Trustless Computing Association

View Original

FBI/NSA wants to have access to end-points: UVST could ensure it can BUT just with a warrant

Prof. Ed Felten wrote on his blog on May 16th:

“The FBI argues that the Net is “going dark”—that they are losing their ability to carry out valid wiretap warrants. In fact, this seems to be a golden age of surveillance—more collectable communications are available than ever before, including whole new categories of information such as detailed location tracking. Regardless, the FBI wants Congress to require that voice, video, and text communication tools be (re-)designed so that lawful wiretap orders can be executed quickly and silently.

Our report focuses in particular on the drawbacks of mandating wiretappability of endpoint tools—that is, tools that reside on the user’s computer or phone. Traditional wiretaps are executed on a provider’s equipment. That approach works for the traditional phone system (wiretap in the phone company’s switching facility) or a cloud service like GMail (get data from the service provider). But for P2P technologies such as Skype, information can only be captured on the user’s computer, which means that the Skype software would have to be changed to add a virtual “wiretap port” that could be activated remotely without the user’s knowledge.”

The User Verified Social Telematics (“UVST”) concept developed by the Open Media Cluster and the Telematics Freedom Foundation could step into this discussion and provide a win win solution for both defenders and opponents of this FBI proposal.

UVST service, provided in a non-commercial way that does not fall under the legislation for network operators (in Italy, and maybe US?), could provide for a solutions that allows state security agencies to access end-points, but only if they have a warrant (based on probable cause), by providing for an innovative technological and organizational infrastructure that intrinsically guarantees users from its abuse.

Provided UVST research project delivers on its aims and promise (far from certain!), I could see it possible and advisable, that (as a consequence of ongoing NSA surveillance revelations) such FBI proposal could be emended by Congress, in coordination with both FBI and civil rights associations, to provide strong incentives and disincentive that all Internet communication end-points (devices and server rooms) be UVST certified. At some point in the future, after many years of very successful large-scale UVST deployments, it may be even become advisable that all non-UVST encrypted Internet traffic be recorded, and possibly blocked by security agencies.

Such possibility may be jump started by Open Web Next, a 6,5M€ research project – aimed at developing a new modular multi-platform mobile&TV platform and ecosystem for the Italian market, based on dual-run time OS (or hybrid) devices running both FirefoxOS and UVST – that integrates UVST organizational, procedural and technical infrastructure as the core mechanism to guarantee both content security and user privacy.
It is being presented as a proposal to a Lazio Region Grant, lead by us of the Open Media ClusterOpen Media Park and Telematics Freedom Foundation. It’s co-promoted and co-coordinated together with the Fondazione Ugo Bordoni (the research arm of Italy’s Ministry of Economic Development) that is also a partner. These are some of its confirmed partners: Tre Italia (part of H3G, 4th mobile operator in the world), Center for Cyber Intelligence and Information Security Sapienza,(Italy’s leading Cyber Intelligence research center), Hermes (Italy’s leading technical and legislative digital civil rights experts, similar to EFF in the US),Progesi/BV-Tech (leading Italian IT defense and security contractor), Freemantle Media (the largest TV content producer in the world), UCLA School of Cinema, Television and Theatre RemapCedeo/WimLabs (di Leonardo Chiariglione), IT Media Consulting. We are in active and extensive discussion with Tivu/Tivusat (owned by Rai, Mediaset, LA7, the top 3 Italian broadcaster to evolve their joint satellite and internet platforms) and others. We plan soon to propose participation to EFF (or epic.org) and Mozilla (makers of FirefoxOS).

We are glad for any comment, suggestions, support and leads that can help us further this project.

Prof. Ed Felten wrote on his blog on May 16th:

“The FBI argues that the Net is “going dark”—that they are losing their ability to carry out valid wiretap warrants. In fact, this seems to be a golden age of surveillance—more collectable communications are available than ever before, including whole new categories of information such as detailed location tracking. Regardless, the FBI wants Congress to require that voice, video, and text communication tools be (re-)designed so that lawful wiretap orders can be executed quickly and silently.

Our report focuses in particular on the drawbacks of mandating wiretappability of endpoint tools—that is, tools that reside on the user’s computer or phone. Traditional wiretaps are executed on a provider’s equipment. That approach works for the traditional phone system (wiretap in the phone company’s switching facility) or a cloud service like GMail (get data from the service provider). But for P2P technologies such as Skype, information can only be captured on the user’s computer, which means that the Skype software would have to be changed to add a virtual “wiretap port” that could be activated remotely without the user’s knowledge.”

The User Verified Social Telematics (“UVST”) concept developed by the Open Media Cluster and the Telematics Freedom Foundation could step into this discussion and provide a win win solution for both defenders and opponents of this FBI proposal.

UVST service, provided in a non-commercial way that does not fall under the legislation for network operators (in Italy, and maybe US?), could provide for a solutions that allows state security agencies to access end-points, but only if they have a warrant (based on probable cause), by providing for an innovative technological and organizational infrastructure that intrinsically guarantees users from its abuse.

Provided UVST research project delivers on its aims and promise (far from certain!), I could see it possible and advisable, that (as a consequence of ongoing NSA surveillance revelations) such FBI proposal could be emended by Congress, in coordination with both FBI and civil rights associations, to provide strong incentives and disincentive that all Internet communication end-points (devices and server rooms) be UVST certified. At some point in the future, after many years of very successful large-scale UVST deployments, it may be even become advisable that all non-UVST encrypted Internet traffic be recorded, and possibly blocked by security agencies.

Such possibility may be jump started by Open Web Next, a 6,5M€ research project – aimed at developing a new modular multi-platform mobile&TV platform and ecosystem for the Italian market, based on dual-run time OS (or hybrid) devices running both FirefoxOS and UVST – that integrates UVST organizational, procedural and technical infrastructure as the core mechanism to guarantee both content security and user privacy.
It is being presented as a proposal to a Lazio Region Grant, lead by us of the Open Media ClusterOpen Media Park and Telematics Freedom Foundation. It’s co-promoted and co-coordinated together with the Fondazione Ugo Bordoni (the research arm of Italy’s Ministry of Economic Development) that is also a partner. These are some of its confirmed partners: Tre Italia (part of H3G, 4th mobile operator in the world), Center for Cyber Intelligence and Information Security Sapienza,(Italy’s leading Cyber Intelligence research center), Hermes (Italy’s leading technical and legislative digital civil rights experts, similar to EFF in the US),Progesi/BV-Tech (leading Italian IT defense and security contractor), Freemantle Media (the largest TV content producer in the world), UCLA School of Cinema, Television and Theatre RemapCedeo/WimLabs (di Leonardo Chiariglione), IT Media Consulting. We are in active and extensive discussion with Tivu/Tivusat (owned by Rai, Mediaset, LA7, the top 3 Italian broadcaster to evolve their joint satellite and internet platforms) and others. We plan soon to propose participation to EFF (or epic.org) and Mozilla (makers of FirefoxOS).

We are glad for any comment, suggestions, support and leads that can help us further this project.