A cheap new encryption technology for mobile phones completely blocks eavesdropping, even from warrant-wielding law enforcement agents – raising fears the technology could fall into the hands of terrorists or criminals.
The software poses a growing problem that U.S. law enforcement agencies call “going dark” – the spread of communications technologies that cannot be intercepted even with a warrant because agencies lack the technical capabilities.
But experts say the feds’ proposed solution to get around the blackout – by legally mandating the insertion of “back doors” into such software to allow eavesdropping – creates an opening which could be exploited by hackers, online criminals or cyberspies.
The issue is not unique to the United States. Intelligence and counter-terrorism officials in the United Kingdom are concerned about the new mobile phone application, called Seecrypt, according the London Mail on Sunday.
The app provides individual users with military grade encryption — sending voice and text over the Internet in an a scrambled data stream that can only be deciphered by another user.
The new application, which is free to download and will cost $3 a month, is made by a South African-based company, Porton Group, that boasts “we don’t comply” with such mandates, said CEO Harvey Boulter. The program does not have a “Legal Intercept” capability, said Mr. Boulter.
“Seecrypt is about empowering people to take back their own privacy,” he added in an email to The Washington Times. Even so-called meta-data — information about which numbers called in or were called, and when and for how long — is stored in a secure private network to which only users have the key.
But he promised the company “would work with law enforcement agencies to make sure this does not get misused.
“Simply put if asked by the authorities the license can be revoked instantaneously,” he said, effectively cutting the user off from the service.
Last year, the U.S. company Silent Circle caused consternation in law enforcement circles when they launched a similar package here.
U.S. law enforcement responded by renewing its push for an update of the 1994 Communications Assistance for Law Enforcement Act, or CALEA.
The law currently applies only to telecommunications providers, though the Federal Communications Commission extended it in 2004 to apply to many Internet service and Web-based phone service providers. It requires covered service providers to make their products “wiretap ready.”
In a series of meetings with industry executives, reported earlier this month by CNet news, FBI director Robert Mueller has been urging Internet companies not to oppose an update to CALEA, which would extend the “wiretap ready” mandate to all kinds of Internet-based realtime communications services like instant messaging and chat, Skype, Google Hangouts and even Xbox Live.
But the installation of special software “backdoors” in to allow law enforcement to conduct court-authorized wiretaps creates an obvious vulnerability that can be exploited by anyone with the requisite skills, found a report last week by a group of leading encryption experts and other engineers.
“Building holes and backdoors into widely-available software and services creates vulnerabilities that can be exploited by a range of bad actors, including hackers, individual employees at the software companies and government officials in the numerous countries that will expect the same access afforded to the FBI,” wrote Ohio State law Professor and privacy scholar Peter P. Swire.