Issue No.01 - Jan.-Feb. (2013 vol.11)
Steven M. Bellovin , Columbia University
Matt Blaze , University of Pennsylvania
Sandy Clark , University of Pennsylvania
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/MSP.2012.138
Mobile IP-based communications and changes in technologies, including wider use of peer-to-peer communication methods and increased deployment of encryption, has made wiretapping more difficult for law enforcement, which has been seeking to extend wiretap design requirements for digital voice networks to IP network infrastructure and applications. Such an extension to emerging Internet-based services would create considerable security risks as well as cause serious harm to innovation. In this article, the authors show that the exploitation of naturally occurring weaknesses in the software platforms being used by law enforcement's targets is a solution to the law enforcement problem. The authors analyze the efficacy of this approach, concluding that such law enforcement use of passive interception and targeted vulnerability exploitation tools creates fewer security risks for non-targets and critical infrastructure than do design mandates for wiretap interfaces.
Law enforcement, Computer security, Software, Privacy, Surveillance, Peer to peer computing, Technological innovation, law enforcement, surveillance, security, exploit, telecommunications, wiretap, Communications Assistance for Law Enforcement Act, CALEA, national security
Steven M. Bellovin, Matt Blaze, Sandy Clark, Susan Landau, "Going Bright: Wiretapping without Weakening Communications Infrastructure", IEEE Security & Privacy, vol.11, no. 1, pp. 62-72, Jan.-Feb. 2013, doi:10.1109/MSP.2012.138