The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.01 - January/February (2008 vol.6)
pp: 24-33
Matt Blaze , University of Pennsylvania
Whitfield Diffie , Sun Microsystems
Steven M. Bellovin , Columbia University
Peter G. Neumann , SRI International
Jennifer Rexford , Princeton University
ABSTRACT
A new US law allows warrantless wiretapping whenever one end of the communication is believed to be outside national borders. This creates serious security risks: danger of exploitation of the system by unauthorized users, danger of criminal misuse by trusted insiders, and danger of misuse by government agents.
INDEX TERMS
Protect America Act, wiretapping, surveillance, civil liberties, US wiretap law
CITATION
Matt Blaze, Whitfield Diffie, Steven M. Bellovin, Peter G. Neumann, Jennifer Rexford, "Risking Communications Security: Potential Hazards of the Protect America Act", IEEE Security & Privacy, vol.6, no. 1, pp. 24-33, January/February 2008, doi:10.1109/MSP.2008.17
REFERENCES
1. V. Prevelakis and D. Spinellis, "The Athens Affair," IEEE Spectrum, July 2007, pp. 18–25.
2. P. Kiefer, "Phone Taps in Italy Spur Rush toward Encryption," New York Times,29 Apr. 2007; www.nytimes.com/2007/04/29/technology29cnd-encrypt.html?ex=1335499200&en=aa06d98a600afc6f&ei=5088&partner=rssnyt&emc=rss .
3. W. Diffie and S. Landau, Privacy on the Line: The Politics of Wiretapping and Encryption, updated and expanded edition, MIT Press, 2007.
4. US Code, Title 50, section 1801(i), 1978.
5. US Code, Title 50, section 1801(f), 1978.
6. Protect America Act, section 105(a) 2007.
7. United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 Jan. 2006.
8. Exhibit A in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
9. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
10. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006.
11. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 15.
12. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 12–14.
13. M. Klein affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 7.
14. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, p. 24.
15. J.S. Marcus affidavit in Tash Hepting et al. v. AT&T Corporation et al., United States Second District Court for Northern California, Case 3: 06-cv-0672-vrw, 8 June 2006, pp. 24–25.
16. C. Cortes, D. Pregibon, and C. Volinsky, "Computational Methods for Dynamic Graphs," AT&T Shannon Labs, 9 Jan. 2004.
17. G. Danezis, "Introducing Traffic Analysis: Attacks, Defences and Public Policy Issues" http://research.microsoft.com/users/gdane/ papersTAIntro.pdf.
18. F. Schneider (ed.), Trust in Cyberspace, Computer Science and Telecommunications Board, National Research Council, 1999, p. 36.
19. R. Clayton, Anonymity and Traceability in Cyberspace, Univ. of Cambridge Computer Lab, tech. report 653, Nov. 2005.
20. S. Bellovin et al., "Security Implications of Applying the Communications Assistance to Law Enforcement Act to Voice-over IP," 2006; www.itaa.org/news/docsCALEAVOIPreport.pdf .
21. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, p. 418.
22. EFF v. Department of Justice, Civil Action No. 06-1708-CKK (D.D.C.) (filed 3 Oct. 2006); www.eff.org/issues/foia061708CKK.
23. Information Assurance Section, US Federal Bureau of Investigation, "Controlled Interface 100 (CI-100) System Security Plan (SSP) DCS-3000 to EDMS,"16 April 2007.
24. S. Landau, "National Security on the Line," J. Telecommunications and High Technology Law, vol. 4, no. 2, 2006, pp. 433–434.
19 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool