Back to News & Commentary

Government Backdoors Letting in the Wrong People?

Jay Stanley,
Senior Policy Analyst,
ACLU Speech, Privacy, and Technology Project
Share This Page
February 4, 2010

Recently I wrote about the allegedly Chinese cyber attack on Google and how it highlighted a point that the ACLU and security experts have been making for years — that creating government backdoors into our communications network for the purpose of surveillance creates security problems.

Security expert Bruce Schneier subsequently wrote about the same issue at greater length in this excellent CNN piece.

And yesterday, security researchers reported more specifically on how government-required backdoors built into Cisco’s routers have created security vulnerabilities. As reports,

In a presentation at the Black Hat security conference Wednesday, IBM Internet Security Systems researcher Tom Cross unveiled research on how easily the “lawful intercept” function in Cisco’s IOS operating system can be exploited by cybercriminals or cyberspies to pull data out of the routers belonging to an Internet service provider (ISP) and watch innocent victims’ online behavior.

Nor should that vulnerability be regarded as a freak thing — to the contrary, it is probably the tip of the iceberg:

Cisco, in fact, is the only networking company that … makes its lawful intercept architecture public, exposing it to peer review and security scrutiny. The other companies keep theirs in the dark, and they likely suffer from the same security flaws or worse. “Cisco did the right thing by publishing this,” says Cross. “Although I found some weaknesses, at least we know what they are and how to mitigate them.”

And now, in a potential Great Leap Forward for the “Surveillance-Industrial Complex,”Google is working on partnering with the NSA. Probably the two biggest collectors of personal communications data in the world teaming up? Details are scarce, but the very concept brings to mind the phrase “marriage made in hell.”

At a time when some are pushing to increase law enforcement access to Americans’ communications, policymakers need to take a hard look at these systems.