, but thanks the for the plug!

Previous post:

Next post: