What do you know about CALEA?
July 16, 2003 10:27 AM   Subscribe

Bob Cringely thinks the government's information gathering capability is a disaster waiting to happen. Does our government have too much faith in computers as a solution to our problems? Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.
posted by TedW (13 comments total)
Just as electronic voting is looked at skeptically by the computer-savvy among us, so should the use of computers to gather information.

I consider myself pretty computer savvy, but I'm not skeptical of the idea of electronic voting. I am pretty skeptical of that particular implementation of electronic voting, because it looks like a piss poor one (who the hell writes secure apps with VB and Access???). I don't think it means we should abandon the whole concept all together.

Same with government computer intelligence gathering. I have a little bit of an in on this, I guess, because I work for a defense agency that does IT and computer science work for the government. The fact is, this kind of argument has been around for years; that computers are getting too powerful, too intrusive, that we have an over-reliance on machines. I think that idea is bogus. Computers only do what engineers tell them to do, nothing more, nothing less. You can't ignore the human element.

Cringely's argument seems to be centered around a) CAELA, which still requires a federal warrant to use; and b) DARPA and TIA, which has since lost all it's funding and is a shelved project. TIA would have been unconstitutional anyway, and I'm pretty sure that if anything concrete came out of it, the ACLU would jump all over it.

He also seems to be trying to paint DARPA in a sinister light, which couldn't be further from the truth. DARPA is just a research agency, they don't build weapons or defense systems. They're a technology think tank/proving grounds. I wish I had time to find a list of some of the things that came out of DARPA and ARPA, but they famously invented the internet.
posted by SweetJesus at 11:25 AM on July 16, 2003

so should the use of computers to gather information

posted by clavdivs at 11:40 AM on July 16, 2003

In the late 1990s the Los Angeles Police Department conducted illegal wiretaps with CALEA technology involving thousands of phone lines and potentially hundreds of thousands of people at a time when the official annual report on wiretaps compiled by the Department of Justice said L.A. was conducting an average of around 100 wiretaps per year. Illegal convictions were obtained, property was illegally confiscated, civilian careers and lives were ruined, yet nobody was punished.

Cringely's argument seems to be centered around a) CAELA, which still requires a federal warrant to use;

yes, but only in the absence of a nod and a wink.
posted by quonsar at 11:49 AM on July 16, 2003

yes, but only in the absence of a nod and a wink.

Yeah, but my point is, is that if they're going to do something illegal, what does it matter if they use a new technology or an older technology? They're still doing something illegal. You can't look at technology as the cause of the problem.

Computers are very, very, very stupid. They're just able to do one thing (binary math) and do it very, very, very well and very fast. You can't blame the technology for doing something illegal, you need to blame the people behind it. Cops are corrupt, technology or no technology.
posted by SweetJesus at 11:58 AM on July 16, 2003

My concern from reading the article was less about the government (although I do think anything the government does bears close scrutiny; I also think he came down a bit hard on DARPA which has given us some good inventions). I am more worried about the lackadaisical attitude that ISPs, phonecos, and others responsible for implementing the technology take towards security.

For anyone wanting an in-depth look at DARPA, here is an official history of the organization as a 185 page PDF.
posted by TedW at 12:12 PM on July 16, 2003

Electronic voting in Brazil is a success, though.
posted by falameufilho at 12:14 PM on July 16, 2003

SweetJesus, the core problem Cringely is citing is not abuse by law enforcement, but that the infrastructure set up for use by law enforcement is so open to fraudulent use by anyone that it makes us, as a nation, less secure.

In this case, yes, it is the technology that is problem, because the technology is creating new vulnerabilities. Cringely's central argument is that, in fact, it creates more new vulnerabilities than it protects us against.
posted by NortonDC at 12:26 PM on July 16, 2003

The argument that CALEA requires a warrant doesn't really seem to do much to rebut the claim that CALEA is insecure and has possibly(probably? definitely?) been hacked.

If the existing wiretapping facilities are insecure, would you expect the same institutions to make the better, stronger, faster version of a new automated system secure? If so, then why(stipulating that CALEA actually is insecure) haven't they secured the existing systems?

Cringely's column seems less a warning about computers than about the failure of agencies responsible for operating these systems to take security seriously.

I would assume compromising a wiretap port on a telephone switch would result in enough charges to keep you either jailed or broke and in court for at least a decade or two. Apparently, that isn't standard operating procedure for oversight of these agencies and systems.
posted by dglynn at 12:29 PM on July 16, 2003

Securing things is hard. Generally people convince themselves something is secure by putting some procedural thing, in this case a warrant, with some consequence on its violation or a token symbol of security like a "Do not enter" sign.

This is all well and good but it doesn't do diddley-squat to secure something against someone who wants it. Someone who is willing to walk right through the door, take the risk of being caught, or flat doesn't even care if they die.

These types of systems are very centralized ( hence valuable ) collections of information and resources. They are skeleton keys to all sorts of normally protected or at least difficult to access systems. As such they are potentially tremendously subject to attack from outside and within.

Cringley's point, as mentioned above, is that these systems (highly invasive and powerful by design) are not guarded. He is making a point--I think a good one--that by omission we are providing access to people we certainly don't want to have it. These systems are supposed to protect us but they are secured such that they are open to our enemies.

Most people would be shocked if you told them that there was a box out on the corner that all you had to do is snip a small lock and you could listen to anyone's telephone in the city. Not only could you listen to their conversations but you could use their phones as microphones, etc, etc. Not concerned? What if this was a website you could go to? etc.
posted by rudyfink at 5:33 PM on July 16, 2003

The other problem with CALEA for law enforcement is that although a warrant is legally required to do a tap, there's no one to actually enforce the requirement. Ten years ago, the police had to show up at the telephone company and show them a warrant, and then some tech would hook aligator clips onto the line. Now, the telephone company isn't involoved, and the cops just have to punch some buttons on their computer. We of course trust them to never do this if they don't have a warrant.
posted by cameldrv at 5:55 PM on July 16, 2003

In other news, azazello thinks Bob Cringely has been full of shit for many years now.
posted by azazello at 7:16 PM on July 16, 2003

And yes, online voting rocks. When implemented properly, that is, with secure protected crypto chips, a fully secure authentication path from a user's smart card (issued by the government) to a publicly examined server running a signed open-source OS and a signed open-source vote counter, sending the user a signed open-source applet.
posted by azazello at 7:21 PM on July 16, 2003

I live in GA, where electronic voting is done with proprietary equipment and software. There is no method for hand-counting or otherwise verifying votes independent of the computers. To top it off, these machines are windows-based, and I got the blue screen of death the first time I tried to use one (insufficient memory).
posted by TedW at 7:13 AM on July 17, 2003

« Older Copyright to the Revolution   |   Web Project Seeks to Digitize Religious Images for... Newer »

This thread has been archived and is closed to new comments