Administration's wiretapping push could damage cloud security
If Internet service providers give the FBI backdoor access to online communications, the bad buys might benefit as well, notes blogger Brian Robinson.
In another case of unintended consequences, now come warnings that the Obama administration’s call to Internet service providers and other firms to make it easier for the FBI to tap into online communications could damage attempts to tighten security in the cloud.
Security research firm Securosis says that the proposal, which is aimed at denying terrorists and other groups the advantage of encrypted communications, will create “a single point of security failure within organizations and companies that don’t have the best security track record to begin with.”
Related stories:
Big Brother wants to surf the Net with you
Why cybersecurity experts can never rest
Security washes out cloud savings
Who owns data in the cloud? The answer could get tricky.
The administration’s proposal specifically targets peer-to-peer communications, requiring companies that deliver these types of services to redesign them to allow interception. There’s only a limited number of ways to do that, Securosis says, and each of them creates new opportunities for security failures. Those failures are also likely to be detectable by bad guys with some fairly basic techniques, it says.
ReadWriteWeb, which provided the initial link to the Securosis post, points out that means nothing but trouble for cloud providers. Instead of locking the cloud down tighter, this proposal would create an always-open backdoor into the cloud.
Government clouds are mostly behind the firewall now, but at some point they’ll have to connect to public services if they want to make full use of the cloud. If Securosis is right, the administration’s proposal might serve to throttle the use of the cloud by the feds, who are paranoid about its security, at the same time that the White House is trying to promote it.