Matt Blaze's
EXHAUSTIVE SEARCH
Science, Security, Curiosity
Why the Protect America Act may not protect Americans
Is this the party on whom I am eavesdropping?

Most of the debate surrounding the Protect America Act -- hastily passed this summer and eliminating requirements for court orders for many kinds of government wiretaps -- has focused on the perceived need to balance national security against individual privacy. And while it's surely true that wiretap policy strikes at the heart of that balance, the specter of unrestrained government spying may not be the the most immediate reason to fear this ill-conceived and dangerous change in US law. Civil liberties concerns aside, the engineering implications of these new wiretapping rules, coupled with what we can discern about how they are being implemented, should be at least as unsettling to hawks as to doves.

My colleagues Steve Bellovin, Whit Diffie, Susan Landau, Peter Neumann, Jennifer Rexford and I just completed a brief analysis of the Protect America Act from the networking, surveillance and security engineering perspective. Our draft technical report, Risking Communications Security: Potential Hazards of the "Protect America Act" can be found at www.crypto.com/papers/paa-comsec-draft.pdf [pdf format].

Update 10/13/07: A less-technical version can be found at www.crypto.com/papers/paa-briefing.pdf [pdf format].

Update 10/22/07: A new (and slighty less drafty) draft of the full technical report is now online, at www.crypto.com/papers/paa-comsec-draft.pdf [pdf format].