Quick Study

By Brian Robinson

Blog archive

Administration's wiretapping push could damage cloud security

In another case of unintended consequences, now come warnings that the Obama administration’s call to Internet service providers and other firms to make it easier for the FBI to tap into online communications could damage attempts to tighten security in the cloud.

Security research firm Securosis says that the proposal, which is aimed at denying terrorists and other groups the advantage of encrypted communications, will create “a single point of security failure within organizations and companies that don’t have the best security track record to begin with.”


Related stories:

Big Brother wants to surf the Net with you

Why cybersecurity experts can never rest

Security washes out cloud savings

Who owns data in the cloud? The answer could get tricky.


The administration’s proposal specifically targets peer-to-peer communications, requiring companies that deliver these types of services to redesign them to allow interception. There’s only a limited number of ways to do that, Securosis says, and each of them creates new opportunities for security failures. Those failures are also likely to be detectable by bad guys with some fairly basic techniques, it says.

ReadWriteWeb, which provided the initial link to the Securosis post, points out that means nothing but trouble for cloud providers. Instead of locking the cloud down tighter, this proposal would create an always-open backdoor into the cloud.

Government clouds are mostly behind the firewall now, but at some point they’ll have to connect to public services if they want to make full use of the cloud. If Securosis is right, the administration’s proposal might serve to throttle the use of the cloud by the feds, who are paranoid about its security, at the same time that the White House is trying to promote it.

 

Posted by Brian Robinson on Sep 29, 2010 at 12:20 PM


Rising Stars

Meet 21 early-career leaders who are doing great things in federal IT.

Featured

  • SEC Chairman Jay Clayton

    SEC owns up to 2016 breach

    A key database of financial information was breached in 2016, possibly in support of insider trading, said the Securities and Exchange Commission.

  • Image from Shutterstock.com

    DOD looks to get aggressive about cloud adoption

    Defense leaders and Congress are looking to encourage more aggressive cloud policies and prod reluctant agencies to embrace experimentation and risk-taking.

  • Shutterstock / Pictofigo

    The next big thing in IT procurement

    Steve Kelman talks to the agencies that have embraced tech demos in their acquisition efforts -- and urges others in government to give it a try.

  • broken lock

    DHS bans Kaspersky from federal systems

    The Department of Homeland Security banned the Russian cybersecurity company Kaspersky Lab’s products from federal agencies in a new binding operational directive.

  • man planning layoffs

    USDA looks to cut CIOs as part of reorg

    The Department of Agriculture is looking to cut down on the number of agency CIOs in the name of efficiency and better communication across mission areas.

  • What's next for agency cyber efforts?

    Ninety days after the Trump administration's executive order, FCW sat down with agency cyber leaders to discuss what’s changing.

Reader comments

Fri, Oct 15, 2010

'These reactions are silly. Essentially the entire world has long had similar requirements as those being requested by the US DOJ. Those requirements have associated standards and the capabilities implemented. This dialogue is typical US-centric banter.' Uh, just because the rest of the world does it, does not make it right. People started this country to get away from submitting to whims of kings and potentates. Freedom has risks, but I am not willing to trade less freedom for fewer risks.

Tue, Oct 5, 2010 Jack Druides California

"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." Will someone please explain how the 4th Amendment allows the government to even consider building back doors into the Internet?

Fri, Oct 1, 2010 GlobalView Europe

These reactions are silly. Essentially the entire world has long had similar requirements as those being requested by the US DOJ. Those requirements have associated standards and the capabilities implemented. This dialogue is typical US-centric banter.

Thu, Sep 30, 2010 RayW

As was commented on in another thread on the next Obama plan to "make us safe", the more you add taps, the less secure you make things since whatever man (or woman if you want to be today's politically correct) makes, someone else will be able to use/break.

While the dreaded 'Bush' phone monitor program of post 9/11 did find several plots that I know of (and I only had a very small window of visibility, not even state wide), the monitoring of phone lines did not open gaps that many other folks could easily exploit. Adding back doors to access all forms of internet usage that could constitute "peer to peer" communications and encrypted communications would open up a lot of holes that would affect not only Joe and Jane Six Pack, but commerce, industry, finance, and others. The more back doors put on communications and internet access, the better the chance that your bank account and identity will be available for someone else.

Besides, how do you define peer to peer? There are many ways to communicate over the net and pass messages that are encrypted, and many different encryption variations, how do you get back doors on all of them? Make ISPs have to add back doors and maintain them, and guess what will happen to internet rates? Obama will not pay for it out of his various incomes, we will out of what we have left if we want the access still.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group