Skip navigation
January 14, 2013

Does the FBI Need Better Hackers?

Try this for a counterintuitive method for protecting privacy:

"[A] better way to protect privacy and security on the internet may be for the FBI to get better at breaking into computers."

That's the recommendation put forward in a Wired opinion piece by Susan Landau, author of Surveillance or Security? The Risks Posed by New Wiretapping Technologies, and Matt Blaze of the Distributed Systems Lab at the University of Pennsylvania. Their basic argument is that there is increasing pressure to make the internet more wiretap-friendly, including mandatory wiretap backdoor capabilities in internet services. But this could have disastrous results, including even more crime than the wiretap capabilities themselves would be likely to prevent.

A potential solution, they propose, is to use existing vulnerabilities to carry out lawfully permitted wiretapping. At least these targeted exploits "are harder to abuse on a large scale than globally mandated backdoors in every switch, every router, every application, every device."

Here's the core of the argument:

Since the beginning of software time, every technology device — and especially ones that use the internet — has and continues to have vulnerabilities. The sad truth is that as hard as we may try, as often as we patch what we can patch, no one knows how to build secure software for the real world.

Instead of building special (and more vulnerable) new wiretapping interfaces, law enforcement can tap their targets’ devices and apps directly by exploiting existing vulnerabilities. Instead of changing the law, they can use specialized, narrowly targeted exploit tools to do the tapping.

It's an interesting argument - RTWT here.

Responses to the blog post