Yesterday Cisco Systems announced a new plan to include "private doorbells" in its routers. The company says it's a great way to protect everyone's personal information online. So why are privacy groups crying foul?
The approach made public yesterday by 13 of the largest technology firms will lead to an Internet that's easily wiretappable -- it's the online equivalent of the reviled Digital Telephony (CALEA) law planned for the phone system. Currently, when law enforcement agents want to snoop on you online (let's assume they've got a court order), they're in for a rather difficult time. Reading your e-mail is one thing. But knowing what you're doing every minute? "Unless the industry provides them with a way to do it, it's not clear they could", admits Dan Scheinman, Cisco's vice president of legal and government affairs.
ClearZone makes it easy. Here's how it works: Connections between your Internet provider (technically, your ISP's router) and the rest of the Net are scrambled with the triple-DES encryption algorithm. (ClearZone does not encrypt information humming along your modem's wire or the office LAN.) When the FBI or local police want to spy on you, they hand a court order to your sysadmin. As soon as he flicks a "network control switch", the Cisco software begins to surreptitiously record everything you type or do online -- before it's encrypted. That information is bundled into a file that the cops can pick up at the end of the day. "What we've tried to do is figure out an industry standard way to comply with a warrant", Scheinman tells us. A dozen other firms, including Microsoft, Netscape, Network Associates, and Sun Microsystems, have endorsed this approach.
What irks free-market and privacy groups is that Cisco and its allies wouldn't have offered such products without government pressure. They point to ClearZone as another example of the FBI wielding restrictions on overseas shipments of encryption products to gain increased surveillance capability at home. "This proposal would turn every computer router into a secret agent for the FBI", complains Dave Banisar, an attorney with the Electronic Privacy Information Center. Other groups, such as the ACLU, argue with some justification that all wiretaps violate the Bill of Rights because they capture too much information -- and it's hard to imagine that ClearZone's dragnet approach is any better.
To Cisco, though, it's a way to compete with overseas firms that aren't hamstrung by FBI-backed export regs. "The problem is we can't export" products with strong crypto, says Scheinman. He says Cisco asked for export approval late last week and expects to hear back within the required 90 days. Scheinman also says that, in the end, "customers want to comply with warrants", and ClearZone lets them do it with few hassles.
Still don't like it? You can always protect against overbroad wiretaps and nosy sysadmins by running encryption software on your own computer, rather than relying on your ISP to protect your privacy. Although some privacy advocates caution that widespread acceptance of network-level backdoors may make it easier for the FBI to ban encryption in application software (fewer people will want it), it's still perfectly legal to scramble all your e-mail with PGP.